<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">The FOM is stand alone in theory. I.e. it isn’t mandatory to use OpenSSL 1.0 but the two are designed to work together and are very closely intertwined.<div class=""><br class=""></div><div class="">Moving the FIPS canister forward to 1.1 would be a lot of effort.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Pauli<br class=""><div class="">
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;">-- <br class="">Dr Paul Dale | Cryptographer | Network Security & Encryption <br class="">Phone +61 7 3031 7217<br class="">Oracle Australia</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;"><br class=""></div><br class="Apple-interchange-newline">
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On 4 Jul 2019, at 7:21 pm, Jakob Bohm via openssl-users <<a href="mailto:openssl-users@openssl.org" class="">openssl-users@openssl.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Is the use of OpenSSL an actual legal requirement of the certification of<br class="">the FIPS object module, or just the easiest way to use it?<br class=""><br class="">Difference would be particularly significant in case someone created code<br class="">to use the validated FOM 2.0 module with the OpenSSL 1.1.x feature<br class="">enhancements (as the project itself has indicated no desire to do so).<br class=""><br class="">On 04/07/2019 04:09, Kyle Hamilton wrote:<br class=""><blockquote type="cite" class="">Also, on question b: No. You need to build a compatible version of openssl as specified in the User Guide, and link that version. FIPS_mode_set() tells the library to always and only use the implementations in the FIPS canister; the canister does not replace the library entirely.<br class=""><br class="">-Kyle H<br class=""><br class="">On Wed, Jul 3, 2019, 11:55 Dipak B <<a href="mailto:deepak.redmi2@gmail.com" class="">deepak.redmi2@gmail.com</a> <<a href="mailto:deepak.redmi2@gmail.com" class="">mailto:deepak.redmi2@gmail.com</a>>> wrote:<br class=""><br class=""> Dear Experts,<br class=""><br class=""> Can you please help me with the following question?<br class=""><br class=""> My win32 desktop application uses 'libcurl' to interact with web<br class=""> service, in order to get my application FIPS 140-2 certified,<br class=""> following is the plan which I arrived at after going through the<br class=""> 'User Guide' and 'Security Policy' pdfs.<br class=""><br class=""> Plan:<br class=""> a. After verifying HMAC-SHA1 of openssl-fips-2.0.16.tar.gz, build<br class=""> it to generate fipscanister.lib (FOM) as windows static library.<br class=""> b. Build libcurl as windows static library using above<br class=""> fipscanister.lib<br class=""> c. Link my desktop application with above libcurl.lib after adding<br class=""> FIPS_mode_set()<br class=""><br class=""> Questions:<br class=""> a. On following points a, b,c, can I confirm that my application<br class=""> is FIPS 140-2 certified?<br class=""> b. fipscanister.lib is always static library and it can be<br class=""> substituted for libssl.lib / ssleay.lib?<br class=""><br class=""></blockquote><br class=""></div></div></blockquote></div><br class=""></div></body></html>