Question on RSA/FIPS186-4.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Question on RSA/FIPS186-4.

Kumar Venkatarao
Hi,

I am working on FIPS certification (v2.0.16). I’ve few questions w.r.t RSA
And FIPS 186-4.  We are using OpenSsl 1.0.2n With FIPS v2.0.16.

I’ve browsed through some articles/discussions on the subject and
As I understand, the OpenSSL doesn’t support RSA FIPS 186-4 standard.
It supports FIPS 186-2 standard.

The questions are –

1. Do we plan to support this in releases that are close (Say Sep, 2018) ?
2. There are also talks about RSA FIPS 186-4 being available with redhat, suse
Distributions. Since the FIPS build process, recommends the integrity checks
To be done at source code, object and load times, I am not sure, if this
Is recommended ?

Can your team recommend us ways of getting around RSA FIPS 186-4 certification ?

Thanks
Kumar



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Question on RSA/FIPS186-4.

OpenSSL - User mailing list
>    1. Do we plan to support this in releases that are close (Say Sep, 2018) ?

No.

>    2. There are also talks about RSA FIPS 186-4 being available with redhat, suse
    Distributions. Since the FIPS build process, recommends the integrity checks
    To be done at source code, object and load times, I am not sure, if this
    Is recommended ?

I do not know if you can mix and match FIPS implementations. I know that you cannot change anything in the OpenSSL code (for example, to call "out and over" to someone else's implementation).
 
>    Can your team recommend us ways of getting around RSA FIPS 186-4 certification ?

It seems that the most straightforward way is to use one of those implementations that has the algorithms you need.

OpenSSL is working on a new validation, no details (such as specific algorithms) are available yet.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users