On 09/05/2012 02:02 PM, Jason Todd wrote: > I just would like to verify this is correct. I've been digging through > the manuals but it would nice to just have a verification. > > 1) I plan to build a build environment (for Linux and Windows) that > matches what is specified in the 140sp1747.pdf and build the fipscanister > > 2) Then build openssl-fips with the generated fipscanister in my normal > build environment > > 3) And use fipsld in my normal build environment to link it into my > application > > 4) My application will also only use openssl-fips for crypto > > 5) I plan to document the above process > > > Assuming, I transfer the binaries over a 'secure path', I can assert > that my application uses "a validated fips component" ?
If you build the FIPS module as documented in the Security Policy, starting with a source tarball obtained from an official CD, then yes you are using a FIPS 140-2 validated cryptographic module. > Also, if you link openssl-fips into a shared library then link your > application against the shared library, do you have to do the shared > link over fipsld? I'm assuming that you do not. No, as the integrity test digest is already present in the shared library that contains the FIPS module. Just link applications referencing that shared library the usual way. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
