Re: FIPS and new releases of openssl

2008-11-10 Thread Steve Marquess
Justin A wrote: Hi Steve Marquess, What's the equivalent file for fipscanister.o on windows..? Let's see ... for the OpenSSL FIPS Object Module v1.1.1/1.1.2 it's fipscanister.o. For the upcoming v1.2 it will be fipscanister.lib. -Steve M. -- Steve Marquess Open Source Software Institute

Re: FIPS and new releases of openssl

2008-11-09 Thread Justin A
Hi Steve Marquess, What's the equivalent file forĀ  fipscanister.o on windows..? Thanks, Justin --- On Tue, 11/4/08, Steve Marquess <[EMAIL PROTECTED]> wrote: From: Steve Marquess <[EMAIL PROTECTED]> Subject: Re: FIPS and new releases of openssl To: openssl-users@openssl.

RE: FIPS and new releases of openssl

2008-11-04 Thread Paul Suhler
That's how FIPS 140 certification works. If *any* change is made to the thing that was certified, then it must reviewed and re-certified. If the change is small, then the review process can be short. The certifying lab has to ensure that the change didn't intentionally or unintentionally comp

Re: FIPS and new releases of openssl

2008-11-04 Thread Steve Marquess
David Schwartz wrote: ... Build the FIPS module, then fix the higher-level code, then build the rest of OpenSSL. So long as don't modify the source before building the FIPS module, you are fine. You can fix the code that doesn't go in the FIPS canister without violating FIPS, then link your fix

Re: FIPS and new releases of openssl

2008-11-04 Thread Steve Marquess
Roger No-Spam wrote: Hello, In appendix B of the openssl FIPS security policy it is stated that the module must be built with a particular tar file (openssl-fips-1.1.2.tar.gz) and a hmac hash value for the tar file is specified. Furthermore it is stated that there shall be no additions, dele

RE: FIPS and new releases of openssl

2008-11-04 Thread David Schwartz
> Hello, > > In appendix B of the openssl FIPS security policy it is stated > that the module must be built with a particular tar file > (openssl-fips-1.1.2.tar.gz) and a hmac hash value for the tar > file is specified. Furthermore it is stated that there shall be > no additions, deletions, or alt