21 - A module must have an approved mode of operation that requires at least one service to use an app…
22 …e requires a built-in service indicator capable of indicating the use of approved security services
23 - If a module only supports approved services in an approved manner an implicit indicator can be us…
24 - An approved algorithm is not considered to be an approved implementation if it does not have a CA…
25 - Documentation is required to demonstrate how to use indicators for each approved cryptographic al…
26 …on of whether the service utilizes an approved cryptographic algorithm, security function or proce…
27 …heir security policy called ‘Non-Approved Algorithms not allowed in the approved mode of operation…
43 The following rules will apply to any code that currently is not FIPS approved,
48 …OSSL_SELF_TEST will be added. This callback will be triggered whenever an approved mode test fails.
87 If the FIPS related approved mode check fails and either the ctx setter is zero
98     if (p != NULL && !OSSL_PARAM_set_int(p, ctx->approved))
112     ctx->approved = 1;
124     int approved;
126     approved = some_fips_test_passes(ctx->libctx); // Check FIPS restriction for alg
127     if (!approved) {
128         ctx->approved = 0;
195 the approved flag.
199     unsigned char approved;
275 - DSA.  Keygen and Signing are no longer approved, verify is still allowed.
276 - ECDSA B & K curves are deprecated, but still approved according to (IG C.K Resolution 4).\
278 - ED25519/ED448 is now approved.
279 - X25519/X448 is not approved currently. keygen and keyexchange would also need an indicator if we …
284 - RSA (From SP800-131Ar2) RSA >= 2048 is approved for keygen, signatures and key transport. Verific…
333 - TEST_RAND is not approved.

Last Index update Mon Nov 25 16:03:21 UTC 2024

Dedicated to & Maintained by Room-11