David Stutzman wrote:
From the PDF (CMVP = Cryptographic Module Validation Program for those
that don't know. http://csrc.nist.gov/cryptval/ or
http://www.csrc.nist.gov/pki/PKITesting.html):
"The CMVP allows user porting of a validated software cryptographic
module on an OS(s) and/or GPC(s) which were not included as part of the
validation testing. The validation status is maintained on the new OS(s)
and/or GPC without re-testing the cryptographic module on the new OS(s)
and/or GPC(s). However, the CMVP makes no statement as to the correct
operation of the module when executed on an OS(s) and/or GPC(s) not
listed on the validation certificate."
After reading that passage it would seem you are correct. Good info
since this applies to any open-source validated product.
Some more information on this topic.
Some tests require the testing lab to inspect the
source code (which we provided in the LXR format).
I suspect the same amount of code inspection is
done in "source validation" and "binary validation".
We've always validated NSS (binaries) on many platforms.
Many software crypto modules are validated on only
one platform.
Wan-Teh
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
