[openssl-users] Is there any plan for FIPS to be supported on Linux-aarch64?

Nicolae Rosia nicolae.rosia at gmail.com
Mon Apr 6 14:59:09 UTC 2015


I see. Still, the documentation sent to the lab would be helpful to
the community to better understand/review the existing code.

On Mon, Apr 6, 2015 at 5:44 PM, Steve Marquess <marquess at openssl.com> wrote:
> On 04/06/2015 10:09 AM, Nicolae Rosia wrote:
>> Is the documentation for the current validation available? Maybe
>> someone can pick it up and work from there.
>
> It doesn't work that way. With FIPS 140-2 the software itself is never
> the problem, it's everything else.
>
> The OpenSSL FIPS Object Module is entirely open source, but having the
> source code does you no good when what you want is a software product
> that satisfies the USG procurement requirements for FIPS 140-2 validated
> cryptography. Remember that the challenge with FIPS 140-2 isn't to have
> working code (you have that already with stock OpenSSL); it is to have
> code (in a peculiar form, a "cryptographic module") that has been
> officially blessed by an arcane and tedious bureaucratic process.
>
> That blessing (validation) is something that costs money, for accredited
> test lab and CMVP fees, not to mention a substantial amount of labor.
>
> -Steve M.
>
> --
> Steve Marquess
> OpenSSL Software Foundation, Inc.
> 1829 Mount Ephraim Road
> Adamstown, MD  21710
> USA
> +1 877 673 6775 s/b
> +1 301 874 2571 direct
> marquess at opensslfoundation.com
> marquess at openssl.com
> gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


More information about the openssl-users mailing list