[openssl-users] Openssl FIPS 186-4 Patch

murugesh pitchaiah murugesh.pitchaiah at gmail.com
Fri Oct 6 05:58:04 UTC 2017


Hi Jacob,

Thanks for looking into this.
This FIPS186-4 is not just about SHA. It basically about the key
generation parameters. Especially I am looking for RSA key generation
parameters wrt FIPS 186-4.

Thanks,
Murugesh P.


On 10/5/17, Jakob Bohm <jb-openssl at wisemo.com> wrote:
> On 05/10/2017 13:51, murugesh pitchaiah wrote:
>> Hi All,
>>
>> I am looking for the FIPS 186-4 patch. I see it is not yet implemented
>> in openssl FIPS 2.0
> I assume FIPS 186-4 is the updated SHA standard that adds the SHA-3
> specification.
>
> In that case, that would be something that OpenSSL would first add to the
> basic OpenSSL library (perhaps in version 1.1.x).
>
> Once that is working as secure and tested (but not government "validated"),
> OpenSSL could incorporate that into their upcoming FIPS-validation (which I
> guess will become the "FIPS module 3.0").
>
> The "FIPS validation" bureaucracy is such that even basic bug fixes are
> very
> expensive and time consuming to get approved, thus adding new algorithms or
> other new features inside the "boundary" of the FIPS module is not
> something
> done under normal circumstances, and certainly not just to add another
> algorithm that isn't used by many people yet to a FIPS module that is only
> used by the OpenSSL 1.0.x library that they are trying to discontinue.
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>


More information about the openssl-users mailing list