Add "unknown size" text

[openssl-web.git] / docs / fips.html

<!DOCTYPE html>
<html lang="en">
<!--#include virtual="/inc/head.shtml" -->
<body>
  <!--#include virtual="/inc/banner.shtml" -->
  <div id="main">
    <div id="content">
      <div class="blog-index">
        <article>
          <header><h2>FIPS-140</h2></header>
          <div class="entry-content">

            <p>For a basic introduction,
            <a href="#background">see below</a>.  Thanks to multiple platform
            sponsorships, the 2.0 validations include the largest number of
            formally tested platforms for any validated module.</p>

            <p>The most recent open source based validation of a cryptographic
            module (Module) compatible with the OpenSSL 1.0.1 and 1.0.2
            libraries is v2.0.16, FIPS 140-2 certificate <a
            href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>.
            This Module is documented in the
            <a href="fips/UserGuide-2.0.pdf">2.0 User Guide</a>;
            the <a href="/source/openssl-fips-2.0.16.tar.gz">source code</a>,
            and <a href="fips/SecurityPolicy-2.0.16.pdf">Security Policy</a>
            are also available.

            <p>
            For convoluted bureaucratic reasons, the same module is also
            available under the validations <a
            href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398">#2398</a>
            (revision 2.0.16) and <a
            href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2473">#2473</a>
            (revision 2.0.10).
            </p>

            <p>
            Here is the complete set of files. Note that if you are interested
            in the "1747" validation, you only need the three files mentioned
            above.</p>

            <table>
              <tr>
                <td>KBytes&nbsp;</td>
                <td>Date&nbsp;&nbsp;</td>
                <td>File&nbsp;</td>
              </tr>
              <!--#include virtual="fips.inc" -->
            </table>
            <p>&nbsp;</p>

            <h3><a name="background">Background</a></h3>

            <p>Please please read the <a
              href="fips/UserGuide.pdf">User Guide</a>.</p>

            <ul>

              <li>OpenSSL itself is not validated.  Instead a special
              carefully defined software component called the OpenSSL FIPS
              Object Module has been created.  This Module was designed for
              compatibility with OpenSSL so that products using the OpenSSL
              API can be converted to use validated cryptography with minimal
              effort.</li>

              <li>The OpenSSL FIPS Object Module validation is "delivered" in
              source code form, meaning that if you can use it exactly as is
              and can build it (according to the very specific documented
              instructions) for your platform, then you can use it as
              validated cryptography on a "vendor affirmed" basis.</li>

              <li>If even the tiniest source code or build process changes are
              required for your intended application, you cannot use the open
              source based validated module directly.  You must obtain your
              own validation.</li>

              <li>None of the validations will work with OpenSSL 1.1.0 or
              later.</li>

            </ul>

          </div>
          <footer>
            You are here: <a href="/">Home</a>
            : <a href=".">Docs</a>
            : <a href="">FIPS-140</a>
            <br/><a href="/sitemap.txt">Sitemap</a>
          </footer>
        </article>
      </div>
      <!--#include virtual="sidebar.shtml" -->
    </div>
  </div>
<!--#include virtual="/inc/footer.shtml" -->
</body>
</html>