David Schwartz wrote:
No you can't change anything at all in the validate source so you are SOL.
What if you made your own compiler that was identical to 'gcc' except that
when asked to define 'B_ENDIAN' it defines 'L_ENDIAN'? I realize this may
violate the spirit of the rule, but I believe it conforms to the letter.
FIPS 140-2 does not, alas, have really hard and fast rules in some
areas. Customizing a compiler would definitely put you in a gray area.
The CMVP accepts in general the notion that a "standard" system
configuration will yield functionally equivalent results from source
code -- just as binary code execution on equivalent "standard" systems
behave the same. Routine vendor software updates are also acceptable.
But when end users start tweaking standard vendor supplies components --
compilers, run-time libraries, whatever -- then all bets are off. I
can't tell you exactly where the dividing line is allowable and
forbidden modification because I don't have a feel for it myself -- the
FIPS 140-2 concepts like "crypto module boundary" are elusive.
But I think it's safe to say that a customization to any standard O/S
distribution component performed just for the purpose of modifying the
default OpenSSL FIPS Object Module build is not going to be considered
acceptable.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]