Re: Drbg kat test data: Openssl-fips 2.0.16

Manish asked: > There is DRBG kat test data in fips_drbg_selftest.h. (Openssl-fips-2.0.16) > Can anyone let me know, What is the source of this constant arrays. NIST > link or any other source will be helpful? I'm pretty sure that the test data for the DRBG KAT (known answer test) came from the

Re: [openssl-users] [openssl-project] OpenSSL 3.0 and FIPS Update

Responding to some earlier questions: > Can you give any guidance on which platforms will be validated with the OpenSSL FIPS 3.0 module? My recollection is that it will only be a handful of platforms. I would expect the number of platforms to be small. The wonderful 5 sponsors of the FIPS

Re: [openssl-users] OpenSSL FIPS Object Module 2.0 on CD

I'm responding to a previous post about obtaining a CD of the OpenSSL FIPS Object Module from KeyPair Consulting rather than directly from OpenSSL. The question is: > Just curious, but does this satisfy Section 6.6 of the User Guide, > since the CD does not come directly from the OpenSSL

[openssl-users] OpenSSL FIPS Object Module 2.0 on CD

If you are looking for a copy of the OpenSSL FIPS Object Module (versions 2.0 to 2.0.16) delivered to you on CD, then please send an email to c...@keypair.us with your shipping address. We will send you a copy of the original OpenSSL FOM CD. For details, see: https://keypair.us/2018/05/cd/ Mark

[openssl-users] FIPS 140-2 certification

Oleg wrote: > We would like to add to our product OpenSSL with FIPS 140-2 module. The problem is that our OS > and CPUs are not FIPS certified. We use vxWorks 5.5.1 with 3 types of CPUs in different products. > > How can we get certification for these environments? OSF answered that they do not do

[openssl-users] FIPS Non?-Approved Cryptographic Functions

> From the OpenSSL FIPS Security Policy chapter 4, it mentioned there are a > number of non-FIPS approved algorithms/ services which are still > implemented by the FIPS canister modules (e.g. RSA, DSA, DRDB, ECDSA etc). > > Just wondering why these algorithms are still implemented by FIPS

Re: [openssl-users] FIPS 140-2 key wrapping transition

The OpenSSL FOM Cert. #1747 will not be moved to the CMVP Historical List since it does not implement a non-compliant AES key wrapping service in the defined cryptographic boundary. All of the FIPS modules that implement a non-compliant AES key wrapping service have already been moved to the

Re: [openssl-users] FIPS certification for openssl

If you need a FIPS resource for the OpenSSL FIPS Object Module -- my business partner (Steve Weymann) and I worked with Steve Marquess when we were at a FIPS Testing Lab to achieve the FIPS 140-2 Cert. #1747 for the OpenSSL FIPS Object Module. We are now helping technology companies that need