When the current effort to obtain a FIPS 140-2 validation began in January we announced an expected completion in Q4 of this year, based on our planned strategy of developing the FIPS module first, submitting it for validation, and then developing the corresponding "FIPS capable" OpenSSL 1.0.x.
The FIPS module development is now essentially complete, and we were preparing to actively engage the test lab in the validation review process. However, our primary sponsors have requested a change in the original project strategy. We have been asked to implement some additional cryptographic algorithms and to focus on early release of a working FIPS module plus FIPS capable OpenSSL combination, at the expense of the formal validation award. That working code (less the new cryptographic algorithms which will not be of significant interest to most users) will be available sooner than originally planned. We have now shifted our resources to completing the FIPS capable development. That effort is expected to be substantially complete in approximately three weeks, at which point the results will be available for testing by any interested parties. Next we will implement the new cryptographic algorithms, an effort expected to take another 4-6 weeks, at which point we will then commence the FIPS validation review process with the test lab. As a consequence of this new project strategy we are now predicting availability of the formally validated module in early 2012. To summarize: 1) Working but unvalidated code should be available within a month. 2) The formally validated module should be available by Q1 2012. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marqu...@opensslfoundation.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org