Hi, We are in the process of validating our product to FIPS 140-2 level 3. The product is based on OpenSSL FIPS Object Module v2.0.2. I have a question/concern with regard to the latest Summary of SP 800-131A and FIPS 186-2 to FIPS 186-4 Transitions document from the CAVP. Please correct me where I make a mistake in my thinking:
1. The OpenSSL FIPS Object Module is only validated for RSA [FIPS 186-2] 2. According the SP 800-131A it means that NIST will not validate any new requests starting from this year with that implementation - right? 3. Our product is now ready for testing, so does that mean we will not succeed? 4. Can I still do a "Platform Validation" so as to OEM certificate #1747 algorithm certificate numbers? 5. If successful will/should the testing company accept those certificate numbers? 6. Will/Should the testing company continue to validate the rest of the system and continue to submit for validation? Any advise on howto validate this product? Thanks for your time LJB