projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
42bd0a6
)
updated FIPS status
author
Dr. Stephen Henson
<steve@openssl.org>
Wed, 6 Apr 2011 13:40:36 +0000
(13:40 +0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Wed, 6 Apr 2011 13:40:36 +0000
(13:40 +0000)
README.FIPS
patch
|
blob
|
history
diff --git
a/README.FIPS
b/README.FIPS
index 5197276740af8cec5c980693b6204b07b2287ca0..5c5fa295ceccbe6bc81a8d74dc3a41505107157d 100644
(file)
--- a/
README.FIPS
+++ b/
README.FIPS
@@
-44,11
+44,14
@@
Known issues:
Algorithm tests are pre-2011.
The fipslagtest.pl script wont auto run new algorithm tests such as DSA2.
Algorithm tests are pre-2011.
The fipslagtest.pl script wont auto run new algorithm tests such as DSA2.
-Usage of ECDH/DH needs review and
adding appropriate self tests
.
+Usage of ECDH/DH needs review and
whether any KDFs need to be implemented
.
Selftests need updating with larger key sizes in some cases and redundant
tests pruned.
Selftests need updating with larger key sizes in some cases and redundant
tests pruned.
-SP800-90 DRBG needs more work: health checks, continuous PRNG test,
-entropy gathering, security checks in algorithms, add appropriate RAND method
-for use by rest of OpenSSL.
-No CMAC.
+SP800-90 DRBG needs more work: check for compliance, continuous PRNG test
+when entropy gathering, periodic health tests.
+Some algorithms need to check security strength of PRNG: keygen etc.
No CCM.
No CCM.
+No XTS.
+The "FIPS capable OpenSSL" is not yet complete: meaning that the rest of
+OpenSSL doesn't always use the correct FIPS module APIs and block others
+in FIPS mode.