Build the FIPS Object Module issue on Ubuntu 18.04

Jakob Bohm jb-openssl at
Thu May 16 08:21:15 UTC 2019

On 16/05/2019 02:11, Paul Dale wrote:
> Just noting that any module built in this manner is *not* FIPS compliant.
> The distribution must be unmodified and build exactly as per the documentation.  Any change to the files or the build process renders the result invalid from a FIPS perspective.
Only deviations from the official process in creating the
fipscanister invalidates the FIPS validation.

The FIPS-capable OpenSSL is "outside the boundary" of the
FIPS module and can be changed at will.  This is why a new
FIPS validation is not needed every time OpenSSL releases
a bugfix to OpenSSL 1.0.x .  1.1.x will not have FIPS
support, and 4.y.x may lack this agility.


Jakob Bohm, CIO, Partner, WiseMo A/S.
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list