generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated FIPS status

Browse Source
This commit is contained in:
Dr. Stephen Henson 2011-04-06 13:40:36 +00:00
parent 42bd0a6b3c
commit 161cc82df1
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.FIPS
View File

@ -44,11 +44,14 @@ Known issues:
Algorithm tests are pre-2011. Algorithm tests are pre-2011.
The fipslagtest.pl script wont auto run new algorithm tests such as DSA2. The fipslagtest.pl script wont auto run new algorithm tests such as DSA2.
Usage of ECDH/DH needs review and adding appropriate self tests. Usage of ECDH/DH needs review and whether any KDFs need to be implemented.
Selftests need updating with larger key sizes in some cases and redundant Selftests need updating with larger key sizes in some cases and redundant
tests pruned. tests pruned.
SP800-90 DRBG needs more work: health checks, continuous PRNG test, SP800-90 DRBG needs more work: check for compliance, continuous PRNG test
entropy gathering, security checks in algorithms, add appropriate RAND method when entropy gathering, periodic health tests.
for use by rest of OpenSSL. Some algorithms need to check security strength of PRNG: keygen etc.
No CMAC.
No CCM. No CCM.
No XTS.
The "FIPS capable OpenSSL" is not yet complete: meaning that the rest of
OpenSSL doesn't always use the correct FIPS module APIs and block others
in FIPS mode.