Zamora, Robert wrote: > Is there a way to determine if OpenSSL binaries were compiled with the FIPS > "certified" module v1.2.x ? Compiling OpenSSL FIPS test module gives me the > same results using fips_test_suite. >
In a word, no, because some of the requirements for creation of the validated module are procedural and not technical. For instance, no build time options may be used even if they result in exactly equivalent binary code. Since the right process was not followed the resulting module is not considered validated, but no analysis of the binary code itself could reveal that circumstance. The only way to be really sure is to create the binaries yourself. Note you have the same problem with other binary validated modules received from a vendor; there is in general no practical way to confirm they shipped you the validated module you expected. BTW the term is "validated" not "certified". -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marqu...@opensslfoundation.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
