Question about new FIPS 140-3 submission
Tomas Mraz
tomas at openssl.org
Thu Jan 25 13:50:01 UTC 2024
Hello,
the current OpenSSL FIPS module FIPS 140-3 submission is based on the
FIPS provider from the 3.1 branch and cannot include new features
including performance enhancements that are not present on the 3.1
branch.
Please note that it is possible to use the FIPS module(s) from 3.1 and
3.0 branches with the current versions of libcrypto and libssl. Most of
the performance enhancements that happened in the 3.2 release or that
were added after that release are outside of the FIPS module and can be
leveraged by applications if they are using the new releases even
with the 3.1 FIPS provider.
Kind regards,
Tomas Mraz, OpenSSL
On Fri, 2024-01-12 at 19:00 +0000, Salz, Rich wrote:
>
>
> Congratulations on the 140-3 submission.
>
> Since performance is such a huge issue with the 3.x series, can you
> update the submission to include the following?
> * The quick check on ephemeral keys (PR 14146 and friends)
> * Faster EC init (PR 22746; issue 21833 resolved incorrectly)
> * Any other in-module performance gains
>
> I know the process allows updates during evaluation; you’d have to
> work with the lab to do that.
>
> I think doing this kind of thing would show the community that you
> take performance seriously.
>
--
Tomáš Mráz, OpenSSL
More information about the openssl-project
mailing list