On Wed, May 10, 2006, Joe wrote: > Hi, > > Just a quick question with regarding to the OpenSSL-fips-1.0 version: > > I know in order to use fips validated module, an application has to > link with fipscanister.o. But looking at fips_canister.c, I saw a > bunch of assembly codes, my question is how portable is this code? > If I'm using a non-mainstream processor (e.g. a proprietary embedded > system), how hard/easy would it be to port fips_canister.c? >
The security policy document and the user guide will contain some info about how this works. However note that to be covered by this validation you cannot change anything in the OpenSSL-fips-1.0 version in any way nor can the build process be changed at all. The file fips_canister.c has a hash published in the security policy so you can't change that either. That effectively means that compilation has to be done natively and cross compilation isn't covered. If you are interested in a specific embedded system being covered in a follow up certification then you should contact OSSI. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
