Steve Marquess <[email protected]> writes: > Henrik Grindal Bakken wrote: >> It's not really a fork; we do it mostly with a) configuration, and >> b) limiting algorithms in our own code. We do have some patches, >> though, and I suppose the best way forward is to pull in the tests >> from the latest OpenSSL FIPS module and try to fit them into 1.0.0 >> code. >> > > We have just begun a new open source based validation that will be > 1.0.0 compatible. The open source validations tend to take longer > than proprietary validations (more scrutiny), but depending on your > timeline you might be better off just waiting. If you had a Level 1 > requirement we could add your platform to the ongoing validation, > but your Level 2 platform will require a separate validation.
Hi Steve, I saw your email announcing the new validation process just after sending this one, and that's certainly interesting. I'm aware that we'll be requiring a separate validation, and parts of the regular OpenSSL FIPS module is of little interest to me (like the linking bits), but I suppose this means self-tests will return, and it'll probably also mean some changes to PRNG and stuff, so this is excellent news. -- Henrik Grindal Bakken <[email protected]> PGP ID: 8D436E52 Fingerprint: 131D 9590 F0CF 47EF 7963 02AF 9236 D25A 8D43 6E52 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
