Re: Fipscheck X FIPS_incore_fingerprint

Hi Tomas, You said that OpenSSH do not use the *FIPS_incore_fingerprint* call. But it does *FIPS_mode_set* call and that does *FIPS_incore_fingerprint* call. int FIPS_mode_set(int onoff) { int fips_set_owning_thread(); int fips_clear_owning_thread(); int ret = 0; fips_w_lock(

Re: Fipscheck X FIPS_incore_fingerprint

On Wed, 2011-08-03 at 15:02 -0300, Tatiana Evers wrote: > Hi, > > > I'm a little confused with FIPS integrity test. I'm using openssh and > it is using fipscheck library (FIPSCHECK_verify) to verify integrity > of its binaries. But FIPS_mode_set function calls > FIPS_incore_fingerprint to verify

Fipscheck X FIPS_incore_fingerprint

Hi, I'm a little confused with FIPS integrity test. I'm using openssh and it is using fipscheck library (FIPSCHECK_verify) to verify integrity of its binaries. But FIPS_mode_set function calls FIPS_incore_fingerprint to verify in execution time the integrity of the application. Why do we need an e

Re: Reseed testing in the FIPS DRBG implementation

On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote: > "Dr. Stephen Henson" writes: > > > On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote: > > > >> > >> Hi. I'm working on FIPS-validating a product using OpenSSL (but with > >> a crypto module spanning wider, so we can't easily use the OpenSSL

Re: Reseed testing in the FIPS DRBG implementation

"Dr. Stephen Henson" writes: > On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote: > >> >> Hi. I'm working on FIPS-validating a product using OpenSSL (but with >> a crypto module spanning wider, so we can't easily use the OpenSSL >> crypto module). During code review, some questions about the R

X509 Certificates problem

Hi, I am using VxWorks 5.5 EAP supplicant. I know it's old, but that's the reality. This supplicant is a part of certain HW that authenticates with AAA server using EAP-TTLS. Now, everything works fine when i am using X509 certificates that were generated in openssl 0.9.7e (it's also old, but tha

Re: Reseed testing in the FIPS DRBG implementation

On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote: > > Hi. I'm working on FIPS-validating a product using OpenSSL (but with > a crypto module spanning wider, so we can't easily use the OpenSSL > crypto module). During code review, some questions about the RNG > tests have come up. Most specifi

Reseed testing in the FIPS DRBG implementation

Hi. I'm working on FIPS-validating a product using OpenSSL (but with a crypto module spanning wider, so we can't easily use the OpenSSL crypto module). During code review, some questions about the RNG tests have come up. Most specifically, from what I can read, SP 800-90 requires that (in 11.3.