OpenSSL loses FIPS 140-2 Certification (Or Not) - Slashdot

A5: Since the OpenSSL FIPS Object Module uses version 2.0, the OpenSSL version will jump to 3.0 to avoid confusion. Q6: Will the OpenSSL 3.0 FIPS Module be validated to FIPS 140-3 requirements? A6: The current plan is to validate to FIPS 140-2 requirements. The CMVP begins accepting FIPS 140-3 validation packages on September 22, 2020, but FIPS The OpenSSL library has a special FIPS mode that has been certified to meet the FIPS 140-2 standard. In FIPS mode, only algorithms and key sizes that meet the FIPS 140-2 standard are enabled by the library. MariaDB does not yet support enabling FIPS mode within the database server. See MDEV-20260 for more information. Therefore, if you would (OpenSSL includes multiple DES/3DES > implementations.) Tim misread the DES self-test implementation look at the fourth argument to the DES_ebb_encrypt() function which is used for both encryption and decryption. FIPS 140-2 does not require that the APIs of the validated module be used directly by The BigFix Cryptographic Module uses OpenSSL FIPS Object Module 2.0 that has been certified by NIST as compliant with the FIPS (Federal Information Processing Standard) 140-2 standard. Successful validation under the FIPS 140-2 standard means that these software routines have received an exceptional level of scrutiny and testing by a government The MDX Vault encrypts MDX-wrapped apps and associated data-at-rest on both iOS and Android devices using FIPS-certified cryptographic modules provided by the OpenSSL. For the full XenMobile FIPS 140-2 compliance statement, including the specific modules used in each case, contact your Citrix representative. OpenSSL itself is not FIPS 140-2 validated and, according to it's maintainers, will never be. However, it has a FIPS 140-2 validated module called the FIPS Object Module, that partly replaces libcrypto used in vanilla OpenSSL. More information, including user guide, can be found here. In short: The Federal Information Processing Standard (FIPS) is a U.S. government computer security standard used to certify software modules and libraries that encrypt and decrypt data securely. You can configure MongoDB to run with a FIPS 140-2 certified library for OpenSSL. Configure FIPS to run by default or as needed from the command line.

Here is a screen-captured example of a FIPS 140-2 validation listing, as shown on the NIST website. I will note where other validated modules may differ, but this is a good sample of a typical Software Level 1 certificate, the specialty of SafeLogic’s RapidCert program.

Even better, SafeLogic can put you on an upgrade path for accelerated FIPS 140-2 validation when that new OpenSSL 3.0 stack is available, combining FIPS mode and TLS 1.3 with SafeLogic’s CryptoComply technology and RapidCert validation services. This is what we do best, and we want to be your one-stop shop for encryption. 10.2. Federal Information Processing Standard (FIPS) Red The Federal Information Processing Standard (FIPS) Publication 140-2, is a computer security standard, developed by a U.S. Government and industry working group to … Oracle® Linux 6 Security Guide

However, navigating FIPS 140-2 involves working with two government agencies that coordinate cryptographic module testing and algorithm testing against dozens of standards through twenty or so testing laboratories. It’s ever-changing, time-consuming and often riddled with red tape.

User Guide - OpenSSL Jun 28, 2012