> It is not only fips_canister.c which cannot be modified. *NOTHING* in the > fips-1.0 tarball can be modified without invalidating the certification. There > is a published hash for that tarball in the security policy and it is > effectively frozen. > > The possibility of including minor non-cryptographic changes in a "fast > track" followup certification may exist.
Ah, I thought it was only the files listed with HMAC-SHA-1 signatures/hashes in Appendix B of the OpenSSL Security Policy PDF: http://oss-institute.org/images/OpenSSL_SecurityPolicy_FINAL.pdf Obviously, I was assuming (hoping) too much there :) We may be willing to sponsor or help sponsor a followup certification depending on $$. I would hope the goal is to support all platforms OpenSSL is capable of running on with the FIPS validation, so I hope my patch is not totally useless :) -Brad ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]