On Wed, 25 Mar 2015 17:03:04 -0400
Steve Marquess marqu...@openssl.com wrote:
I wasn't aware the Linux kernel (the real one, not proprietary
commercial derivatives) had a FIPS mode. Please enlighten me.
It could very well be that the word 'mode' is not the right one.
'option' would perhaps be
On Tue, 24 Feb 2015 16:16:17 +
Dr. Stephen Henson st...@openssl.org wrote:
On Tue, Feb 24, 2015, jonetsu wrote:
Hello,
To grasp how FIPS methods are called, and following one method
as an example, HMAC_Update() in hmac.c, we can see that if FIPS
mode is active then
Hello,
I have some questions regarding table '6b - Conditional Tests' of the
2.0.7 Security Policy.
It is mentioned that there are continuous tests for stuck fault. Is
the meaning of 'continuous' a the matter of frequency ? Or are these
continuous tests ran each time an algorithm is used ?
The
Hello,
Could you please comment on the following ? Any suggestion, insight,
hint, is greatly appreciated.
In FIPS mode, the OS, the device, must be aware of crypto errors, and
adopt a certain behaviour when one occurs. Like shutting down all
data output interfaces.
This means that when using
On Mon, 26 Jan 2015 22:35:12 -0500
Tom Francis thomas.francis...@pobox.com wrote:
This is a bad idea. It can generally be done, and it’s probably not
even too hard (for some uses, anyway). But it’s a bad idea. Here’s
why:
Thanks for the detailed comments. I understand the concerns,
On Tue, 27 Jan 2015 14:13:57 -0500
Steve Marquess marqu...@openssl.com wrote:
The user guide documents that correctly. For the OpenSSL FIPS Object
Module 2.0 (#1747) the FIPS mode of operation is enabled with
FIPS_mode_set(). There is no library startup; you keep confusing
past validations
On Mon, 26 Jan 2015 22:35:12 -0500
Tom Francis thomas.francis...@pobox.com wrote:
This is a bad idea. It can generally be done, and it’s probably not
even too hard (for some uses, anyway). But it’s a bad idea. Here’s
why:
Thanks for the detailed comments. I understand the concerns,
On Fri, 16 Jan 2015 10:16:48 -0500
Steve Marquess marqu...@openssl.com wrote:
On 01/15/2015 05:52 AM, Marcus Meissner wrote:
On Linux usually triggered by /proc/sys/crypto/fips_enabled
containing 1 or the environment variable
OPENSSL_FORCE_FIPS_MODE=1 (at least for the certs done by SUSE and
On Tue, 13 Jan 2015 21:33:49 -0500
jone...@teksavvy.com jone...@teksavvy.com wrote:
So basically every app that uses libssl will have to be modified to
add a FIPS_mode_set() call near the beginning. Is that right ?
Is there a way to automatically have the FIPS test executed when
Hello,
A system running in FIPS can have several applications using libssl.
openvpn and openswan are two. There can be 3rd party web servers. So
on. Is there any 'library magic' these days that would prevent
modifying each and every application to add a FIPS_mode_set() call and
error handling
Hello,
There is an untarring error with file. Here are the details.
File size:
1425056 Jan 4 18:50 openssl-fips-2.0.9.tar.gz
md5sum test OK with:
c8256051d7a76471c6ad4fb771404e60
The error:
% tar xvfz openssl-fips-2.0.9.tar.gz
[...]
openssl-fips-2.0.9/util/ssleay.num
11 matches
Mail list logo
