Am Donnerstag, 30. Januar 2014, 15:49:32 schrieb Leon Brits: Hi Leon,
>Steve, > >We are talking past each other - sorry for that but that is the way >people like me get to understand these things. > >First of we have not changed any code of the FIPS Object Module. We >simply do not use all of the algorithms based on requirements. The >application linking the libcrypto.so, enforce that only required and >allowed cryptographic calls is made to the Module. So, if I understand >you (or maybe again not), we must test everything in the Module even >if we do not use them? And this is why the new directives will give me >problems - right? This is not correct. You can have ciphers (even those which would in theory be allowed by FIPS) in the module which you declare out of scope and thus mark as "non-approved" in the Security Policy. Therefore you are always free to pick and choose what you have validated. > >Background: >We were hoping to use your certification of the algorithms as part of >our products validation. Using your certificate numbers in our SP in >section 2 for "Cryptographic Functionality". I thought that is the >point of your certification efforts. The lab said we cannot due to the >different platform (we have Linux 2.6 on ARMv5tel), but that we simply >have to run the algorithm tests on our platform to get our own >certification for the algorithms we use. This is an extra cost but >less than a complete certification like when we changed code in the >Module. So in preparation for these tests I also need to fill in the >forms describing each algorithm and their modes. > >Thanks >LJB > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >Development Mailing List openssl-dev@openssl.org >Automated List Manager majord...@openssl.org Ciao Stephan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
