Remove FAQ about PKCS12 macros

[openssl-web.git] / docs / fipsvalidation.html

<!DOCTYPE html>
<html lang="en">
<!--#include virtual="/inc/head.shtml" -->
<body>
  <!--#include virtual="/inc/banner.shtml" -->
  <div id="main">
    <div id="content">
      <div class="blog-index">
        <article>
          <header><h2>OpenSSL and FIPS 140-2</h2></header>

          <div class="entry-content">
            <p>The most recent open source based validation of a cryptographic
            module (Module) compatible with the OpenSSL libraries is v2.0.9,
            FIPS 140-2 certificate <a
            href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747">#1747</a>.
            This Module is documented in the
            <a href="fips/UserGuide-2.0.pdf">2.0 User Guide</a>. It substantially
              updates and improves the earlier v1.2 module, FIPS 140-2
              certificate
            <a
              href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1051">#1051</a>,
            which is documented in the
            <a href="fips/UserGuide-1.2.pdf">1.2 User Guide</a>.</p>

            <p><strong>Important Note:</strong>
            Due to new requirements introduced in 2013 the current v2.0 Module
            is no longer suitable as a reference for private label
            validations; see the <a
            href="https://www.openssl.com/fips/ig95.html">I.G. 9.5 FAQ</a>.
            Due to earlier changes in the FIPS 140-2 validation requirements
            the v1.2 Module is no longer be a suitable model for private label
            validations in its current form past the year 2010; see the NIST <a
              href="http://csrc.nist.gov/groups/STM/cmvp/notices.html">Notices</a>,
            <a
              href="http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf">discussion paper</a>
            and <a
              href="http://csrc.nist.gov/publications/drafts/800-131/draft-800-131_transition-paper.pdf">Draft 800-131</a>.</p>

            <h3>Sponsors</h3>
            <p>The OpenSSL FIPS Object Module validations receive support
            from multiple sources for each validation effort; however only
            those sponsors who have elected to be recognised for their
            contribution to OpenSSL are listed below.</p>

            <hr>
            <a href="http://www.darpa.mil/Our_Work/I2O/Programs/Transformative_Apps.aspx">Defense Advanced Research Projects Agency (DARPA) Transformative Apps Program</a>,
            original primary sponsor of the overall validation with several Android on ARMv7 platforms.

            <hr>
            <a href="http://www.securenetterm.com/">Intersoft International, Inc.</a>,
            platform sponsor (VC++ Win32/x86 asm optimisation)

            <hr>
            <img src="/img/opengear-logo-med.jpg">
            <a href="http://www.opengear.com/">Opengear, Inc.</a>, platform sponsor
            (uCLinux ARMv4 asm optimisation)

            <hr>
            <img src="/img/quintessence-logo-med.jpg">
            <a href="http://www.quintessencelabs.com/">QuintessenceLabs Pty Ltd</a>,
            platform sponsor (Fedora 14 x86-64 asm optimisation)

            <hr>
            <img src="/img/pkware-logo-med.jpg">
            <a href="https://www.pkware.com/">PKWARE, Inc.</a>, platform sponsor
            (HPUX 11i on Itanium 32, 64 bit with asm optimisation)

            <hr>
            <img src="/img/cerberus-logo-med.jpg">
            <a href="https://www.cerberusftp.com/">Cerberus, LLC</a>, general sponsor
            <hr>
            <img src="/img/DHS-logo-med.jpg">
            <a href="http://www.cyber.st.dhs.gov/host.html">DHS Science and Technology Directorate-sponsored Homeland Open Security Technology (HOST) program</a>,
            algorithm sponsor (CMAC, AES-CCM)

            <hr>
            <img src="/img/innominate-logo-med.jpg">
            <a href="https://www.innominate.com/">Innominate Security Technologies AG</a>,
            platform sponsor (Linux on Freescale MPC8313)

            <hr>
            <img src="/img/psw-logo-med.jpg">
            <a href="http://www.psw.net/">PSW GROUP</a>,
            general sponsor

            <hr>
            <img src="/img/citrix-logo-med.jpg">
            <a href="https://www.citrix.com/">Citrix Systems, Inc.</a>,
            platform sponsor (multiple platforms)

            <hr>

            <p>If you have an interest in sponsoring any changes or additions
            to this validation please contact <a
              href="https://openssl.com/fips">OpenSSL Validation Services</a>.</p>
            <p>Some commercial software vendors ask us "what do we gain from
            sponsoring a validation that our competition can also use?".  Our
            answer is "nothing, if you think in terms of obstructing your
            competition".  If, on the other hand, you compete primarily on the
            merits of your products then what others may do with the validation is
            less of a threat as they derive no more advantage from it than you
            do.  Your advantage is that your sponsorship will probably cost
            less that the commercial software license you would otherwise have
            to buy, and you will retain backwards compatibility with the
            regular OpenSSL API while avoiding vendor lock-in.</p>
          </div>
          <footer>
            You are here: <a href="/">Home</a>
            : <a href=".">Documentation</a>
            : <a href="">OpenSSL and FIPS 140-2</a>
            <br/><a href="/sitemap.txt">Sitemap</a>
          </footer>
        </article>
      </div>
      <!--#include virtual="sidebar.shtml" -->
    </div>
  </div>
<!--#include virtual="/inc/footer.shtml" -->
</body>
</html>