Deepak Just take note of the FIPS 140-2 sunset, and rise of FIPS 140-3
140-3 Takes Effect: 9/22/19 140-3 New Testing Begins: 9/22/20 140-2 Sunset: 9/21/21 140-3 Mandated: 9/22/21 And best of luck ;) https://www.federalregister.gov/documents/2019/05/01/2019-08817/announcing-issuance-of-federal-information-processing-standard-fips-140-3-security-requirements-for <https://www.federalregister.gov/documents/2019/05/01/2019-08817/announcing-issuance-of-federal-information-processing-standard-fips-140-3-security-requirements-for> -- Regards, Mark A. Lane © Mark A. Lane 1980 - 2019, All Rights Reserved. © FooCrypt 1980 - 2019, All Rights Reserved. © FooCrypt, A Tale of Cynical Cyclical Encryption. 1980 - 2019, All Rights Reserved. © Cryptopocalypse 1980 - 2019, All Rights Reserved. > On 4 Jul 2019, at 12:09, Kyle Hamilton <aerow...@gmail.com> wrote: > > Also, on question b: No. You need to build a compatible version of openssl > as specified in the User Guide, and link that version. FIPS_mode_set() tells > the library to always and only use the implementations in the FIPS canister; > the canister does not replace the library entirely. > > -Kyle H > > On Wed, Jul 3, 2019, 11:55 Dipak B <deepak.red...@gmail.com > <mailto:deepak.red...@gmail.com>> wrote: > Dear Experts, > > Can you please help me with the following question? > > My win32 desktop application uses 'libcurl' to interact with web service, in > order to get my application FIPS 140-2 certified, following is the plan which > I arrived at after going through the 'User Guide' and 'Security Policy' pdfs. > > Plan: > a. After verifying HMAC-SHA1 of openssl-fips-2.0.16.tar.gz, build it to > generate fipscanister.lib (FOM) as windows static library. > b. Build libcurl as windows static library using above fipscanister.lib > c. Link my desktop application with above libcurl.lib after adding > FIPS_mode_set() > > Questions: > a. On following points a, b,c, can I confirm that my application is FIPS > 140-2 certified? > b. fipscanister.lib is always static library and it can be substituted for > libssl.lib / ssleay.lib? > > Thank you, > Deepak