I am trying to understand how validation #1747 is affected by the key wrapping transition. As far as I can tell, the FIPS module does not contain a key wrapping algorithm per se but only provides approved methods
that a key wrapping algorithm could use.
Does FIPS 2.0 contain approved methods in order to implement a key wrapping algorithm compliant with SP 800-38f? Is FIPS_evp_des_ede3_cbc not sufficient?
If not, why would the absence of that push validation #1747 to the Historical list? I am not seeing a claim the key wrapping is covered in validation #1747 or any code inside the module that implements something
that is now deprecated.
Is it at all possible to implement a compliant key wrapping method in the FIPS capable code using approved methods? I realize if this was possible it probably would have been done already. I am just hoping
to understand the issues surrounding this.
Thanks for your help!
Senior Software Engineer
From: openssl-users [mailto:[hidden email]]
On Behalf Of Salz, Rich via openssl-users Sent: Friday, February 02, 2018 5:26 PM To:[hidden email] Subject: Re: [openssl-users] FIPS 140-2 key wrapping transition
The OpenSSL FIPS Validation #1747 is affected by the key wrapping transition and will therefore be moved to Historical at some point.
As we’ve said, FIPS will be the focus of our next feature release after 1.1.1 (TLS 1.3).