The Security Policy is the document you need. Please see Steve Marquess's link to the official copy at NIST. The Security Policy explains everything, including what file you need to obtain, its HMAC, how to verify it, what you must do to retain validation of the canister, how to build the canister, and how to build a FIPS-valid version of OpenSSL using the canister built from the verified FIPS code.
-Kyle H On Fri, Jul 15, 2011 at 11:06 AM, Tatiana Evers <tev...@tet.com.br> wrote: > Hi, > > I'm using openssl (openssl-0.9.8r.tar.gz ) in a project, and now we want > certificate the software with FIPS certification, my question is if we must > have openssl-fips-1.2.3.tar.gz to use OpenSSL FIPS Object Module? In > openssl-0.9.8r.tar.gz project we already some fips files. What is the > difference between openssl-fips-1.2.3.tar.gz and openssl-0.9.8r.tar.gz? > > In User Guide I read the following: > > "The FIPS Object Module is the special monolithic object module built from > the special source distribution identified in the Security Policy. It is not > the same as the OpenSSL product or any specific official OpenSSL > distribution release." > > Regards, > > > Tatiana Evers tatiana.ev...@tet.com.br +55 51 3220 3433 > ================================================================= > Tools & Technologies - T&T > The Software Development Expert > > Rua Riachuelo, 1098 Conj. 1103 > Centro - Porto Alegre - CEP 90010-272 > Fone: +55 51 3220-3220 > http://www.tet.com.br > ================================================================= > > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org