FIPS 140-2 validation and the OpenSSL FIPS Object Module

The OpenSSL FIPS Object Module ("FIPS module") is a special software product designed to meet the requirements for FIPS 140-2 validation by the CMVP. There requirements are unusual from a software engineering perspective, and have very substantially affected the form and function of the FIPS module.

The FIPS module was designed for use with the OpenSSL toolkit and library in environments where use of FIPS 140-2 validated cryptography is mandated. Note the FIPS module is not really not appropriate for where such use is not mandated as it does not have any technical virtues (security, performance, maintainability) with respect to the equivalent stock OpenSSL distributions.

The FIPS module can use used directly at no cost under an open source license, or can be used as a reference model for a "private label" (copycat) validation.

Notes about the FIPS module validations:

• A general overview of OpenSSL and FIPS 140-2.

• How to obtain the snail-mailed CD required for the latest validation.

• The Implementation Guidance 9.5 issue that makes private label validations infeasible as of January 2013.

• Current status and sponsors of the most recent validation.

• A brief history of the OpenSSL FIPS Object Module validations.

• Technical notes and data for the OpenSSL FIPS Object Module 2.0.

• Technical notes and data for the OpenSSL FIPS Object Module 1.2.