Roger No-Spam wrote:
Hello,
In appendix B of the openssl FIPS security policy it is stated that
the module must be built with a particular tar file
(openssl-fips-1.1.2.tar.gz) and a hmac hash value for the tar file is
specified. Furthermore it is stated that there shall be no
additions, deletions, or alterations of the set of files in the tar
file as used during module build.
The way I read this is that if you modify for instance the ASN.1 or
SSL code (in order to fix a bug), then the FIPS validation is
canceled. This does not make sense to me. Why can't higher level code
be bug fixed without FIPS validation being canceled?
FIPS 140-2 is as much ideology as technical analysis. It has the notion
of a "cryptographic module boundary" which I found surprisingly
non-intuitive at my first introduction to FIPS 140-2. Everything within
this boundary is sacrosanct and cannot be changed in any way, either
functionally or or cosmetically, not even to correct a serious flaw. So
if your module is a hardware device you can't change the placement of
components on the circuit board, even if the result is electronically
equivalent. If your module is software you cannot change a single bit of
machine code or data, regardless of the functional result (or lack thereof).
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]