On 05/29/2013 05:40 AM, Abhijit Ray Chaudhury wrote: > Hi Steve, > > Thanks a lot for you clarification. > > The user guide states : > > ... > > > Now my question is since I have followed following clause: > --------------------------------------------------------------------------------- > "...There shall be no additions, deletions or alterations to the tar > file contents as used during module build..." > -------------------------------------------------------------------------------- > > Is the libeay32.dll thus produced a FIPS140-2 validated module.
Did you modify the tarball? Yes. Is modifying the tarball allowed? No. I didn't write that statement that appears so prominently on the NIST CMVP web site, but I can't think of a way to state it more clearly. You're confusing two different things: the requirements for claiming FIPS 140-2 validation, and getting the code to run. Most definitely not the same thing. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org