[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-dev
Subject:    New FIPS Validation Status Update
From:       Steve Marquess <marquess () opensslfoundation ! com>
Date:       2011-01-29 17:31:39
Message-ID: 4D444EFB.4040606 () opensslfoundation ! com
[Download RAW message or body]

An initial code commit has been made for the recently commenced OpenSSL
FIPS Object Module v2.0 effort, in CVS HEAD.   This preliminary step
establishes an interim framework for coordinating contributions from the
multiple contributers who are now joining this effort.  Note that a
decision on the final disposition of the FIPS specific code has not been
made, that may take the form of an entirely separate branch or we may
just define a new make target to create a FIPS module specific source
distribution.

The "fipscanisterbuild" target now completes successfully. The
fips_test_suite program works and all algorithm tests (from 1.2 module
version with the pre-2011 rules) pass for Unix architectures.  There is
no Windows support yet.  The corresponding OpenSSL ("fips" option) isn't
yet "FIPS capable".

Please note that this code as currently committed is not even close to
suitable for validation under the 2011 guidelines.  Extensive work on
the algorithms, algorithm self tests, and a new PRNG is still needed.

Please feel free to review and comment on the current interim code. 
Feedback on platform specific issues that could be easily corrected now
(and correctable later only with great difficulty or not at all) would
be particularly appropriate.  Note, however, that the resulting code as
eventually validated may not be usable on platforms for which no
suitable reference test platform has been included in the validation. 
Currently included test platforms are:

    Android on ARM
    VC++ Win32 on x86
    uClinux on ARM

Check the file README.FIPS in the source distribution regularly for
up-to-date status info.  Also see
http://www.openssl.org/docs/fips/fipsvalidation.html for more
information and updates on this effort.

-Steve M.

-- 
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877-673-6775
marquess@opensslfoundation.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]