locked
Is the APIs in secur32.dll FIPS 140-2 validated? RRS feed

  • Question

  • According to Microsoft Kernel Mode Security Support Provider Interface  (ksecdd.sys) Security Policy Document, there are some non-approved APIs exported from KSECDD.SYS crypto module.  http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp891.pdf

    Such as following APIs:
    InitializeSecurityContextW
    ImpersonateSecurityContext
    EncryptMessage 
    DecryptMessage

    My code uses these APIs for SSPI/NTLM via secur32.dll on Windows 7.
    Does it mean non-approved APIs of FIPS is used?
    Are the non-approved APIs of Vista KSECDD.SYS listed in 140sp891.pdf also non-approved for secur32.dll on Windows 7?

    Does it means that if one application use InitializeSecurityContextW, then the application is not FIPS validated?

    My question is similar to following to post, but there is no clear answer in the post.

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/e77deb71-af50-4585-805d-a64ffe4b7e5e/does-secur32dll-fips-compliance?forum=winserversecurity
    Does Secur32.dll FIPS compliance?

    http://www.derkeiler.com/Newsgroups/microsoft.public.platformsdk.security/2008-10/msg00029.html
    Secur32.dll using FIPS 140 certified crypto


    Thursday, March 27, 2014 5:53 AM