On 12/08/2011 07:54 PM, Rick Davis wrote: > > I'm working on a cross-compile build of openssl-fips-1.2.3. > ... > > 2. ./Configure no-hw no-shared no-dso no-asm ... > ... > > 4. Modify main Makefile with: ... > > There is something here that I am missing to build the fips modules > correctly; the basic procedure in the user manual does not seem to > quite work here.
Unfortunately you have violated the Security Policy in several ways. No runtime options are allowed and no modifications of the source distributions are permitted, at all. In general a new cross compiled platform probably isn't going to fit in the constraints of the module as it currently exists, for the purposes of claiming FIPS 140-2 validation -- that's one reason we don't try to give general instructions. There is a procedural process that allows an existing validated module (validation #1051 in this case) to be modified (within certain limits) to accommodate new platforms. We have a couple of those modifications in process right now. These "change letter" modifications are less expensive and faster, by far, than a full validation but are still not painless and not free. I suspect that's your best option, contact me directly if you'd like more details. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com
