CMVP algorithm transitions can be a great source of anxiety for vendors who seek to attain or maintain compliance to the FIPS 140-2 and 140-3 standards. A great deal of diligence, patience and persistence are required to continually review and …
Entropy in OpenSSL 3.0
Vendors are increasingly looking to leverage OpenSSL 3.x as their cryptographic module of choice within their products. At the same time, entropy continues to a be a focus in both FIPS 140-3 and Common Criteria projects. For those transitioning from …
ESV and Me!
As of November 7, 2020, the Cryptographic Module Validation Program (CMVP) required that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance of the entropy source to NIST SP 800-90B, if the module is “either generating the …
Entropy Validation in FIPS 140-3 (ENT vs ESV)
To get an entropy source approved under FIPS 140-3 there are two options: ENT (P) or ENT (NP) entry on the FIPS module validation certificate (until October 1st, 2022) ESV certificate awarded by NIST’s Entropy Source Validation Testing (ESVT) This …
Five Steps to Algorithm (CAVP) Validations at Lightship
Algorithm validation testing is a critical path issue for FIPS 140-3 validations and for NIAP Protection Profile-based Common Criteria evaluations. Equipment vendors are often surprised at the level of effort and the potential challenges in successfully completing the algorithm testing …
OpenSSL and ACVP Parsing
OpenSSL is used in some part by an overwhelmingly large percentage of the enterprise vendor community. Those vendors which need to go through FIPS 140-2 or Common Criteria may find themselves needing to perform algorithm testing and may be presented …
Tutorial – Generating Test Vector Responses for CAVP Testing
In this short tutorial, we demonstrate how to generate the AES response files used in CAVP algorithm testing. The OpenSSL FIPS Object Module 2.0.16 is used for this demonstration.
Building the OpenSSL FIPS 140-2 Object Module
In a short video tutorial, Lightship Security walks viewers through the basic steps to build the OpenSSL FIPS 140‑2 (2.0.10) object module in accordance with the OpenSSL FIPS 140‑2 Security Policy.