Kyle Hamilton wrote:
...
There were plans for a "rolling validation", where fixes are rolled
into the next validation effort, but I haven't heard anything from
the Open Source Software Institute about that. My fear is that they
have no funding for such an effort.
Correct. At one point we though we would have an ongoing sponsorship,
but that didn't happen. Each validation requires a big (to us) lump of
cash for the test lab so without that funding we're stuck.
You can, however, use the OpenSSL FIPS Module 1.2 as a base, make the
changes you need for cross-compilation and such, and then get the
result blesse^Wvalidated.
This has been done, at least several times. Even if you can't use the
v1.2 validation directly it provides a useful template for a "roll your
own" validation. Given the many v1.2 based validations already on the
books that should be almost entirely a rubber stamp exercise, absent any
novel complications.
Although please note that if you decide to purchase your own validation,
use the *documentation* from v1.2 but the *source* tarball from the most
current 0.9.8. Since you're paying for the validation from scratch you
might as well use the most up-to-date software which has a number of
happy-to-glad improvements that can't be retroactively incorporated in
the existing validation.
-Steve M.
--
Steve Marquess
Open Source Software institute
marqu...@oss-institute.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
