eeded until you get the new set of test
vectors (which of course cost money).
-Steve M.
--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 301 874 2571
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
and support OpenSSL and the OpenSSL user
community at the same time; a win-win situation all around.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation
20-22 Wenlock Road
London N1 7GU
United Kingdom
+44 1785508015
+1 301 874 2571 direct
marqu...@opensslfoundation.org
ste...@openssl.org
may also not have the resources to
tackle something that would otherwise be of interest (we have a back
catalog of nice-to-have cryptography waiting for a rainy day).
-Steve M.
--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 30
algv tests suite to have the algorithms validated
> (#3768) using this lab but I cannot see how to use it to "induce" and
> error in the FIPS module.
>
Look at what the "fips_test_suite" option of fips_algv does. That's also
discussed in the OpenSSL FIPS module user guide.
-Ste
ide:
https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
Test labs typically just run "fips_algv fips_test_suite" for the
functional testing, as it was designed for exactly that purpose.
-Steve M.
--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown,
for the
#1747 or #2473 validations which stop at revision 2.0.10, in which case
that's the newest FIPS module revision with the magical pixie dust of
FIPS righteousness, even though the latest revision (2.0.12)
functionally supports all platforms for all validations.
--
Steve Marquess
OpenSSL Validation Se
Hat FIPS module, not the OpenSSL one, so you'll
need to ask that vendor.
-Steve M.
--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.
e to reprocess them all, though I
usually do given that it's easier to use fipsalgtest.pl on a full test
vector set than to manually manipulate individual request files. Note I
like to hang on to the test device until the CMVP formally approves the
related validation action, as on occasion we've
est
lab. Yes, you have to pay the lab, but welcome to the wonderful world of
FIPS 140-2.
-Steve M.
--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@openssl.com
gpg/pgp key: http://openssl.c
cious decision to not allow FIPS 140-2 to distort and
pervert OpenSSL even more than has already been the case. We'll do a
(relatively) clean and sane implementation for 1.1 if and when we can,
and nothing otherwise.
-Steve M.
--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Ad
IPS 140-2 can be as simple as throwing in a FIPS_mode_set() call. With
a stock OpenSSL and hand-jammed FIPS module you'd need to manually vet
all application code; the stock OpenSSL won't let you know when your
application uses non-allowed cryptography.
-Steve M.
--
Steve Marquess
OpenSSL Valida
).
If and when a new FIPS module for 1.1 is developed, it almost certainly
will take the form of a new "engine" style modular component.
-Steve M.
--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571
ng 1.1 releases.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
___
openssl-d
be unusable absent a matching FIPS 140-2 validation.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/
lar so the FIPS module and OpenSSL releases would no longer be so
tightly coupled.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/p
opy per byte. Again assume it is uniform (e.g. we don't get 8
bits of entropy in byte 1 and nothing in the next 7). Again lets have a
block size of 16 bytes. This time to get 256 bits of entropy the source
must provides it in a 256 byte buffer. An extra block is required which
makes 272 bytes but b
of this year it will be renamed.
All contemporary references you see to the OpenSSL Software Foundation
are for the new non-profit Delaware entity. As Rich has noted we do need
to change mentions of the original entity, now confined to FIPS related
activities only.
-Steve M.
--
Steve Marquess
that modified code validated to claim FIPS 140-2
validation. There is no reason to use the FIPS module code otherwise, so
the basic rule is you just have to live with whatever flaws or omissions
are present.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
development issues, not for basic usage questions.
You might want to start with the OpenSSL FIPS User Guide:
https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1
.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
revision of the
pending new salvage edition validation[**]. It will be the same
tarball as if we were allowed to update the #1747 validation directly,
though.
-Steve M.
[*] http://openssl.com/fips/hostage.html
[**] http://openssl.com/fips/ransom.html
--
Steve Marquess
OpenSSL Software
vendors relative to any alternatives) or cost
prohibitive (for the small business).
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg
securely). A new validation will be necessary. You will find such a
validation a significant challenge even without the source code mods you
contemplate.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874
of coherence.
In the meantime we greatly appreciate the patience and support shown by
so many of you in the OpenSSL community.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu
damn hard to be a U.S. citizen and lawfully work on open source
cryptography.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key
community for a bit longer.
- -Steve M.
- --
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
of discretionary time left over. OpenSSL
hangs by a thinner thread than most people realize.
Since contributions are as likely to introduce problems or
vulnerabilities as code authored directly by the OpenSSL team, I think
you can expect even more caution for awhile.
-Steve M.
--
Steve Marquess
, both OpenSSL team members and
others. Volunteers?
Of course, a process like that wouldn't necessarily prevent future
vulnerabilities like the Debian PRNG issue or the heartbeat bug. Even
gross bugs are only truly obvious in hindsight.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc
On 03/26/2014 05:25 PM, Mark Hatle wrote:
On 3/26/14, 2:41 PM, Steve Marquess wrote:
On 03/26/2014 12:30 PM, Mark Hatle wrote:
Looking at the fips_canister.c I see that ia32 (32-bit and
64-bit) systems are not enabled ...
Would it be possible to add this change to the fips_canister
something as trivial as a change to a comment.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs
Module 2.0, validation certificate #1747, should
be used for any new development and careful consideration should be
given to upgrading any FIPS 1.2/OpenSSL 0.9.8 based products to FIPS
2.0/OpenSSL 1.0.1.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
in a text friendly format.
Also, the openssl-users list would be more appropriate for this kind of
query.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
of interest.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
EC DRBG, and the I.G. 9.10 issue
(http://opensslfoundation.com/fips/ig95.html) mean that you can't use
these test vector formats and the OpenSSL FIPS Object Module
2.0,2.0.1,...,2.0.5 code as-is. So don't say I didn't warn you :-)
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829
to various requirements.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
) :-).
Our rough cost for the change letter addition of a platform to #1747
is $15K and 2-3 months. Compare that to the cost and time for any type
of new validation.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1
to that FIPS
validation (OpenSSL proper is out of scope).
If you've gone to a test lab and obtained some sort of private
validation based on OpenSSL code, then you need to consult with that lab.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
that paragraph also state Releases
other than 1.0.1 cannot be used for this purpose?
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key
improve that document I want to know. It's a
complex topic.
When OpenSSL 1.0.2 is released the User Guide will be updated to state
1.0.1 and 1.0.2 as the current FIPS module will also be compatible
with 1.0.2.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
.
That mechanism is of course also fully exposed in the source code:
http://www.openssl.org/source/openssl-fips-2.0.5.tar.gz
In particular look at fips.c, fips_premain.c, fipsld, and incore (for ELF).
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD
and that
I'm not qualified to give legal advice.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs
code for handling all required
FIPS 140-2 algorithm testing. See the FIPS module User Guide:
http://www.openssl.org/docs/fips/UserGuide-2.0.pdf
Appendix B.
That will be the easy part...
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
-DOPENSSL_DRBG_DEFAULT_TYPE=NID_hmac_WithSHA256 \
-DOPENSSL_DRBG_DEFAULT_FLAGS=0
Good catch, thanks. Fixed in revision to be posted soon.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu
.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
__
OpenSSL Project
.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
__
OpenSSL Project
and
thoroughly test a solution PA-RISC is effectively an unsupported platform.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
and
thoroughly test a solution PA-RISC is effectively an unsupported platform.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
which modify that private memory
(such as enabling FIPS mode) entirely independently of other processes.
The same is true for static linking, of course, as each process has
separate copies of both readonly and writable code.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829
be misleading.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
__
OpenSSL Project
be misleading.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
__
OpenSSL
or government
sponsors that fund such expenses, but in this case I suspect money won't
be the deciding factor.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu
to use LyX editor to produce Docbook ?
I'm too new at docbook to know yet. I'll start with a regular text editor.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
to.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
__
OpenSSL Project
is another
complication we don't need right now.
There is some content already but new contributions are welcome. We'll
be wanting to add some more administrators (sysops) too.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s
I have to admit that I feel a little bit intimidated to
publish something on this prestigious wiki...
Now that made me laugh :-)
You're already contributed something with your thoughtful comments,
don't stop now.
-Steve M.
--
Steve Marquess
OpenSSL
it.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
__
OpenSSL Project
that there are several people contributing
content to that document the ODF format is very limiting, hence the
ongoing attempt to convert to docbook. That has turned out to be a bit
of a challenge but I'm still hoping to pull it off.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829
On 03/19/2013 04:59 PM, Matt Caswell wrote:
On 19 March 2013 19:38, Steve Marquess marqu...@opensslfoundation.com wrote:
I took a quick look to see what utilities might be available to convert
between pod and mediawiki markup formats. pod2markdown (CPAN) is close
but not quite
as
well as evil, and the licensing situation is muddled enough as it is.
Personally I think the existence and unrestricted availability of
OpenSSL benefits the good far more than evil.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1
M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
__
OpenSSL Project
use OpenSSL.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
__
OpenSSL
and a better place to
look for size reduction opportunities. In general it will make more
sense to use the FIPS module as-is and reference just the specific
functionality you need.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877
reasons to
chose that route; you will have not only the initial difficulty and
expense of implementing custom modifications, but also the long term
burden of supporting those customizations.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
:
fips_premain.c.sha1
fipsld.
Also what is process that is taking place in linking with fipsld.
Thanks in advance.
Regards,
Ravi
This question would be more appropriate for the openssl-users list.
See http://www.openssl.org/docs/fips/UserGuide-2.0.pdf
-Steve M.
--
Steve
to
openssl.org yet:
http://opensslfoundation.com/testing/validation-2.0/docs/UserGuide-2.0.pdf
The instructions are essentially the same as for the 1.2.x module.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874
. The ExtraRandomBits reference is inaccurate.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
; to date we have had no sponsors interested in funding OS X for
the 2.0 validation. The 2.0 software supports that platform (thanks to
the Thursby sponsorship for 1.2.4) and it could still be added via a
change letter update.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount
module, and that document will be maintained in two separate
versions for the 1.2 and 2.0 modules:
http://www.openssl.org/docs/fips/UserGuide-1.2.pdf
http://www.openssl.org/docs/fips/UserGuide-2.0.pdf
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
duplicated (at the moment we're burning and printing them
one at a time).
So please expect some delays in receiving the CDs that have been requested.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
__
OpenSSL Project
. The validation is still pending for the 2.0
module (we're engaged in an extended dialog about the precise process
used to verify the source tarball). Once a validated module is properly
generated you are free to use it with any application, including an
OpenSSL shared library.
-Steve M.
--
Steve Marquess
The OpenSSL FIPS Object Module 2.0 is now in coordination status at
the CMVP. That's usually a good sign that the formal validation award
is imminent (as in a week or three...).
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1
64bit on x86, SSE2 optimization
AES-NI optimization is not covered, so for instance the module cannot be
used with Windows on many Intel Core i5 processors.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874
approach. Inquire about purchasing the WhizBang(tm) product from
SnakeOil Enterprises and I'll bet they neglect to caution you (for
instance) that the validation won't apply to your Core i5 system because
AES-NI wasn't included in the validation :-)
-Steve M.
--
Steve Marquess
OpenSSL Software
On 03/06/2012 06:47 PM, William A. Rowe Jr. wrote:
On 3/6/2012 8:43 AM, Steve Marquess wrote:
On 03/06/2012 08:49 AM, Vanden, Michelle CTR USAF AFMC AAC/EBYC wrote:
Hello Steve,
Will the new certificate support that is has been tested in a Windows 7
That validation will include
On 01/25/2012 10:00 PM, Thor Lancelot Simon wrote:
On Wed, Jan 25, 2012 at 06:35:58PM -0500, Steve Marquess wrote:
A rough rule of thumb is that if you create a FIPS module
(fipscanister.o) on a formally tested platform (O/S and processor as
listed in the Security Policy), and if that binary
enough to
a formally tested platform, then the resulting module is validated.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
G.5.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
Security Essentials as that which does
not appear to trigger this problem.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
/openssl-fips-2.0rc1.tar.gz
Note some additional cosmetic changes will be made prior to the formal
validation award.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu
February. We
don't even have the formal submission in yet, though I'm hoping to make
an announcement soon.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
directly if you'd like more details.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
are encouraged to reference the
OpenSSL-fips-2_0-stable branch in the OpenSSL CVS repository.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
.tar.gz
and later) on their platforms of interest, and report any problems to
us. Build and test instructions are given in the ./README.FIPS file.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu
OpenSSL libraries leads to continuing confusion. For the upcoming
2.0 module we will be releasing the OpenSSL FIPS Object Module source
code in a separate tarball (now available as
ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-2011MMDD.tar.gz
snaphots).
-Steve M.
--
Steve Marquess
OpenSSL
with is uniquely identified.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
to make that compatibility possible.
Note as a happy consequence that an existing application that uses
OpenSSL for all cryptography can usually be readily converted to use
FIPS validated cryptography.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD
weeks will allow us to easily
correct reported problems.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL
of these test vector sets, but as they are interchangeable
there is no point in keeping more than a few representative samples.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
) Working but unvalidated code should be available within a month.
2) The formally validated module should be available by Q1 2012.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
platforms will have to be deferred to a later change letter
modification process.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
What is happening?
No Fips in the Openssl 1.0.1 STABLe.
Correct, and you won't be seeing the FIPS capable support there for
some time. We're concentrating on the validation of the module (OpenSSL
FIPS Object Module 2.0) now.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc
. Note we have begun posting FIPS module snapshots at
ftp://ftp.openssl.org/snapshot/.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
and
the continued maintenance and development of OpenSSL.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL Project
for full implementation is still
under consideration.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL
there will be a
limited window of opportunity for making changes to the formal
baseline
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
soon, within a
few weeks.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL Project
.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
0.9.8+ and the OpenSSL FIPS Object Module
v1.2.2 (your only current option), see the User Guide at
http://www.openssl.org/docs/fips/UserGuide.pdf.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu
1 - 100 of 159 matches
Mail list logo
