Hi Tomas,
You said that OpenSSH do not use the *FIPS_incore_fingerprint* call. But it
does *FIPS_mode_set* call and that does *FIPS_incore_fingerprint* call.
int FIPS_mode_set(int onoff)
{
int fips_set_owning_thread();
int fips_clear_owning_thread();
int ret = 0;
fips_w_lock(
On Wed, 2011-08-03 at 15:02 -0300, Tatiana Evers wrote:
> Hi,
>
>
> I'm a little confused with FIPS integrity test. I'm using openssh and
> it is using fipscheck library (FIPSCHECK_verify) to verify integrity
> of its binaries. But FIPS_mode_set function calls
> FIPS_incore_fingerprint to verify
Hi,
I'm a little confused with FIPS integrity test. I'm using openssh and it is
using fipscheck library (FIPSCHECK_verify) to verify integrity of its
binaries. But FIPS_mode_set function calls FIPS_incore_fingerprint to verify
in execution time the integrity of the application. Why do we need an
e
On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote:
> "Dr. Stephen Henson" writes:
>
> > On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote:
> >
> >>
> >> Hi. I'm working on FIPS-validating a product using OpenSSL (but with
> >> a crypto module spanning wider, so we can't easily use the OpenSSL
"Dr. Stephen Henson" writes:
> On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote:
>
>>
>> Hi. I'm working on FIPS-validating a product using OpenSSL (but with
>> a crypto module spanning wider, so we can't easily use the OpenSSL
>> crypto module). During code review, some questions about the R
Hi,
I am using VxWorks 5.5 EAP supplicant. I know it's old, but that's the
reality. This supplicant is a part of certain HW that authenticates with AAA
server using EAP-TTLS.
Now, everything works fine when i am using X509 certificates that were
generated in openssl 0.9.7e (it's also old, but tha
On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote:
>
> Hi. I'm working on FIPS-validating a product using OpenSSL (but with
> a crypto module spanning wider, so we can't easily use the OpenSSL
> crypto module). During code review, some questions about the RNG
> tests have come up. Most specifi
Hi. I'm working on FIPS-validating a product using OpenSSL (but with
a crypto module spanning wider, so we can't easily use the OpenSSL
crypto module). During code review, some questions about the RNG
tests have come up. Most specifically, from what I can read, SP
800-90 requires that (in 11.3.