ACVP Vector Test Harness for OSSL 3.x

Jonathan Plata and Greg McLearnACVP, Tools

Lightship has released, as open source, an ACVP vector test harness for OpenSSL 3.x. The code can be found in our GitHub repository at https://github.com/lightshipsec/ls-acvp-harness. The README.md contains the current capabilities which we expect to update and maintain. At the …

Vulnerabilities and Common Criteria

Greg McLearnCommon Criteria

No computing system is free from security vulnerabilities. Such flaws can manifest themselves within software, firmware and hardware implementations. Often the ease in widespread mitigation is based in part on whether a vendor can provide updates to software (relatively easy), …

OpenSSL and ACVP Parsing

Greg McLearnACVP, FIPS 140-2, Tools

OpenSSL is used in some part by an overwhelmingly large percentage of the enterprise vendor community. Those vendors which need to go through FIPS 140-2 or Common Criteria may find themselves needing to perform algorithm testing and may be presented …

Understanding the Scope of NDcPP Evaluations

Greg McLearnCommon Criteria

When first exposed to the Network Device collaborative Protection Profile (NDcPP), vendors are often surprised by the extremely narrow scope. It is critical to realize that the Protection Profile (PP) refers to an abstract “network device” with required functionality that …

Challenges in Fuzzing RFC 1149

Greg McLearnCommon Criteria, Humour

Conan Hoye and Greg McLearn contributed to this article. At Lightship, we test a lot of NDcPP-compliant products. As part of those evaluations, we are required, as per Appendix A in the Supporting Document, to perform network fuzzing against the …