If I want to validate a stripped down module (let's say for simplicity just without the unwanted self tests), is there a fast way to do it, or I should expect a 6 months process?I also didn't quite understood what you meant in the last sentence: "Where FIPS validation is mandated operations considerations take second place."
Thanks, Avisar On Mon, Dec 22, 2008 at 1:46 AM, Steve Marquess <marqu...@oss-institute.org>wrote: > a_l t wrote: > >> I'm running it on TI DSP (C6455) and it takes around 1 minute. >> >> On Sun, Dec 21, 2008 at 10:28 PM, Victor Duchovni >> <victor.ducho...@morganstanley.com >> <mailto:victor.ducho...@morganstanley.com>> wrote: >> >> On Sun, Dec 21, 2008 at 05:28:14PM +0200, a_l t wrote: >> >> > I'm using the FIPS approved OpenSSL. In the initialization it runs >> > several self tests which take quite a long time. I use only several >> > algorithms from the OpenSSL, is there a way to remove the self >> > tests of the algorithms that I don't use (like DSA) without losing >> > the FIPS certification. >> >> How long do the self-tests take? >> > > Ouch. If you must enable FIPS mode you don't have many options. Find > some other faster product, if there is any; use a validated hardware device; > hack and validate a stripped down derivative of the OpenSSL FIPS Object > Module. Where FIPS validation is mandated operations considerations take > second place. > > -Steve M. > > -- > Steve Marquess > Open Source Software institute > marqu...@oss-institute.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
