On 10/21/2015 03:22 PM, jonetsu wrote: >> From: "Steve Marquess" <marquess at openssl.com> >> Date: 10/21/15 14:18 >> See Appendix B of the OpenSSL FIPS User Guide: > >> https://openssl.org/docs/fips/UserGuide-2.0.pdf > > Thanks. > >> The specific algorithm tests have changed quite a bit since then >> (constant change is part of the fun), but the general concept is the >> same. The algorithm testing is the easiest part of FIPS 140-2 validations. > > What would you consider being the difficult parts ? The CMVP part. The CAVP requirements are fairly well articulated and consistently applied. New versions of the CAVS tool, and newly introduced test vectors, occasionally have problems but those can usually be worked out without too much grief. The wait time for CAVP approvals is also a lot more predictable. The CMVP, on the other hand, is not nearly as predictable or consistent. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
