[openssl-users] FIPS Object Module v2.0 and openssl security patches
Steve Marquess
marquess at openssl.com
Tue Feb 9 20:29:00 UTC 2016
On 02/09/2016 03:19 PM, cloud force wrote:
> Hello everyone,
>
> Would the FIPS Object Module v2.0 supposed to only work with the vanilla
> openssl library? If I apply the security patches to the openssl library,
> should the FIPS Object Module v2.0 still work without problems?
You should patch OpenSSL whether you use it with the FIPS module or not.
>From the perspective of the FIPS 140-2 validation, stock OpenSSL is just
application code and is out of scope. So you can patch/hack OpenSSL
proper as much as you want; as long as the intact FIPS module is built
per the mandated process its FIPS-ness is unaffected by OpenSSL.
-Steve M.
--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
More information about the openssl-users
mailing list