The branch master has been updated via 53cc720aa09a60463d62d184ab6e23baccef5e71 (commit) via 7c369dac41a2f5a25d3533932686c860958b2643 (commit) via fb942af17ae8fff1e18939d57676678931e9b7e4 (commit) via a1a3195d8d9abdbc5238618b23f73cb774262d09 (commit) via 91ca9441703a779d4c065dc181653410914ee6f2 (commit) from 50ac168c298eedf5aced96da0b6eff5aee57b9fd (commit)
- Log ----------------------------------------------------------------- commit 53cc720aa09a60463d62d184ab6e23baccef5e71 Merge: 50ac168 7c369da Author: Mark J. Cox <mark...@gmail.com> Date: Tue Sep 18 14:07:12 2018 +0100 Merge pull request #77 from iamamoose/oss Merge information from openssl.com and about OSS into main site commit 7c369dac41a2f5a25d3533932686c860958b2643 Author: Mark J. Cox <m...@awe.com> Date: Tue Sep 18 13:09:05 2018 +0100 Update to the latest OSS bylaws commit fb942af17ae8fff1e18939d57676678931e9b7e4 Author: Mark J. Cox <m...@awe.com> Date: Tue Sep 18 11:04:31 2018 +0100 Add verify CD image commit a1a3195d8d9abdbc5238618b23f73cb774262d09 Author: Mark J. Cox <m...@awe.com> Date: Tue Sep 18 11:03:45 2018 +0100 Add the page from http://openssl.com/verifycd.html but update to show we do not accept US cheques/checks at this time. commit 91ca9441703a779d4c065dc181653410914ee6f2 Author: Mark J. Cox <m...@awe.com> Date: Tue Sep 18 10:49:41 2018 +0100 Add OSS bylaws and details of OSS to the contact page rather than using openssl.com which we should deprecate. Bring wording for FIPS in line with what we used on openssl.com ----------------------------------------------------------------------- Summary of changes: community/contacts.html | 19 ++++++++---- docs/fips/verifycd.html | 81 ++++++++++++++++++++++++++++++++++++++++++++++++ docs/fips/verifycd.jpg | Bin 0 -> 20887 bytes policies/oss-bylaws.pdf | Bin 0 -> 38884 bytes 4 files changed, 94 insertions(+), 6 deletions(-) create mode 100644 docs/fips/verifycd.html create mode 100644 docs/fips/verifycd.jpg create mode 100644 policies/oss-bylaws.pdf diff --git a/community/contacts.html b/community/contacts.html index 5c6f6a6..8c0820e 100644 --- a/community/contacts.html +++ b/community/contacts.html @@ -17,10 +17,21 @@ (US) non-profit corporation with its own <a href="/policies/osf-bylaws.pdf">bylaws</a>.</p> + <p><em>OpenSSL Software Services</em> + (OSS) also represents the OpenSSL project, for + <a href="/support/contracts.html">Support Contracts</a>, and + as the + Vendor of Record for NIST Cryptographic Module + <a + href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1747">#1747</a> + (This is an open-source validation of <a href="/docs/fips.html">FIPS-140</a> based on OpenSSL). + It is a Delaware (US) corporation with its own <a + href="/policies/oss-bylaws.pdf">bylaws</a>.</p> + <p> - The best way to contact OSF is by sending an email to + The best way to contact OSF or OSS is by sending an email to <a href="mailto:osf-cont...@openssl.org">osf-cont...@openssl.org</a>. - For postal or telephone contact, use the following: + For postal contact, use the following: <blockquote> 40 E Main St, Suite 744<br> @@ -29,10 +40,6 @@ </blockquote> </p> - <p><a href="https://www.openssl.com">OpenSSL Software Services</a> - (OSS) also represents the OpenSSL project, most notably as the - Vendor of Record for the FIPS validation.</p> - </div> <footer> You are here: <a href="/">Home</a> diff --git a/docs/fips/verifycd.html b/docs/fips/verifycd.html new file mode 100644 index 0000000..a30a9c1 --- /dev/null +++ b/docs/fips/verifycd.html @@ -0,0 +1,81 @@ +<!DOCTYPE html> +<html lang="en"> +<!--#include virtual="/inc/head.shtml" --> +<body> + <!--#include virtual="/inc/banner.shtml" --> + <div id="main"> + <div id="content"> + <div class="blog-index"> + <article> + <header><h2>FIPS 140-2 verification of the OpenSSL FIPS Object Module source distribution file</h2></header> + <div class="entry-content"> + + <p> + <img src="./verifycd.jpg" align="left" border="0" alt="image of CD label" width="200" height="200"> + The latest of the OpenSSL FIPS Object Module ("FIPS module") + FIPS 140-2 validations saw the introduction of a new requirement + by the CMVP: + <blockquote> + <em>The distribution tar file, shall be verified using an + independently acquired FIPS 140-2 validated cryptographic + module...</em> + </blockquote> + Some prospective users of the OpenSSL FIPS Object Module 2.0 already + have ready access to an existing securely-installed software product + using FIPS 140-2 validated cryptography that is capable of calculating + the HMAC-SHA-1 digest of a file on disk, in which case satisfying this + requirement is easy (simply calculate the HMAC-SHA-1 digest of the + source distribution file using the key <code>"etaonrishdlcupfm"</code> + and confirm it is that same as documented in the <a + href="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm">Security Policy</a> + document (e.g., <code>"2cdd29913c6523df8ad38da11c342b80ed3f1dae"</code> for + <em>openssl-fips-2.0.tar.gz</em>). + </p> + + <p>For most prospective users the identification, acquisition, + installation, and configuration of a suitable product may be a challenge. + (See Section 6.6 of our FIPS + <a href="/docs/fips/UserGuide-2.0.pdf">User + Guide</a>) + The requirement for this verification with an independently acquired + FIPS 140-2 validated cryptographic module does not apply when the + distribution file is distributed using a "secure" means. Distribution + on physical media is considered secure in this context, so as a + convenience a copy of the distribution files can be obtained from + <a href="/community/contacts.html">OSS</a> as a CD-ROM disks via postal mail.</p> + + <p>The fee for this is $100 in US Dollars. At this time we are only able + to accept US wire transfers. + Email us at <a href="mailto:osf-cont...@openssl.org">osf-cont...@openssl.org</a> + and we will send you our ABA and account information. + <b>We cannot do credit cards, purchase orders, or anything other + than a US-based bank transfer at this time.</b> + We can mail internationally (the CD contains only open source code + and so may be exported under the TSU exception of EAR ECCN 5D002). + It will take a week or two to process your order.</p> + + <p>Note that the files you will receive on these CDs will be + <em>identical</em> in every respect (except for formal FIPS 140-2 + compliance) with the files you can download from <a + href="/source/">https://www.openssl.org/source/</a> + Once the distribution files have been received on this CD + they can be redistributed internally within an organizational + entity (corporation, institution, or agency) by normal means. + </p> + + </div> + <footer> + You are here: <a href="/">Home</a> + : <a href="../">Docs</a> + : <a href="../fips.html">FIPS</a> + : <a href="">FIPS-140 Verify CD</a> + <br/><a href="/sitemap.txt">Sitemap</a> + </footer> + </article> + </div> + <!--#include virtual="sidebar.shtml" --> + </div> + </div> +<!--#include virtual="/inc/footer.shtml" --> +</body> +</html> diff --git a/docs/fips/verifycd.jpg b/docs/fips/verifycd.jpg new file mode 100644 index 0000000..1037cb4 Binary files /dev/null and b/docs/fips/verifycd.jpg differ diff --git a/policies/oss-bylaws.pdf b/policies/oss-bylaws.pdf new file mode 100644 index 0000000..fc4fb65 Binary files /dev/null and b/policies/oss-bylaws.pdf differ _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits