IPP crypto and FIPS 140

IPP crypto and FIPS 140

Can anyone confirm whether the IPP crypto modules are certified / validated for FIPS 140-2?Is is just compliant (that is with no certificate number)?Thanks

8 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

IPP 5.0 was validated for FIPS 140-2, all other versions - were not validated.

Regards,
Igor

Where did you find that information?

I looked through all mypdf-files for IPP v5.xand C/C++ examplesand I couldn't find any references
about FIPS 140-2.

Here is a list of all cases with the word 'FIPS' I found:

...to build their own FIPS-conformant security solutions...
...FIPS PUB 46-3...
...FIPS PUB 113...
...FIPS PUB 180-2...
...FIPS PUB 186-2...
...FIPS PUB 198...
...to comply with the American Standard FIPS 197...

Best regards,
Sergey

Sergey,

there were 2 steps:
1) release 5.0 was published (released)
2) then it was validated through NIST validation process

this is why you can't find this information in the 5.0 documentation

2006:

Intel IPP for Cryptography has been successfully validated under CAVP and the following certificates have been issued on Nov 13:

AES: #460

DSA: #190

SHS: #526

RNG: #245

RSA: #181

HMAC: #221

ECDSA: #40

Please, look for the details at http://csrc.nist.gov/cryptval -> Validation Lists / Algorythms.

Regards,
Igor

>>...Please, look for the details at http://csrc.nist.gov/cryptval -> Validation Lists / Algorythms...

Thank you, Igor.

Gentlemen,

I have examined NIST FIPS 140 algorithm certificate #460; it indicates that revision 5 is the FIPS 140 validated and certified version of IPP.  Subsequent posts indicate that revision 5 is the only validated and certified version.  Today it appears that one can only procure version 9 or perhaps version 8.  My question is in two parts.  First, is version 5 in fact the only FIPS validated and certified version?  If there is a current certified version please give me the certificate number.  Otherwise, if a current FIPS validated and certified version is not available, is it possible to obtain and use IPP version 5?   I develop using FORTRAN/C/C++ in Windows.

Regards,

Gary Geissinger

 

Hi Gary,

FIPS validation for IPP was performed only once - for the 5th version. I don't recommend you to use such old IPP version - it doesn't have optimizations for the latest CPUs and, the most important thing, - is not mitigated from several vulnerabilities that have been discovered later. And I think there is no legal way to get this IPP version from https://registrationcenter.intel.com/

regards, Igor

Maybe all of you interested in FIPS 140-2 support will benefit from perusing the following links:

http://opensslrampage.org/post/83555615721/the-future-or-lack-thereof-of...

https://www.schneier.com/blog/archives/2010/01/fips_140-2_leve.html

 

Regards,
Igor Levicki

Leave a Comment

Please sign in to add a comment. Not a member? Join today