,
Bhaskar Raju
It's the same for all platforms:
http://www.openssl.org/source/openssl-fips-1.2.2.tar.gz
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
we'd normally care to do, but
it is a reasonable response given the peculiar restrictions imposed by
FIPS 140-2. That is our plan for supporting it in our upcoming open
source validation, should we find a sponsor interested in support the
inclusion of that platform.
-Steve M.
--
Steve Marquess
in the FIPS 140-2 context (I have a
definite opinion but that is irrelevant if your test lab feels differently).
You can't of course make changes to the validated code -- any changes at
all -- and still call it validated.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount
is more complex as there is (as yet) no source
code to copy, although I anticipate roughly comparable pricing.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
-64 asm optimization
HP-UX 11i on Itanium 32bit with asm optimization
HP-UX 11i on Itanium 64bit with asm optimization
Any prospective sponsors of platforms not included in that list are
encouraged to contact the OSF.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829
sponsors of platforms not included in that list are
encouraged to contact the OSF.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
it will just take longer.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL Project
validation is in process
(http://openssl.org/docs/fips/fipsvalidation.html). So far we're on
schedule but it could still take up to a year.
It's not too late to sign on as a sponsor for your particular platform
of interest.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount
VC++ Win32 on x86
uClinux on ARM
Check the file README.FIPS in the source distribution regularly for
up-to-date status info. Also see
http://www.openssl.org/docs/fips/fipsvalidation.html for more
information and updates on this effort.
-Steve M.
--
Steve Marquess
OpenSSL Software
.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL Project http://www.openssl.org
Development
William A. Rowe Jr. wrote:
On 1/14/2011 10:15 AM, Steve Marquess wrote:
To date the following platforms are included in the validation:
Android on ARM
VC++ WIN32/x86
Clarification please; in the past the source code build has been validated,
with specific platforms chosen
to implement ECC.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL Project http
, thereby significantly increasing the value of the resulting
validation.
To date the following platforms are included in the validation:
Android on ARM
VC++ WIN32/x86
Any prospective sponsors of platforms not included in that list are
encouraged to contact the OSF.
-Steve M.
--
Steve
Xiao, Ying wrote:
Steve,
Great news. Will the new PRNG be released by the end of 2011?
Yes.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
in place.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL Project http
(that version designation
is already in use). v2.0 perhaps; we haven't discussed it yet.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
of work and the team members who could do
that work all have day jobs or are currently occupied with unrelated
commercial commitments.
Now if TLS 1.2 implementation was one of those commercial commitments it
could happen quickly (that's a hint!).
-Steve M.
--
Steve Marquess
The OpenSSL Software
module per that validation.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL Project
lab, and wait 9-12 months...
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL Project
code will need very substantial modification for new
validations.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
and not the future SHA-3.
-Steve M.
--
Steve Marquess
Open Source Software institute
marqu...@oss-institute.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Steve Marquess wrote:
Thor Lancelot Simon wrote:
On Thu, Sep 10, 2009 at 06:10:27PM +0200, Dr. Stephen Henson wrote:
On Wed, Sep 09, 2009, Thor Lancelot Simon wrote:
On Sat, Aug 29, 2009 at 05:34:04PM -0400, Steve Marquess wrote:
That this wasn't the obvious approach from the very
requirements will be changing and the current v1.2
validation will no longer be a rubber stamp template. No post-v1.2
validation is currently planned so there will no longer be a shared
model suitable as-is for direct use or as a basis for private label
validations.
-Steve M.
--
Steve
-own situation, same
as it was before the first open source based validation.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
private
label validations based on v1.2 will find that those validations will
no longer be rubber stamp formalities as is the case today.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
Steve Marquess wrote:
Mark Phalan wrote: ...
Due to the way the FIPS Capable OpenSSL is built it ends up with
older implementations of ciphers (all the ones that fipscanister.o
implements). These cipher implementations are used regardless of
being in FIPS mode or not.
Ummm, not so. Use
.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL Project http://www.openssl.org
was an
important design goal because it allows software vendors to ship one
binary to all customers.
-Steve M.
--
Steve Marquess
Veridical Systems, Inc.
marqu...@veridicalsystems.com
__
OpenSSL Project
Steve Marquess wrote:
canroc wrote:
I am confused with what is required in builiding an application to use
encryption functions from a FIPS 140-2 capable openSSL library.
If I link the shared library libcrypto.so (0.9.8j) into my application and
do a FIPS_mode_set(1) call, is that all
to reveal under non-disclosure restrictions.
-Steve M.
--
Steve Marquess
Veridical Systems, Inc.
marqu...@veridicalsystems.com
__
OpenSSL Project http://www.openssl.org
Development Mailing List
,
so as to leverage the advantages of the high level API of the latter,
but it is a separate and distinct product. See the User Guide
(http://www.openssl.org/docs/fips/UserGuide-1.2.pdf) for more details.
-Steve M.
--
Steve Marquess
Veridical Systems, Inc.
marqu...@veridicalsystems.com
with the best of intentions and IMHO in the beginning served a
useful purpose. Other that that, no comment :-)
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project
and another revalidation. I'll gladly incorporate any
contributed feedback into the User Guide, but until/if another paying
client needs Microsoft specific support I won't be doing any hands-on
work with Windows.
-Steve M.
--
Steve Marquess
Veridical Systems, Inc.
1829 Mount Ephraim Road
Adamstown
the next few weeks.
Feedback on errors/omissions/improvements will be greatly appreciated.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project http
participated in took about three
months, the longest over five years. So my current prediction is that
this validation will be awarded no later than April 2013. About the
time OpenSSL 1.6 is released :-)
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED
,
fire, aim!).
Since there is little practical reason to disable FIPS mode once enabled
(reference earlier discussion) we elected to just leave that bug as-is
rather than abort and restart the validation process.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED
for which the validation is still pending.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List
of the
Security Policy.
The pending OpenSSL FIPS Object Module v1.2 will include some 64 bit
platforms. I've been expecting that validation Real Soon Now for weeks.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED
, but it does seem to say that validated modules can be used
on what we would consider multi-user, multi-tasking systems. Start
asking about threading, forking, multiple cores, etc., though, and you
start getting some odd responses.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL
Prashant Kumar wrote:
Hello All,
Where can I find the documentation for OpenSsl FIPS certification ?
Any help is appreciated.
See
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#918
and http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf.
-Steve M.
--
Steve
multiple explanations, some quite elaborate, that I just don't get.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
on and compatible
with OpenSSL 0.9.7+.
I'm expecting two more validations for the 0.9.8+ based v1.2 Real Soon Now.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project
capable processor you'll have to use the no-asm version, sorry.
Contributions to defray validation test lab fees are always welcome.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
__
OpenSSL Project
. There is (will be) only one version of the former, while the
FIPS capable support will be carried forward in future 0.9.8 releases.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
__
OpenSSL Project
with the
command:
cvs -d [EMAIL PROTECTED]:/openssl-cvs co \
-r OpenSSL-fips-0_9_8-stable openssl
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project
Kyle Hamilton wrote:
On Dec 2, 2007 4:31 PM, Steve Marquess [EMAIL PROTECTED] wrote:
...big snip...
c) I would like to know where to find the formal specification
documents for what must be met in a module boundary, ...
The module boundary is *the* key concept for FIPS 140-2. It is also
M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated
drink to that...
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev
Kyle Hamilton wrote:
On Dec 2, 2007 4:31 PM, Steve Marquess [EMAIL PROTECTED] wrote:
Kyle Hamilton wrote:
I just want to have the opportunity to know that what is submitted
will actually run on the platform I must use.
... big snip ...
Kyle, you raise a number of good points
exchange of views does not play well everywhere, most
bureaucracies (not just the CMVP) have very different ways of working
and establishing consensus. So please please please direct all flames
at me and not at them.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED
there will spontaneously disappear.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Steve Marquess wrote:
Brad House wrote:
Ok, guys, let me point out a harsh reality here. As noted in an
earlier comment, FIPS 140-2 validation doesn't mesh all that well
with the open source world. ...
We're a paying OSS member (or at least we were, not sure if we were
invoiced
surrealistic. There is a long you're
kidding, right? and WTF? learning curve...
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
contributors. And Steve Henson is responsive to everyone.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing
be addressed in validation N+1. But validations
are very expensive and our financial sponsorship is erratic so we
proceed as resources allow.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EMAIL PROTECTED]
__
OpenSSL
Windows, thanks to a generous corporate sponsor, but the number of
platforms we can test is severely constrained by available funding --
the test lab fees alone are several kilobucks a platform and they don't
work on a volunteer basis.
That's a hint :-)
-Steve M.
--
Steve Marquess
Open Source
vendors unable to wait for the source based product. We hope to be
announcing the details soon.
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
__
OpenSSL Project http
. The lead time for
correcting and announcing problems in OpenSSL code is usually measured
in days. The lead time for validating changes is measured in many
months. Closed source proprietary vendors of course have an enormous
incentive to skip the announcement step :-)
-Steve M.
--
Steve Marquess
to any validation, the CMVP test lab fee, so it makes
sense to try to satisfy as many requirements as possible for each such
iteration, and spread that fixed cost among multiple sponsors.
The next validation should take a lot less than 3-1/2 years...
-Steve M.
--
Steve Marquess
c/o Open Source
101 - 159 of 159 matches
Mail list logo