I am trying to understand how validation #1747 is affected by the key wrapping transition. As far as I can tell, the FIPS module does not contain a key wrapping algorithm per se but only provides approved methods that a key wrapping algorithm could use.
Does FIPS 2.0 contain approved methods in order to implement a key wrapping algorithm compliant with SP 800-38f? Is FIPS_evp_des_ede3_cbc not sufficient? If not, why would the absence of that push validation #1747 to the Historical list? I am not seeing a claim the key wrapping is covered in validation #1747 or any code inside the module that implements something that is now deprecated. Is it at all possible to implement a compliant key wrapping method in the FIPS capable code using approved methods? I realize if this was possible it probably would have been done already. I am just hoping to understand the issues surrounding this. Thanks for your help! Zeke Evans Senior Software Engineer Micro Focus From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich via openssl-users Sent: Friday, February 02, 2018 5:26 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] FIPS 140-2 key wrapping transition The OpenSSL FIPS Validation #1747 is affected by the key wrapping transition and will therefore be moved to Historical at some point. As we’ve said, FIPS will be the focus of our next feature release after 1.1.1 (TLS 1.3).
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
