Will my application be FIPS 140-2 Certified under following conditions?
Kyle Hamilton
aerowolf at gmail.com
Thu Jul 4 02:06:35 UTC 2019
Step a. needs to verified the digest with an existing FIPS 140-2 validated
cryptography implementation. Otherwise, to my understanding, this is the
correct sequence of events.
Do note that after building the fipscanister.lib, you will want to digest
it and print it on a certification letter that it was built as specified in
the Security Policy, signed and dated by the person who built it
(preferably also with details of the build chain). Also, when you build
anything that links that library, you will want to verify the digest
against that letter before linking, and write a new letter specifying the
product name and version, the digest of the output, and that it was also
built in accordance with the Security Policy. This should also be signed
and dated. (these letters will help establish for FIPS-requiring
procurement agencies that FIPS 140-2 conformance is achieved in,what they
are procuring from you.)
-Kyle H
On Wed, Jul 3, 2019, 11:55 Dipak B <deepak.redmi2 at gmail.com> wrote:
> Dear Experts,
>
> Can you please help me with the following question?
>
> My win32 desktop application uses 'libcurl' to interact with web service,
> in order to get my application FIPS 140-2 certified, following is the plan
> which I arrived at after going through the 'User Guide' and 'Security
> Policy' pdfs.
>
> Plan:
> a. After verifying HMAC-SHA1 of openssl-fips-2.0.16.tar.gz, build it to
> generate fipscanister.lib (FOM) as windows static library.
> b. Build libcurl as windows static library using above fipscanister.lib
> c. Link my desktop application with above libcurl.lib after adding
> FIPS_mode_set()
>
> Questions:
> a. On following points a, b,c, can I confirm that my application is FIPS
> 140-2 certified?
> b. fipscanister.lib is always static library and it can be substituted
> for libssl.lib / ssleay.lib?
>
> Thank you,
> Deepak
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190703/d4b7cb81/attachment.html>
More information about the openssl-users
mailing list