On Fri, Sep 05, 2003 at 04:15:22PM -0400, Anton Stiglic wrote:
> You are correct, I just saw Crypto++ in the list of FIPS 140 validated 
> modules:
> http://csrc.nist.gov/cryptval/140-1/140val-all.htm
> It is the latest entry, added today.
> Congratulations to Wei Dai!

Thanks! Also thanks to Groove Networks (the company I work for) for 
spending the money to do the validation.

> OpenSSL`s *source code* being evaluated remains exiting.

If OpenSSL source code gets validated, I'm going to be very surprised. 
NIST told us in no uncertain terms that only compiled executable code 
could be validated. In fact they wouldn't even validate Crypto++ as a 
static library despite an earlier verbal agreement that a static 
library was ok. It had to be turned into a DLL at the last moment (i.e. 
during the review phase).

(We wanted to avoid making a DLL from Crypto++ since it has so many 
algorithms. With a static library the linker would only bring in the 
algorithms you use, but a DLL has to contain a pre-selected set of 
algorithms. I ended up putting only FIPS Approved algorithms in the 
DLL, and made a second static library that contains only 
non-Approved algorithms, so that both could be used together.)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to