FIPS PUB 140-2 certification

Jouni Malinen j
Mon Mar 23 03:44:05 PDT 2009

On Fri, Mar 20, 2009 at 09:41:02AM +0100, Daim, Harald wrote:

> Has somebody experience with the FIPS PUB 140-2 certification of a system using the open source modules
> hostapd and wpa_supplicant?

I have not heard of anyone doing this (not that this would necessarily
mean that it has not happened). Anyway, going through FIPS 140-2
validation would take quite a bit of effort both in modifying
hostapd/wpa_supplicant to meet certain requirements and then just going
through the validation process. Using FIPS 140-2 validated version of
OpenSSL (in FIPS mode) to replace some of the crypto code in
hostapd/wpa_supplicant would likely be a good starting point for this,
but unlikely to be enough.

In general, compliance with FIPS 140-2 has not been a design criteria
for the implementation, but I would be open to getting in changes that
would make it easier to go through the process (e.g., by using special
build options to do this). FIPS 140-2 does not really make much sense
for most use cases, but obviously it is needed for certain market areas.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list