FIPS with Openssl 3.1
Stiju
stiju.easo at gmail.com
Mon Jul 8 10:26:59 UTC 2024
Hi,
I am working to package OpenSSL 3.1.x with my product.
As I prefer to be FIPS complaint, I would like to use FIPS module from
OpenSSL 3.0.9.
1) From the Documentation(
https://github.com/openssl/openssl/blob/master/README-FIPS.md) , what I
understood is,
I need to build and install OpenSSL 3.1.x to the location. and then
install fips from OpenSSL3.0.9 overlaying the 3.1.x install. Am I right
with my understanding? or is there any other way 3.1.x built with FIPS
module from 3.0.9. like in OpenSSL 1.0.x ( like using --with-fipsdir etc).
2) Also , I need conformation on FOM FIPS certification
I build fips.so from 3.0.9 source , can I claim FIPS
compliance directly based on the certificate (
https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4282)
given to the FOM. I am building OpenSSL on Alma Linux.
I assume its a yes, Please let me know if I am wrong.
--
Stiju Easo
The unexamined life is not worth living for man.
Socrates, in Plato, Dialogues, Apology
Greek philosopher in Athens (469 BC - 399 BC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240708/86e7bb21/attachment.htm>
More information about the openssl-users
mailing list