SafeLogic Blog

FIPS Module 3.0 for OpenSSL 1.1 Update

Written by Mark Minnoch | Dec 22, 2016 6:20:55 PM

 

(L to R) Tony Busciglio (Acumen), Ashit Vora (Acumen), Mark Minnoch (SafeLogic), Steve Marquess (OpenSSL) Not pictured: Ryan Thomas (Acumen)

 

In December, Acumen Security hosted our kick-off meeting for the FIPS Module 3.0 validation effort. I was SafeLogic’s delegate, Steve Marquess represented OpenSSL, and Ashit Vora, Tony Busciglio, and Ryan Thomas attended for Acumen. With the expected adoption of TLS 1.3 and upcoming algorithm transition deadlines (outlined in NIST SP 800-131A), the OpenSSL-SafeLogic-Acumen Security partnership strives to deliver a FIPS module that works with OpenSSL 1.1 during the 2017 calendar year.

For this project to be successful, we will need additional Project Sponsors. Technology vendors that plan to deliver products using OpenSSL 1.1 in the future should consider sponsorship to support the effort. Financial contributions from Project Sponsors will help fund the engineers developing the code (OpenSSL) and the FIPS Laboratory (Acumen Security) for their validation testing services.

Here is the tentative schedule for the FIPS Module 3.0:

  • January 2017: Receive initial contributions from Project Sponsors
  • February 2017: Technical parameters locked in for development
  • March 2017: OpenSSL team begins development to meet FIPS requirements
  • May 2017: Development checkpoint
  • July 2017: SafeLogic reviews FIPS Module, finalizes FIPS 140-2 documentation
  • August 2017: Acumen submits FIPS 140-2 report to CMVP
  • October 2017: CMVP provides report comments to Acumen (2 month queue time expected)
  • November 2017: CMVP issues FIPS 140-2 certificate for FIPS Module 3.0 (for OpenSSL 1.1)

Important Notes:

1. Additional Project Sponsors are needed to make their initial contributions in January to begin the process on time.
2. All development and testing work is scheduled based upon sponsorship contributions being delivered as planned. Additional sponsors will mitigate risk of delays.
3. FIPS Module 3.0 Technical Objectives and Sponsorship information are available here: https://wiki.openssl.org/index.php/FIPS_module_3.0
4. Early releases of the FIPS code will be available from Github for public review and testing.
5. For a quick history of how the OpenSSL/SafeLogic/Acumen team came together, please see our July announcement.

How Can My Company Become a Sponsor?

Thank you for your interest! We welcome additional sponsors to support this crucial development for the community. Please contact us directly to discuss and stay tuned for additional updates here at the SafeLogic blog.