[openssl-users] CAVP protocol testing - what does it really consist of ?

Steve Marquess marquess at openssl.com
Fri Oct 23 14:04:35 UTC 2015

On 10/21/2015 03:22 PM, jonetsu wrote:
>> From: "Steve Marquess" <marquess at openssl.com> 
>> Date: 10/21/15 14:18 
>> See Appendix B of the OpenSSL FIPS User Guide:
>>   https://openssl.org/docs/fips/UserGuide-2.0.pdf
> Thanks.
>> The specific algorithm tests have changed quite a bit since then
>> (constant change is part of the fun), but the general concept is the
>> same. The algorithm testing is the easiest part of FIPS 140-2 validations.
> What would you consider being the difficult parts ?

The CMVP part. The CAVP requirements are fairly well articulated and
consistently applied. New versions of the CAVS tool, and newly
introduced test vectors, occasionally have problems but those can
usually be worked out without too much grief. The wait time for CAVP
approvals is also a lot more predictable.

The CMVP, on the other hand, is not nearly as predictable or consistent.

-Steve M.

Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list