On 04/06/2015 10:09 AM, Nicolae Rosia wrote: > Is the documentation for the current validation available? Maybe > someone can pick it up and work from there. It doesn't work that way. With FIPS 140-2 the software itself is never the problem, it's everything else. The OpenSSL FIPS Object Module is entirely open source, but having the source code does you no good when what you want is a software product that satisfies the USG procurement requirements for FIPS 140-2 validated cryptography. Remember that the challenge with FIPS 140-2 isn't to have working code (you have that already with stock OpenSSL); it is to have code (in a peculiar form, a "cryptographic module") that has been officially blessed by an arcane and tedious bureaucratic process. That blessing (validation) is something that costs money, for accredited test lab and CMVP fees, not to mention a substantial amount of labor. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
