Hello all, I am going through the FIPS userguide and security policy documents and have a few questions. We have a proprietary kernel where we already have ported the openssl code. Our proprietary kernel is a monolithic kernel and to port the openssl library we had to modify the openssl code. A simple example of the modifications we had to do was to replace "include stdio.h" with our specific files. There were other modifications as well but all were tailored with getting the openssl sources to complie as part of our kernel and not any with the general ssl code as such.
Now we have plans to make our openssl FIPS Capable. Going through the Userguide and security doc looks like there are specific steps that need to be followed for a) compiling b) linking I can think of getting the fipscanister .o by following the exact compilation steps mentioned in the userguide and then point my modified ssl sources to use the above fipscanister.o.(I am not even sure that this is possible without modifications but lets assume it is for now) I am not sure of the linking step though because as i said ealrier we have a monolithic kernel that means i cannot use the fipsld uility. Also it being a monolithic kernel there is no seperation between the application and the fipscanister library. Is there any way i can make my implementaion of openssl FIPS capable and FIPS compliant ? thanks for your time smitha
