On 01/29/2014 01:44 AM, sam1982 wrote: > We were using openssl 1.0.1c, built fipscanister.lib which is linked to > libeay32.dll and ssleay32.dll. The output files ( libeay32.dll ) were > submitted for FIPS validation. > Now after openssl 1.0.1f, we need to upgrade ssl library to version 1.0.1f. > But fips validation is already done on 1.0.1c. Do we need FIPS > revalidatation even security patch is in OpenSSL ? We are patching openssl > and the cyypto module.
This makes no sense. If you were using the OpenSSL FIPS Object Module (certificate #1747), then the OpenSSL version is irrelevant to that FIPS validation (OpenSSL proper is out of scope). If you've gone to a test lab and obtained some sort of private validation based on OpenSSL code, then you need to consult with that lab. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct [email protected] [email protected] gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
