On 27/01/2010 15:34, Garrett D'Amore wrote: > Looks like its a straight-forward enhancement. Too bad OpenSSL won't > get it. I'm assuming that these algorithms are not approved for use in > any FIPS 140-2 compliant situation?
ECDSA should be covered by FIPS 140-2, since FIPS 186-3 specifies this. ECMQV and EC DH are outside of FIPS but allowed to be exported from a FIPS 140-2 validated module. Mozilla NSS already has a FIPS 140-2 validation and is in the process (I believe) of refreshing that, according to https://wiki.mozilla.org/FIPS_Validation that refresh should include ECDSA. Similarly if/when the core Solaris crypto framework ever does a FIPS 140 validation then the relevant Elliptic Curve functionality will very likely be included (I see no reason for us not to include it in other words, particularly since it is the same code base as the Mozilla NSS Elliptic Curve). -- Darren J Moffat
