Hello All,
The above news says that the library in version 0.9.7b of OpenSSL was validated--FIPS serves as validation only for encryption modules, not entire software packages.
Does this mean that OpenSsl has to get FIPS certification for each and every new version of OpenSsl released ?
Regards,
Prashant.
"Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
On Thu, Feb 24, 2005, prakash babu wrote:
> Hello All,
>
> i. OpenSSL 0.9.7e supports FIPS-140.
>
It doesn't. It hasn't been certified yet.
> ii. OpenSSL contains the FIPS 140 specific cryptographic API and algorithm implementations only for low level algorithms (RSA, AES, 3DES, DSA, SHA-1) in the fips subdirectory.
>
> iii. When we build OpenSSL with FIPS support the FIPS implementations of the above algorithms and the normal implementations for the other algorithms are added to the crypto library.
>
> My question is
>
> Can we call this crypto library FIPS compliant (or) should we disable the unsupported algorithms using no-to call it FIPS compliant ?
>
FIPS compliant libraries frequently contain non-FIPS algorithms. In fact MD5
is madatory for SSL/TLS and that is not FIPS.
When OpenSSL is compiled with fips the resulting library can be used in FIPS
and non FIPS applications.
A FIPS application will need to take additional steps (such as setting FIPS
mode) and after that the use of non-FIPS algorithms is disabled. Any attempt
to use them in an application will result in an error condition.
The precise steps you need to take will be detailed in a security policy
document which will be published after certification.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search. Learn more.
