On 03/24/2015 09:53 AM, jonetsu wrote: > > ... > >> Now the code for the OpenSSL FIPS module can no longer be used >> as-is for new "private label" or copycat validations, but that's >> for different reasons and not because of the DRBGs. > > I've read the User Guide bit on private label validations. In the > case of a product that consists of a dedicated unit, what would be > the best approach ? So far I have considered using the OpenSSL FIPS > module as is, in the hope that its FIPS validation would save costs > at the testing lab. Is this still feasible ? No, the OpenSSL FIPS module 2.0 code is no longer suitable (as of early 2014) for use as-is in doing copycat validations. Some non-trivial code hacks will be necessary. We'll do a new open source based validation to succeed the 2.0 FIPS module (#1747 validation) at the first opportunity, but that opportunity has not yet presented itself. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
