Re: Will my application be FIPS 140-2 Certified under following conditions?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Is the use of OpenSSL an actual legal requirement of the certification of
the FIPS object module, or just the easiest way to use it?

Difference would be particularly significant in case someone created code
to use the validated FOM 2.0 module with the OpenSSL 1.1.x feature
enhancements (as the project itself has indicated no desire to do so).

On 04/07/2019 04:09, Kyle Hamilton wrote:
Also, on question b: No.  You need to build a compatible version of openssl as specified in the User Guide, and link that version.  FIPS_mode_set() tells the library to always and only use the implementations in the FIPS canister; the canister does not replace the library entirely.

-Kyle H

On Wed, Jul 3, 2019, 11:55 Dipak B <deepak.redmi2@xxxxxxxxx <mailto:deepak.redmi2@xxxxxxxxx>> wrote:

    Dear Experts,

    Can you please help me with the following question?

    My win32 desktop application uses 'libcurl' to interact with web
    service, in order to get my application FIPS 140-2 certified,
    following is the plan which I arrived at after going through the
    'User Guide' and 'Security Policy' pdfs.

    Plan:
    a. After verifying HMAC-SHA1 of openssl-fips-2.0.16.tar.gz, build
    it to generate fipscanister.lib (FOM) as windows static library.
    b. Build libcurl as windows static library using above
    fipscanister.lib
    c. Link my desktop application with above libcurl.lib after adding
    FIPS_mode_set()

    Questions:
    a. On following points a, b,c, can I confirm that my application
    is FIPS 140-2 certified?
    b.  fipscanister.lib is always static library and it can be
    substituted for libssl.lib / ssleay.lib?





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux