There is nothing stopping cheating.
If you are going to cheat, why bother with FIPS at all? Just claim
you're FIPS.
Pauli
On 15/2/22 10:49, Ma Ar wrote:
Maybe a dumb question too, considering that i am admittedly just
getting into this field, but I though maybe if I ask I might learn
so
Tom, thanks for looking this up. I believe that this particular piece
of guidance was removed in 140-3.
Pauli
On 15/2/22 10:57, Thomas Dwyer III wrote:
I believe the relevant standard is described in the Implementation
Guidance for FIPS 140-2:
https://csrc.nist.gov/csrc/media/projects/crypt
I believe the relevant standard is described in the Implementation Guidance
for FIPS 140-2:
https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf
(see IG 9.11 beginning on page 179). I searched briefly for similar text in
FIPS 140-3 IG
Maybe a dumb question too, considering that i am admittedly just getting
into this field, but I though maybe if I ask I might learn
something...is there any method of assurance that the test were then run
on the machine they are installed on?
If whatever those tests are attesting to to certify
Yes, this has to do with the FIPS standards. I forget which standard it
is but the self tests are mandated to be run on each device independently.
The fipsinstall process runs the self tests before generating the
configuration file. If the self tests fail, the module doesn't
install. Copyin
Hi
Probably a dumb question, but why must the FIPS module configuration file
for OpenSSL 3.0 be generated on every machine that it is to be used on
(i.e. must not be copied from one machine to another)?
I just ran 'openssl fipsinstall' on two different machines with the same
FIPS module and it pr
