From dewyvd at gmail.com  Wed Jun 12 11:37:46 2019
From: dewyvd at gmail.com (Andrew VanDamme)
Date: Wed, 12 Jun 2019 11:37:46 -0400
Subject: [Cryptography-dev] FIPS Certfication
Message-ID: <CABr4nCgRL_NGB6jESEmoXwMPAOANLOGq=t3yNAj46N=0Q5HUNw@mail.gmail.com>

Hello,

Does the cryptography library for Python running on RHEL 7.x and above have
FIPS 197 certification (FIPS 140-2 with AES GCM)?

Thank you,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20190612/3285b45f/attachment.html>

From alex.gaynor at gmail.com  Wed Jun 12 19:01:48 2019
From: alex.gaynor at gmail.com (Alex Gaynor)
Date: Wed, 12 Jun 2019 19:01:48 -0400
Subject: [Cryptography-dev] FIPS Certfication
In-Reply-To: <CABr4nCgRL_NGB6jESEmoXwMPAOANLOGq=t3yNAj46N=0Q5HUNw@mail.gmail.com>
References: <CABr4nCgRL_NGB6jESEmoXwMPAOANLOGq=t3yNAj46N=0Q5HUNw@mail.gmail.com>
Message-ID: <CAFRnB2WS2-t7qxrQPwhECHrriLGwJHCnrSKswL4VNz_ebg7SpA@mail.gmail.com>

Cryptography is not in-scope within the definition of FIPS-140-2; we use
OpenSSL for implementation of cryptographic algorithms. If you link
cryptography against an certified and/or validated OpenSSL, that is
controlling for whether your cryptography is certified/validated.

Alex

On Wed, Jun 12, 2019 at 7:00 PM Andrew VanDamme <dewyvd at gmail.com> wrote:

> Hello,
>
> Does the cryptography library for Python running on RHEL 7.x and above
> have FIPS 197 certification (FIPS 140-2 with AES GCM)?
>
> Thank you,
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>


-- 
All that is necessary for evil to succeed is for good people to do nothing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20190612/ff5a8f70/attachment.html>

From simo at redhat.com  Thu Jun 13 07:44:30 2019
From: simo at redhat.com (Simo Sorce)
Date: Thu, 13 Jun 2019 07:44:30 -0400
Subject: [Cryptography-dev] FIPS Certfication
In-Reply-To: <CABr4nCgRL_NGB6jESEmoXwMPAOANLOGq=t3yNAj46N=0Q5HUNw@mail.gmail.com>
References: <CABr4nCgRL_NGB6jESEmoXwMPAOANLOGq=t3yNAj46N=0Q5HUNw@mail.gmail.com>
Message-ID: <9d75e7969e61ffaf243d9f69092987e7d68d0ad7.camel@redhat.com>

On Wed, 2019-06-12 at 11:37 -0400, Andrew VanDamme wrote:
> Hello,
> 
> Does the cryptography library for Python running on RHEL 7.x and above have
> FIPS 197 certification (FIPS 140-2 with AES GCM)?

Python-cryptography can be compliant when it is used on RHEL 7 with its
FIPS certified OpenSSL library.

I do not recall right away when we introduced certification of AES-GCM,
but the OpenSSL CVMP Certificate will tell you that.

HTH,
Simo.

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc