Ask for OpenSSL's compliance to FIPS

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Ask for OpenSSL's compliance to FIPS

joez-2
Hi list,

[Sorry for the repost, since I accidentally sent
 the unfinished version]

Just a dummy question about OpenSSL's compliance
to the FIPS standard:

  Is OpenSSL (0.9.7 series, 0.9.8a) is fully in
  coordination to the FIPS standard (e.g. 140-2)?
  (I mean the crypto modules)

In order to enable FIPS, one has to config the
build by adding "-DOPENSSL_FIPS", is this enough?

Thanks,
Joe







______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Ask for OpenSSL's compliance to FIPS

Dr. Stephen Henson
On Thu, Oct 27, 2005, [hidden email] wrote:

> Hi list,
>
> [Sorry for the repost, since I accidentally sent
>  the unfinished version]
>
> Just a dummy question about OpenSSL's compliance
> to the FIPS standard:
>
>   Is OpenSSL (0.9.7 series, 0.9.8a) is fully in
>   coordination to the FIPS standard (e.g. 140-2)?
>   (I mean the crypto modules)
>
> In order to enable FIPS, one has to config the
> build by adding "-DOPENSSL_FIPS", is this enough?
>

OpenSSL has not been certified but OpenSSL 0.9.7 (only) is currently under
test. The FIPS changes are not currently in 0.9.8 or later versions of
OpenSSL.

If all goes well a FIPS compliant 0.9.7 will be made available along with
various other documents detailing how a linked application can be made
compliant.

You have to (among other things) compile OpenSSL 0.9.7 with the "fips" option
to Configure and enable FIPS mode in the application. This places other
restrictions on the application (for example non-FIPS algorithms cannot be
used).

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]