[openssl-users] Openssl FIPS 186-4 Patch

Jakob Bohm jb-openssl at wisemo.com
Thu Oct 5 15:55:45 UTC 2017

On 05/10/2017 13:51, murugesh pitchaiah wrote:
> Hi All,
> I am looking for the FIPS 186-4 patch. I see it is not yet implemented
> in openssl FIPS 2.0
I assume FIPS 186-4 is the updated SHA standard that adds the SHA-3

In that case, that would be something that OpenSSL would first add to the
basic OpenSSL library (perhaps in version 1.1.x).

Once that is working as secure and tested (but not government "validated"),
OpenSSL could incorporate that into their upcoming FIPS-validation (which I
guess will become the "FIPS module 3.0").

The "FIPS validation" bureaucracy is such that even basic bug fixes are 
expensive and time consuming to get approved, thus adding new algorithms or
other new features inside the "boundary" of the FIPS module is not 
done under normal circumstances, and certainly not just to add another
algorithm that isn't used by many people yet to a FIPS module that is only
used by the OpenSSL 1.0.x library that they are trying to discontinue.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list