Steve, Can 1.0.1-stable be successfully compiled with FIPS 2.0 test module at this time?
We experience linking errors due to conflicts between libcrypto and fipscanister that indicate otherwise. -Scott Steve Marquess-3 wrote: > >> Hi, >> >> I had a few questions regarding the new OpenSSL FIPS object module. >> >> 1) What would be the time frame for completing FIPS 2.0 validations? > > At present we anticipate the formal validation award in Q1 of 2012. The > original schedule has slipped from Q4 2011 due to a recent request by > our primary sponsors to increase the scope of the validation. > >> Also, around what time frame do you think will FIPS capable openssl >> 1.0.1 distribution be available for public use? > > That is ready now, in the 1.0.0 stable branch. Note the FIPS module > itself is *not* in that branch, use the purpose built snapshots instead > (ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-2011MMDD.tar.gz). > >> 2) Are the latest snapshot distributions of FIPS 2.0 & openssl 1.0.1 >> (found in ftp://ftp.openssl.org/snapshot/) in a state that can be >> used for private validation by us users? Or is it too early? > > Well, the currently available code in the repository is functional, > absent the new cryptography, as described in the earlier "call for > testing" > (http://www.mail-archive.com/openssl-users@openssl.org/msg64826.html). > So anyone is free to use that code as the basis for obtaining their own > FIPS 140-2 validation, and we expect that more than a few vendors will > do that. However, since the OpenSSL FIPS Object Module 2.0 validation > has not yet been completed and published, such an initiative will need > to independently tackle some of the issues that have arisen with the > new CMVP guidance effective in 2011. > > What we (OSF) can do (and have done) is sign vendors up for a "private > label" validation now, with the same test lab and with arrangements for > the vendor platforms to be tested in parallel with the 2.0 module > platforms. That way we can submit the private label validations at the > same time as the 2.0 one, and since the open source validations seem to > attract closer scrutiny the private label validations will probably be > awarded sooner. With a couple of uncomplicated platforms such "private > label" validations run about US$40K, not a bad price as validations go. > >> 3) In the OpenSSL validation effort, will Mac OS be one of the >> tested platforms? Can you share list of platforms that will be >> tested? > > The current list can be found at > http://opensslfoundation.com/testing/validation-2.0/platforms/Platforms.pdf. > Mac OS is not currently among them. > > -Steve M. > > -- > Steve Marquess > OpenSSL Software Foundation, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA > +1 877-673-6775 > marqu...@opensslfoundation.com > > -- View this message in context: http://old.nabble.com/Need-information-about-FIPS-2.0-and-OpenSSL-1.0.1-tp32285510p33164797.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
