Will my application be FIPS 140-2 Certified under following conditions?

openssl at foocrypt.net openssl at foocrypt.net
Thu Jul 4 03:09:39 UTC 2019


Deepak

Just take note of the FIPS 140-2 sunset, and rise of FIPS 140-3

140-3 Takes Effect: 9/22/19
140-3 New Testing Begins: 9/22/20
140-2 Sunset: 9/21/21
140-3 Mandated: 9/22/21

And best of luck ;)

https://www.federalregister.gov/documents/2019/05/01/2019-08817/announcing-issuance-of-federal-information-processing-standard-fips-140-3-security-requirements-for <https://www.federalregister.gov/documents/2019/05/01/2019-08817/announcing-issuance-of-federal-information-processing-standard-fips-140-3-security-requirements-for>

-- 

Regards,

Mark A. Lane   

© Mark A. Lane 1980 - 2019, All Rights Reserved.
© FooCrypt 1980 - 2019, All Rights Reserved.
© FooCrypt, A Tale of Cynical Cyclical Encryption. 1980 - 2019, All Rights Reserved.
© Cryptopocalypse 1980 - 2019, All Rights Reserved.

> On 4 Jul 2019, at 12:09, Kyle Hamilton <aerowolf at gmail.com> wrote:
> 
> Also, on question b: No.  You need to build a compatible version of openssl as specified in the User Guide, and link that version.  FIPS_mode_set() tells the library to always and only use the implementations in the FIPS canister; the canister does not replace the library entirely.
> 
> -Kyle H
> 
> On Wed, Jul 3, 2019, 11:55 Dipak B <deepak.redmi2 at gmail.com <mailto:deepak.redmi2 at gmail.com>> wrote:
> Dear Experts,
> 
> Can you please help me with the following question?
> 
> My win32 desktop application uses 'libcurl' to interact with web service, in order to get my application FIPS 140-2 certified, following is the plan which I arrived at after going through the 'User Guide' and 'Security Policy' pdfs.
> 
> Plan:
> a. After verifying HMAC-SHA1 of openssl-fips-2.0.16.tar.gz, build it to generate fipscanister.lib (FOM) as windows static library.
> b. Build libcurl as windows static library using above fipscanister.lib
> c. Link my desktop application with above libcurl.lib after adding FIPS_mode_set()
> 
> Questions:
> a. On following points a, b,c, can I confirm that my application is FIPS 140-2 certified?
> b.  fipscanister.lib is always static library and it can be substituted for libssl.lib / ssleay.lib?
> 
> Thank you,
> Deepak

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190704/ed773893/attachment-0001.html>


More information about the openssl-users mailing list