FIPS-capable builds are not subject to any restrictions as to the algorithms they can implement. The only restriction is that, while in FIPS mode (enabled by FIPS_mode_set()), the code within the fipscanister is used for all cryptographic operations (including encryption, decryption, hashing, and random number generation).
When they're not in FIPS mode, they don't have to use the Module's code. This means that they can implement whatever they want. -Kyle H On Sun, Jan 11, 2009 at 9:28 AM, PGNet <pgnet.trash+...@gmail.com> wrote: > With the addition of fips object to the 'mix' of available build > options, is openssl configure with > > ./Configure ... enable-rc5 enable-mdc2 fips > (iiuc, CHANGES' stmt that 'idea' *is* enabled by default still holds?) > > sufficient to enable _all_ available algorithms, with the option to > disable per-algorithm still as <no-xxx>? > > Reading SecuritPolicy-1.2.pdf @ "4.5 Cryptographic Algorithms", I note, > > "The Module supports the following FIPS approved or allowed algorithms: ..." > > but am unclear as to which (any? all? none?) algos are enabled by > default, per specification. Is that specifically stated somewhere? > > Thanks. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
