<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Yes, this has to do with the FIPS standards. I forget which
standard it is but the self tests are mandated to be run on each
device independently.<br>
<br>
The fipsinstall process runs the self tests before generating the
configuration file. If the self tests fail, the module doesn't
install. Copying the configuration file across avoids the self
tests and therefore isn't compliant.<br>
<br>
<br>
Pauli<br>
<br>
<br>
<div class="moz-cite-prefix">On 15/2/22 02:25, Richard Dymond wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANVKdYAfunVA6kDB+Dn9DCMSHt7C-uJ4YuxayLrmcA0EJhXfCA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_default" style="font-size:small">Hi</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">Probably a
dumb question, but why must the FIPS module configuration file
for OpenSSL 3.0 be generated on every machine that it is to be
used on (i.e. must not be copied from one machine to another)?</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">I just ran
'openssl fipsinstall' on two different machines with the same
FIPS module and it produced exactly the same output each time,
so presumably the reason has nothing to do with the config
file being unique to the machine.</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">Does it have
something to do with the FIPS standard itself?</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">Richard<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>