[openssl-commits] [web] master update

[Tim Hudson]

The branch master has been updated
       via  22fe369deffaccab10d1cf82b740a85064f8b782 (commit)
      from  0a4c853aded41a16c9b7029406ec1e82dbb6079a (commit)


- Log -----------------------------------------------------------------
commit 22fe369deffaccab10d1cf82b740a85064f8b782
Author: Tim Hudson <t...@cryptsoft.com>
Date:   Sun Dec 10 22:37:22 2017 +1000

    update the fips related information
    
    - remove all references and pointers to OVS or openssl.com
    - remove negative comments/opinions/statements about NIST/CSE/CMVP
    - remove historical advertising information
    - point to the general contact address

-----------------------------------------------------------------------

Summary of changes:
 docs/fips.html           |  2 --
 docs/fipsnotes.html      | 43 ++++---------------------------------------
 docs/fipsvalidation.html | 29 +++--------------------------
 3 files changed, 7 insertions(+), 67 deletions(-)

diff --git a/docs/fips.html b/docs/fips.html
index bc19603..ffef801 100644
--- a/docs/fips.html
+++ b/docs/fips.html
@@ -34,8 +34,6 @@
            <a href="fips/UserGuide-2.0.pdf">2.0 User Guide</a>.
            </p>
 
-           <p>In mid-year 2017 work began on a new FIPS module for use with 
OpenSSL release 1.1.
-
            <p>Thanks to multiple platform sponsorships the 2.0 validations
            include the largest number of formally tested platforms for any
            validated module.</p>
diff --git a/docs/fipsnotes.html b/docs/fipsnotes.html
index c850f76..7f689fd 100644
--- a/docs/fipsnotes.html
+++ b/docs/fipsnotes.html
@@ -9,21 +9,10 @@
        <article>
          <header><h2>Important Notes about OpenSSL and FIPS 140</h2></header>
          <div class="entry-content">
-           <p>Please please read the <a href="fips/UserGuide.pdf">User 
Guide</a>.
-           Nothing will make sense otherwise (it still may not afterwards,
-           but at least you've a better chance).</p>
-
-           <p>No new validations are currently planned.</p>
+           <p>Please please read the <a href="fips/UserGuide.pdf">User 
Guide</a>.</p>
 
            <h3>FIPS What?  Where Do I Start?</h3>
 
-           <p>Ok, so your company needs FIPS validated cryptography to land
-           that big sale, and your product currently uses OpenSSL. You
-           haven't worked up the motivation to wade through the entire <a
-           href="fips/UserGuide.pdf">User Guide</a> and want the quick 
"executive
-           summary".  Here is a grossly oversimplified account:</p>
-           <p>
-
            <ul>
 
              <li>OpenSSL itself is not validated.  Instead
@@ -33,10 +22,9 @@
              the OpenSSL API can be converted to use validated cryptography
              with minimal effort.</li>
 
-             <li>The OpenSSL FIPS Object Module validation is unique among
-             all FIPS 140-2 validations in that the product is "delivered" in
-             source code form, meaning that if you can use it exactly as is
-             and can build it (according to the very specific documented
+             <li>The OpenSSL FIPS Object Module validation 
+             is "delivered" in source code form, meaning that if you can use 
it 
+             exactly as is and can build it (according to the very specific 
documented
              instructions) for your platform, then you can use it as
              validated cryptography on a "vendor affirmed" basis.</li>
 
@@ -65,29 +53,6 @@
             We are not currently taking on any additional validation work
             nor adding new platforms to the existing "1747" validation.
 
-           <h3>Performance at Startup</h3>
-
-           <p>We have had many complaints about poor performance of the
-           Power-On Self Test (POST) on low powered computers, as with some
-           embedded devices. In the worst cases the POST can take several
-           minutes. Such devices were not included as test platforms at the
-           time the code was originally written.</p>
-           <p>The current FIPS validated code performs a very comprehensive
-           set of mandatory algorithm self tests when it enter FIPS mode
-           covering many algorithm combinations. There is a DSA parameter
-           generation self test which is especially CPU intensive.</p>
-           <p>As a result of the POST performance issue we revisited the KAT
-           (Known Answer Test) requirements in the POST process that were
-           burning up most of those cycle.  In consultation with a CMVP test
-           lab we determined that it should be possible to substantially
-           reduce that performance penalty in a new validation.
-           Unfortunately such a change can only be undertaken in the context
-           of a new validation, and not as a change letter modification.</p>
-           <p>Another factor affecting performance is the use (or not) of
-           platform specific optimizations.  The x86/x64 Windows and Linux
-           code makes use of assembly language optimizations for FIPS
-           cryptographic algorithms. The C only version is much slower and so
-           the POST is slower too.</p>
          </div>
          <footer>
            You are here: <a href="/">Home</a>
diff --git a/docs/fipsvalidation.html b/docs/fipsvalidation.html
index 4b36886..d36c2d2 100644
--- a/docs/fipsvalidation.html
+++ b/docs/fipsvalidation.html
@@ -23,20 +23,6 @@
            which is documented in the
            <a href="fips/UserGuide-1.2.pdf">1.2 User Guide</a>.</p>
 
-           <p><strong>Important Note:</strong>
-           Due to new requirements introduced in 2013 the current v2.0 Module
-           is no longer suitable as a reference for private label
-           validations; see the <a
-           href="https://www.openssl.com/fips/ig95.html";>I.G. 9.5 FAQ</a>.
-           Due to earlier changes in the FIPS 140-2 validation requirements
-           the v1.2 Module is no longer be a suitable model for private label
-           validations in its current form past the year 2010; see the NIST <a
-             
href="http://csrc.nist.gov/groups/STM/cmvp/notices.html";>Notices</a>,
-           <a
-             
href="http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf";>discussion
 paper</a>
-           and <a
-             
href="http://csrc.nist.gov/publications/drafts/800-131/draft-800-131_transition-paper.pdf";>Draft
 800-131</a>.</p>
-
            <h3>Sponsors</h3>
            <p>The OpenSSL FIPS Object Module validations receive support
            from multiple sources for each validation effort; however only
@@ -92,18 +78,9 @@
            <hr>
 
            <p>If you have an interest in sponsoring any changes or additions
-           to this validation please contact <a
-             href="https://openssl.com/fips";>OpenSSL Validation 
Services</a>.</p>
-           <p>Some commercial software vendors ask us "what do we gain from
-           sponsoring a validation that our competition can also use?".  Our
-           answer is "nothing, if you think in terms of obstructing your
-           competition".  If, on the other hand, you compete primarily on the
-           merits of your products then what others may do with the validation 
is
-           less of a threat as they derive no more advantage from it than you
-           do.  Your advantage is that your sponsorship will probably cost
-           less that the commercial software license you would otherwise have
-           to buy, and you will retain backwards compatibility with the
-           regular OpenSSL API while avoiding vendor lock-in.</p>
+           to this validation please contact us via an email to <a
+             
href="mailto:osf-cont...@opensl.org";>osf-cont...@openssl.org</a>.</p>
+
          </div>
          <footer>
            You are here: <a href="/">Home</a>
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits