> Thanks for the reply. I am trying to understand whether FIPS 180-2 or > FIPS 180-3 is supported in OpenSSL 1.0.1. CHANGES document in > OpenSSL claims the support for FIPS 180-2. However CH is defined in > SHA-256 is #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) in > SHA-256.c . This is as per FIPS 180-3 standard. As per FIPS 180-2 > this should been #define Ch(x,y,z) (((x) & (y)) ^ ((x) & (z)) > . And if I am right this is only difference for SHA-256 > implementation across FIPS 180-3 and FIPS 180-2 standard.
My copy of FIPS180-2 says Ch(x,y,z) = (x^y)(+)(~x^z), so does FIPS180-3 and FIPS180-4. SHA256/512 was first defined in FIPS180-2 and has *not* since changed as suggested. Just in case, (x^y)(+)(~x^z) reads (x&y)^(~x&z) in C, which is the actual macro. It should be noted that there are alternative ways to perform Ch (as well as Maj)... ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
