The OpenSSL Management Committee (OMC) on behalf of the OpenSSL Project would
like to formally express its thanks to the following organisations
for agreeing to sponsor the next
FIPS validation effort: Akamai Technologies, Blue Cedar, NetApp, Oracle, VMware.
Four weeks ago, the OpenSSL team gathered with many of the organisations
sponsoring the next FIPS module for a face-to-face meeting in Brisbane,
Australia.
We got a great deal accomplished during that week. Having most of
the fips-sponsor organisations in the same location helps ensure that
we are all on the same page for the decisions we need to make going forward.
The fips-sponsor gathering (hosted by Oracle, Brisbane) involved a diverse
group of people:
It has been more than seven years since the commencement of the previous
FIPS140 module work and many things have changed during that time, both
in terms of requirements of the Cryptographic Module Validation Program
(CMVP) and the OpenSSL code base.
For the current validation effort, input and assistance from a small
group (the five fips-sponsors) is essential to achieving the outcomes of
the project in this area - a validated module that is usable
by itself and can also form the foundation for other companies to perform
their own validations for any areas where there are specific requirements
outside the general scope.
As the project moves from high-level design to detailed design,
prototyping, development, testing, documentation and quality assurance,
we plan to make information available to the OpenSSL community for review
and comment - as the next FIPS140 module will be substantially different
to the previous approaches.
We are mindful of the end-of-life date for OpenSSL-1.0.2 (31-Dec-2019)
and the end-of-life (sunset date) of the existing OpenSSL FIPS Object
Object (29-Jan-2022) and our objective remains to have a validated
cryptographic module in place well before 31-Dec-2019.
https://www.openssl.org/blog/blog/2018/09/25/fips/