[openssl-users] Key Deriviation Function Tests for TLS

Steve Marquess marquess at openssl.com
Wed Sep 30 12:28:33 UTC 2015

On 09/30/2015 03:50 AM, Jakob Bohm wrote:
> Dear Steve,
> Have you considered that their contribution may be of value
> to the next/future major version of the open source FIPS
> module (which would presumably involve a fresh submission
> under updated FIPS validation rules).
> This would obviously be a different code branch from
> maintenance/change letter updates to the current module.

We have indeed. As noted already that code will be of no value until we
can actually run it through a validation ourselves. Our days of
committing speculative code that "might come in handy someday" are
behind us.

We also have plans for a significant rewrite of the FIPS module from its
current form, and it's unlikely any third party submissions would fit
that vision.

Of course any third party (Cisco for instance) is free to publish
patches or even a compete open source FIPS module themselves, and deal
with the inevitable onslaught of requests for support. I get those
almost daily, usually in the form of "we're trying to do our own
validation and need a little help...".

-Steve M.

Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at opensslfoundation.com
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list