Can anyone confirm whether the IPP crypto modules are certified / validated for FIPS 140-2?Is is just compliant (that is with no certificate number)?Thanks
IPP 5.0 was validated for FIPS 140-2, all other versions - were not validated.
Where did you find that information?
I looked through all mypdf-files for IPP v5.xand C/C++ examplesand I couldn't find any referencesabout FIPS 140-2.
Here is a list of all cases with the word 'FIPS' I found:
...to build their own FIPS-conformant security solutions... ...FIPS PUB 46-3... ...FIPS PUB 113... ...FIPS PUB 180-2... ...FIPS PUB 186-2... ...FIPS PUB 198... ...to comply with the American Standard FIPS 197...
there were 2 steps:1) release 5.0 was published (released)2) then it was validated through NIST validation process
this is why you can't find this information in the 5.0 documentation
Intel IPP for Cryptography has been successfully validated under CAVP and the following certificates have been issued on Nov 13:
Please, look for the details at http://csrc.nist.gov/cryptval -> Validation Lists / Algorythms.
>>...Please, look for the details at http://csrc.nist.gov/cryptval -> Validation Lists / Algorythms...
Thank you, Igor.
I have examined NIST FIPS 140 algorithm certificate #460; it indicates that revision 5 is the FIPS 140 validated and certified version of IPP. Subsequent posts indicate that revision 5 is the only validated and certified version. Today it appears that one can only procure version 9 or perhaps version 8. My question is in two parts. First, is version 5 in fact the only FIPS validated and certified version? If there is a current certified version please give me the certificate number. Otherwise, if a current FIPS validated and certified version is not available, is it possible to obtain and use IPP version 5? I develop using FORTRAN/C/C++ in Windows.
FIPS validation for IPP was performed only once - for the 5th version. I don't recommend you to use such old IPP version - it doesn't have optimizations for the latest CPUs and, the most important thing, - is not mitigated from several vulnerabilities that have been discovered later. And I think there is no legal way to get this IPP version from https://registrationcenter.intel.com/
Maybe all of you interested in FIPS 140-2 support will benefit from perusing the following links: