Will my application be FIPS 140-2 Certified under following conditions?

Dipak B deepak.redmi2 at gmail.com
Wed Jul 3 16:54:49 UTC 2019


Dear Experts,

Can you please help me with the following question?

My win32 desktop application uses 'libcurl' to interact with web service,
in order to get my application FIPS 140-2 certified, following is the plan
which I arrived at after going through the 'User Guide' and 'Security
Policy' pdfs.

Plan:
a. After verifying HMAC-SHA1 of openssl-fips-2.0.16.tar.gz, build it to
generate fipscanister.lib (FOM) as windows static library.
b. Build libcurl as windows static library using above fipscanister.lib
c. Link my desktop application with above libcurl.lib after adding
FIPS_mode_set()

Questions:
a. On following points a, b,c, can I confirm that my application is FIPS
140-2 certified?
b.  fipscanister.lib is always static library and it can be substituted for
libssl.lib / ssleay.lib?

Thank you,
Deepak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190703/0216b0e2/attachment-0001.html>


More information about the openssl-users mailing list