On 01/21/2013 08:28 AM, Roger No-Spam wrote: > Hi, > > VxWorks is listed in the "User Guide for the OpenSSL FIPS Object Module" > as a valid platform. > > The "User Guide for the OpenSSL FIPS Object Module" is also very clear > on that the build instructions must be followed precisely in order for > the FIPS validation to be valid. However, there are no build > instructions for VxWorks. Where can I find information build > instructions for VxWorks?
We have tested several VxWorks platforms for various FIPS 140-2 validations. It is perhaps the most difficult O/S of all in that context, and each VxWorks device has presented us with unique challenges. In the case of the VxWorks platform included in the open source based validation (#1747) we are unable to publicly release the detailed instructions as they document a proprietary device and cross-compilation toolkit. Based on our experience with other VxWorks devices those instructions are unlikely to be of much value for your particular circumstances anyway. Note the Security Policy imposes very specific requirements on the source code distribution and the specific build commands, in particular the canonical incantation; ./config make However, it does not impose specific requirements on the cross-compilation toolkit or build system, so if you succeed in building the module with an unmodified tarball and the canonical incantation then you could arguably claim coverage by the #1747 validation (assuming also of course that your device has a processor comparable to the formally tested one). Personally, given the ugliness of that RTOS for this purpose I'd be looking at a "change letter" mod or a private label validation. Or switching to something besides VxWorks :-) -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
