Hello Steve,
Do you know any fixes in the current 0.9.8k that also applicable to FIPS
module or there is none?
Thank you,
-Pandit
________________________________
From: Dr. Stephen Henson <st...@openssl.org>
To: openssl-users@openssl.org
Sent: Saturday, August 15, 2009 6:39:40 AM
Subject: Re: OpenSSL FIPS Module version 1.2
On Fri, Aug 14, 2009, Pandit Panburana wrote:
> Hello,
>
> I have a few questions about the FIPS module.
>
> 1) The current version of OpenSSL FIPS Module is 1.2. It is based on
> 0.9.8e and 0.9.8f of standard OpenSSL. The latest stable version is
> 0.9.8k. How are fixes get into validated FIPS module?
>
There have been no issues so far which have required any changed to the FIPS
module itself. The FIPS module is a tiny subset of a version of OpenSSL
between 0.9.8e and 0.9.8f. You can (and indeed *should*) use the current
version of OpenSSL 0.9.8 (currently 0.9.8k) with the validated moduled. That
way you get all the updates and fixes in the rest of OpenSSL.
> 2) The current procedure suggests that the FIPS module is built on the
> same target platform of the application. Is it possible that the target
> platform is different than the building platform but they both are x86
> base platforms (here OS is Linux but may have different version)?
>
As long as you follow the build procedure to the letter. You can use the
resulting binaries on any binary compatible platform.
> 3) Is there any work around for cross compilation?
>
Not without revalidation as this would require a different build procedure.
However there are many low cost ways to compile native code on all sorts of
platforms (e.g. ARM) which would avoid the need to cross compile.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
