Mathias Brossard wrote: > On Fri, 2003-09-05 at 11:55, Ben Laurie wrote: > >>>- What version of OpenSSL does it correspond to? 0.9.7b? >> >>"Yes, and the FIPS specific routines will be carried forward in future >>OpenSSL releases. Only the "cryptographic module" containing the >>relevant cryptographic module implementations is certified, not the >>larger OpenSSL distribution which can change without affecting the >>certification." > > > Out of curiosity, which cryptographic module are certified ?
None, yet, but those that we are shooting for are... > A quick > google, tells me the list of approved "security functions" should be > approximately: > - Symmetric: AES, DES, 3DES, Skipjack AES, DES, 3DES (2 and 3-key modes). > - Asymmetric: DSA, RSA, ECDSA Not my understanding. Anyway, DSS only. RSA can't be, and ECDSA we aren't doing. > - Message Authentication: DES MAC, Triple DES MAC Nope. > - Hash: SHA-1 Yep. > - Keyed Hash: HMAC Nope. > - RNG: FIPS 186-2 (Appendix 3.1 & 3.2), ANSI X9.31 and ANSI X9.62 X9.17. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]