Short answer; no. There's more to running an application in FIPS approved mode
than just
linking against a properly generated fipscanister.o. Please refer to the
definitive
reference, the Security Policy
(http://csrc.nist.gov/cryptval/140-1/140sp/140sp733.pdf),
especially sections 4 and 5.
I have a question about the FIPS 140-2 status of the openssl command line tool.
If I successfully compile openssl-fips-1.1.1 to obtain an openssl command line
tool linked against
it (fipscanister.o), and I use that openssl commandline tool to encrypt a file
with a FIPS
approved cipher (for
FIPS mode must be explicitly entered into. I don't know if any of
the command line tools will make the FIPS entry call.
-Kyle H
On Feb 21, 2007, at 2:35 PM, Christopher Marshall wrote:
I have a question about the FIPS 140-2 status of the openssl
command line tool.
If I successfully
--- Christopher Marshall [EMAIL PROTECTED] wrote:
I have a question about the FIPS 140-2 status of the openssl command line
tool.
If I successfully compile openssl-fips-1.1.1 to obtain an openssl command
line tool linked
against
it (fipscanister.o), and I use that openssl commandline
Christopher Marshall wrote:
-I have another question. Sorry about not thinking of it before hitting send.
In the OpenSSL FIPS 140-2 Security Policy pdf, section 2.6, it is noted that
two test environments
were used for obtaining FIPS 140-2 certification (HP-UX 11i + gcc 3.4.2 and IBM
As long as fipscanister.o is compiled through the means specified in
the security policy (basically, ./config fips), the resulting
canister is considered validated for FIPS purposes.
I'll read through IG G.5 and summarize it when I get the chance,
probably later tonight -- but I would
Christopher Marshall wrote:
I have a question about the FIPS 140-2 status of the openssl command line tool.
If I successfully compile openssl-fips-1.1.1 to obtain an openssl command line
tool linked against
it (fipscanister.o), and I use that openssl commandline tool to encrypt a file
with a