(OpenSSL includes multiple DES/3DES > implementations.) Tim misread the DES self-test implementation look at the fourth argument to the DES_ebb_encrypt() function which is used for both encryption and decryption. FIPS 140-2 does not require that the APIs of the validated module be used directly by
From what I've read, it seems that OpenSSL's crypto library implements many algorithms, and the FIPS 140-2 Object Module covers a subset of those algorithms. Further, it seems that Suite B is an even smaller subset of the FIPS 140-2 certified algorithm list. FIPS basics - McAfee ePolicy Orchestrator 5.10.0 FIPS 140-2 is a government standard for encryption and cryptographic modules where each individual encryption component in the overall solution requires an independent certification. Federal Information Processing Standard 140-2 specifies requirements for hardware and software products that implement cryptographic functionality. Clusters (Administrator's Guide) — MarkLogic 10 Product OpenSSL FIPS 140-2 Mode MarkLogic Server uses FIPS-capable OpenSSL to implement the Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1) protocols. When you install MarkLogic Server, FIPS mode is enabled by default and SSL RSA keys are … Geek Igor: FIPS compliant crypto in golang Dec 15, 2019
The OpenSSL library has a special FIPS mode that has been certified to meet the FIPS 140-2 standard. In FIPS mode, only algorithms and key sizes that meet the FIPS 140-2 standard are enabled by the library. MariaDB does not yet support enabling FIPS mode within the database server. See MDEV-20260 for more information. Therefore, if you would
The FIPS_mode () function is used to determine the current FIPS 140-2 mode of operation by a program utilizing the services of the validated library. The library must have been built with the FIPS Object Module, and the FIPS Object Module must have been acquired, built, and …
Configure MongoDB for FIPS — MongoDB Manual
@JosephConway - OpenSSL may be providing FIPS validated cryptography, but that does not mean Postrgres is using it. If Postgres is still using MD5, then they certainly are not complying with FIPS 140-2. There's only one MD5 exception I am aware, and that is the PRF function in TLS. The only way to know for certain is to audit Postgres. What is the relationship between Suite B and FIPS 140-2? From what I've read, it seems that OpenSSL's crypto library implements many algorithms, and the FIPS 140-2 Object Module covers a subset of those algorithms. Further, it seems that Suite B is an even smaller subset of the FIPS 140-2 certified algorithm list. FIPS basics - McAfee ePolicy Orchestrator 5.10.0 FIPS 140-2 is a government standard for encryption and cryptographic modules where each individual encryption component in the overall solution requires an independent certification. Federal Information Processing Standard 140-2 specifies requirements for hardware and software products that implement cryptographic functionality. Clusters (Administrator's Guide) — MarkLogic 10 Product