Document D-4991 August 2013 Case Study: OpenSSL 2012 Validation

August, 2013
IDA document: D-4991
FFRDC: Systems and Analyses Center
Type: Documents
Division: Information Technology and Systems Division
David A. Wheeler See more authors
This is a case study of the Federal Information Processing Standards (FIPS) 140-2 validation of the OpenSSL FIPS Object Module that led to certificate #1747 (initially awarded on June 27, 2012). This case study documents what happened during the validation, including identifying lessons learned for future projects. OpenSSL is a cryptographic library available through an open source software (OSS) license. The Defense Advanced Research Projects Agency (DARPA) provided funding for the evaluation of the OpenSSL FIPS module for two platforms in 2011 through 2012. Once DARPA committed to this initial funding, many other organizations (both government and private) joined the evaluation project by providing additional funding. Overall, this demonstrates that when organizations pool their resources, they can achieve far more than any one of them would have been willing to do on its own.