Does OpenSSL FIPS modules only affect libcrypto.so

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/19/2016 01:41 PM, security veteran wrote:
> Thanks Steve.
> 
> So basically the idea is to allow companies build the OpenSSL with FIPS
> modules in their product and ship only this version of OpenSSL to all
> their customers. For the customers who don't need FIPS, then just simply
> keep the FIPS mode disabled and then the OpenSSL will behave just like
> there's no FIPS module exist. Is that correct?
> 
> ...

That is correct.

After the #1747 validation was approved the CMVP introduced a new
requirement that the POST be unconditional, which would conflict with
that objective (to some extent anyway, by forcing the POST to even in
the more common case where FIPS 140-2 was not desired). So that design
objective will not be fully achievable in future validations.

-Steve M.

-- 
Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux