[openssl-users] New FIPS 140-2 "SE" Validation Approved

Steve Marquess marquess at openssl.com
Tue Jun 30 12:20:31 UTC 2015

On 06/30/2015 07:15 AM, jonetsu wrote:
> The validation is on the ARM platform using Linux 2.4.  I am one of those
> 'unlucky' having to deal with FIPS so please pardon any silly questions. 
> Would this validation be limited to these two aspects ?

The validation is limited to the "platforms" ("Operational
Environments") listed for that validation, unless you are able to
leverage the "user affirmation" option per section G.5 of the
Implementation Guidance document (one of the canons of FIPS 140-2

> And, is there any
> money-saving advantage at using an already validated OpenSSL when the whole
> unit (embedded device) qill be going for validation ?  Eg. will it save lab
> time if they know that the OpenSSL used is already validated ?

I'm going to guess that you're trying to obtain a Level 2 validation for
a product that contains the OpenSSL FIPS Object Module. Yes, the fact
that the OpenSSL FIPS module already has a Level 1 validation can help.
But, FIPS 140-2 is a tricky business so you should consult with your
accredited FIPS 140-2 test lab for advice specific to your unique

-Steve M.

Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list