On Fri, Aug 14, 2009, Pandit Panburana wrote: > Hello, > > I have a few questions about the FIPS module. > > 1) The current version of OpenSSL FIPS Module is 1.2. It is based on > 0.9.8e and 0.9.8f of standard OpenSSL. The latest stable version is > 0.9.8k. How are fixes get into validated FIPS module? >
There have been no issues so far which have required any changed to the FIPS module itself. The FIPS module is a tiny subset of a version of OpenSSL between 0.9.8e and 0.9.8f. You can (and indeed *should*) use the current version of OpenSSL 0.9.8 (currently 0.9.8k) with the validated moduled. That way you get all the updates and fixes in the rest of OpenSSL. > 2) The current procedure suggests that the FIPS module is built on the > same target platform of the application. Is it possible that the target > platform is different than the building platform but they both are x86 > base platforms (here OS is Linux but may have different version)? > As long as you follow the build procedure to the letter. You can use the resulting binaries on any binary compatible platform. > 3) Is there any work around for cross compilation? > Not without revalidation as this would require a different build procedure. However there are many low cost ways to compile native code on all sorts of platforms (e.g. ARM) which would avoid the need to cross compile. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
