Re: FIPS 140-2 and PBKD

Carl Young Wed, 02 Dec 2009 08:48:17 -0800

----- Original Message -----From: "Dr. Stephen Henson" <st...@openssl.org>

To: <openssl-users@openssl.org>
Sent: Tuesday, December 01, 2009 6:58 PM
Subject: Re: FIPS 140-2 and PBKD

On Tue, Dec 01, 2009, carlyo...@keycomm.co.uk wrote:


In openssl, if I try to use anything using PBKD (PKCS#5 PBKDF2 in
particular) when in FIPS enabled mode, it returns an error.


How are you attempting to use it and what error do you get?


Steve,

I have to apologize - the group that supplied me with the OSSL code plus aFIPS certified engine have modified it to stop PBKD from working when FIPSmode is enabled. This is nothing to do with OpenSSL persay.

The underlying engine (RSA Bsafe) does also disable PBKD functions as wellthough, and its security policy lists PBKD as non-FIPS-approved.


Regards,

Carl

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: FIPS 140-2 and PBKD

Reply via email to