On 01/29/2014 11:29 PM, sam1982 wrote: > Thanks Stevan for prompt reply. > > Just to confirm, you are saying that even if I upgrade openssl to 1.0.1f > from 1.0.1c, fips validation which is done on older version of openssl > libeay32.dll(1.0.1c) holds true. There is no change in FIPS object module > and validation is already done around 4 months ago. Please confirm my > understandings. > > Ajay
Ajay, no disrespect intended but you're in way over your head. You need to start by understanding what a FIPS 140-2 validation is and the critical distinction between the OpenSSL FIPS Object Module 2.0 (the "FIPS module") and other application software such as OpenSSL. Clear your calendar for a day or so, find a comfy chair, and read both the Security Policy: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf and the FIPS module User Guide: https://www.openssl.org/docs/fips/UserGuide-2.0.pdf Reading that stuff is a long slog, I know, but my attempt at a succinct response to your question wasn't adequate. On 01/29/2014 11:52 PM, sam1982 wrote: > I am reconfirming my understandings since there is some confusion > around > ... > -We have done FIPS validation from a private lab, but before > discussing with them we want to hear from openssl. > ... Ok, so you've confirmed my suspicion that you're attempting your own private label validation. You *really* need to ask these questions of the accredited test lab you're using for that work, as each lab has a distinctive approach. You can't mix and match input from multiple labs in one validation submission; the result would be even more incoherent than usual. Also (of critical importance) -- your test lab hay have defined the module boundary differently than was done for the OpenSSL FIPS Object Module. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct [email protected] [email protected] gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
