On 08/19/2011 01:42 PM, Wes Higaki wrote: > Are there any open source (or even proprietary) tools that do FIPS > algorithm testing for OpenSSL? That is, is there a tool that will > take in the test vectors from the NIST tool, run them through OpenSSL > and output the results ideally in the form that NIST expects?
Yes, you need to take a closer look at the OpenSSL distributions that contain FIPS module code (recent 0.9.8 and HEAD). Use of the algorithm test drivers (the programs that do what you describe) is also documented in the User Guide, http://openssl.org/docs/fips/UserGuide.pdf. See Appendix B. Also note that "OpenSSL" is not what is tested and validated, the validations are for the OpenSSL FIPS Object Module which is a separate and distinct software component as built. The fact that the source code for the latter is embedded in the same source tarballs used to build the usual OpenSSL libraries leads to continuing confusion. For the upcoming 2.0 module we will be releasing the OpenSSL FIPS Object Module source code in a separate tarball (now available as ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-2011MMDD.tar.gz snaphots). -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 [email protected]
