2010-07-22 16:49:34     FIPS 140-2 validation for OpenSSL on Blackfin uClinux?

Document created by Aaronwu Employee on Aug 22, 2013
Version 1Show Document
  • View in full screen mode

2010-07-22 16:49:34     FIPS 140-2 validation for OpenSSL on Blackfin uClinux?

Steve Strobel (UNITED STATES)

Message: 91614   

 

I am interested in building OpenSSL for Blackfin uClinux in such a way that we can claim FIPS 140-2 validation. Quoting from   www.openssl.org/docs/fips/fipsnotes.html

 

The OpenSSL FIPS Object Module validation is unique among all FIPS 140-2 validations in that the product is "delivered" in source code form, meaning that if you can use it exactly as is and can build it (according to the very specific documented instructions) for your platform, then you can use it as validated cryptography on a "vendor affirmed" basis.

 

This is apparently being done for ARM (see   www.ucdot.org/articles/09/12/05/2337236.shtml and   www.mail-archive.com/openssl-users@openssl.org/msg59904.html). Does anyone know if the same process works for the Blackfin? The only other reference I can find to (the lack of) FIPS 140-2 validation for Blackfin is the note regarding the Crypto++ library at the end of   docs.blackfin.uclinux.org/doku.php?id=uclinux-dist:libs:crypto#fn__1.

 

The kernel config has an option for "FIPS 200 compliance". As far as I can tell, that is completely unrelated.

 

Thanks for any suggestions,

 

Steve

QuoteReplyEditDelete

 

 

2010-07-22 16:53:40     Re: FIPS 140-2 validation for OpenSSL on Blackfin uClinux?

Mike Frysinger (UNITED STATES)

Message: 91615   

 

i'm not aware of anything

QuoteReplyEditDelete

 

 

2010-07-22 18:01:21     Re: FIPS 140-2 validation for OpenSSL on Blackfin uClinux?

Robin Getz (UNITED STATES)

Message: 91617   

 

Steve:

 

Are you looking for something that is integrated into the dist - are you having issues with something?

 

-Robin

QuoteReplyEditDelete

 

 

2010-07-26 14:46:18     Re: FIPS 140-2 validation for OpenSSL on Blackfin uClinux?

Steve Strobel (UNITED STATES)

Message: 91737   

 

I was just wondering if anyone had done it or if there were any "show stoppers" that I was likely to run into.  The normal process for obtaining a validated build doesn't work when cross-compiling (it normally runs an executable built for the target, then uses the output of that run to build again), so the ARM folks figured out a workaround.  I haven't yet looked into how that might or might not work on Blackfin.

 

Steve

Attachments

    Outcomes