On 02/09/2016 03:19 PM, cloud force wrote: > Hello everyone, > > Would the FIPS Object Module v2.0 supposed to only work with the vanilla > openssl library? If I apply the security patches to the openssl library, > should the FIPS Object Module v2.0 still work without problems? You should patch OpenSSL whether you use it with the FIPS module or not. >From the perspective of the FIPS 140-2 validation, stock OpenSSL is just application code and is out of scope. So you can patch/hack OpenSSL proper as much as you want; as long as the intact FIPS module is built per the mandated process its FIPS-ness is unaffected by OpenSSL. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
