[openssl-users] FIPS Object Module v2.0 and openssl security patches

Steve Marquess marquess at openssl.com
Tue Feb 9 20:29:00 UTC 2016

On 02/09/2016 03:19 PM, cloud force wrote:
> Hello everyone,
> Would the FIPS Object Module v2.0 supposed to only work with the vanilla
> openssl library? If I apply the security patches to the openssl library,
> should the FIPS Object Module v2.0 still work without problems?

You should patch OpenSSL whether you use it with the FIPS module or not.

>From the perspective of the FIPS 140-2 validation, stock OpenSSL is just
application code and is out of scope. So you can patch/hack OpenSSL
proper as much as you want; as long as the intact FIPS module is built
per the mandated process its FIPS-ness is unaffected by OpenSSL.

-Steve M.

Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list