[openssl-users] Is there any plan for FIPS to be supported on Linux-aarch64?

Steve Marquess marquess at openssl.com
Mon Apr 6 14:44:00 UTC 2015

On 04/06/2015 10:09 AM, Nicolae Rosia wrote:
> Is the documentation for the current validation available? Maybe
> someone can pick it up and work from there.

It doesn't work that way. With FIPS 140-2 the software itself is never
the problem, it's everything else.

The OpenSSL FIPS Object Module is entirely open source, but having the
source code does you no good when what you want is a software product
that satisfies the USG procurement requirements for FIPS 140-2 validated
cryptography. Remember that the challenge with FIPS 140-2 isn't to have
working code (you have that already with stock OpenSSL); it is to have
code (in a peculiar form, a "cryptographic module") that has been
officially blessed by an arcane and tedious bureaucratic process.

That blessing (validation) is something that costs money, for accredited
test lab and CMVP fees, not to mention a substantial amount of labor.

-Steve M.

Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list