--- Christopher Marshall <[EMAIL PROTECTED]> wrote: > I have a question about the FIPS 140-2 status of the openssl command line > tool. > > If I successfully compile openssl-fips-1.1.1 to obtain an openssl command > line tool linked > against > it (fipscanister.o), and I use that openssl commandline tool to encrypt a > file with a FIPS > approved cipher (for example, AES), would that use be considered FIPS 140-2 > compliant? > > Chris Marshall > >
I have another question. Sorry about not thinking of it before hitting send. In the OpenSSL FIPS 140-2 Security Policy pdf, section 2.6, it is noted that two test environments were used for obtaining FIPS 140-2 certification (HP-UX 11i + gcc 3.4.2 and IBM NetVista, Suse Linux 9.0 + gcc 3.3.1). It then ominously states that the result of compiling the FIPS source on other OS+compiler versions will be FIPS 140-2 compliant as long as the conditions described in IG G.5 are met. I downloaded the referenced "IG G.5" and it seems to be a long, complex document describing the FIPS 140-2 testing process. What I want to do is compile openSSL-fips-1.1.1 on HP-UX 11.11 with a recent gcc version and have the result be FIPS 140-2 compliant. Do I need to upgrade my OS to HP-UX 11i and only use gcc 3.4.2 or can I use HP-UX 11.11 with any recent gcc version? Chris Marshall ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
