On 12/08/2011 07:54 PM, Rick Davis wrote:
I'm working on a cross-compile build of openssl-fips-1.2.3.
...
2. ./Configure no-hw no-shared no-dso no-asm ...
...
4. Modify main Makefile with: ...
There is something here that I am missing to build the fips modules
correctly; the basic procedure in the user manual does not seem to
quite work here.
Unfortunately you have violated the Security Policy in several ways. No
runtime options are allowed and no modifications of the source
distributions are permitted, at all.
In general a new cross compiled platform probably isn't going to fit in
the constraints of the module as it currently exists, for the purposes
of claiming FIPS 140-2 validation -- that's one reason we don't try to
give general instructions.
There is a procedural process that allows an existing validated module
(validation #1051 in this case) to be modified (within certain limits)
to accommodate new platforms. We have a couple of those modifications
in process right now. These change letter modifications are less
expensive and faster, by far, than a full validation but are still not
painless and not free. I suspect that's your best option, contact me
directly if you'd like more details.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
