aerow...@gmail.com wrote:
...
I think that this discussion is good, because it will (hopefully) lead
to a tool -- perhaps a script -- that can perform all of the tests
that we can identify on an executable to determine if it's been
statically linked with a correct fipscanister.
With all due
Jeffrey Walton wrote:
> On Thu, Dec 23, 2010 at 3:35 PM, wrote:
>> Export the environment variable OPENSSL_FIPS=1, and then try
>> openssl md5?
>>
> I am aware of two companies which are (were?) claiming a FIPS
> validated module via OpenSSL sources, but not building the canister.
> For completen
Zamora, Robert wrote:
> Is there a way to determine if OpenSSL binaries were compiled with the FIPS
> "certified" module v1.2.x ? Compiling OpenSSL FIPS test module gives me the
> same results using fips_test_suite.
>
In a word, no, because some of the requirements for creation of the
valida
On Thu, Dec 23, 2010 at 7:35 PM, wrote:
> Jeff,
>
> The fipscanister's integrity test must be called before main(), and that's
> why fipsld does what it does. The process to load it and verify it is given
> (in source form) in the fips-1.2.0 package, and those bits can be located as
> well as th
Jeff,
The fipscanister's integrity test must be called before main(), and that's why
fipsld does what it does. The process to load it and verify it is given (in
source form) in the fips-1.2.0 package, and those bits can be located as well
as the compiled bits of the canister itself.
I think
On Thu, Dec 23, 2010 at 5:56 PM, wrote:
> OPENSSL_FIPS=1 causes openssl to invoke FIPS_mode_set(1). Once that occurs,
> MD5 is a prohibited algorithm unless it's explicitly limited to the TLSv1
> PRF (and that only because SHA is also used). If an MD5 operation completes
> successfully, it's no
OPENSSL_FIPS=1 causes openssl to invoke FIPS_mode_set(1). Once that occurs,
MD5 is a prohibited algorithm unless it's explicitly limited to the TLSv1 PRF
(and that only because SHA is also used). If an MD5 operation completes
successfully, it's not a FIPS canister that's running the cryptogra
On Thu, Dec 23, 2010 at 3:35 PM, wrote:
> Export the environment variable OPENSSL_FIPS=1, and then try openssl md5?
>
I am aware of two companies which are (were?) claiming a FIPS
validated module via OpenSSL sources, but not building the canister.
For completeness, the companies may have fixed t
Export the environment variable OPENSSL_FIPS=1, and then try openssl md5?
-Kyle H
On Tue, Dec 21, 2010 at 1:04 PM, Zamora, Robert
wrote:
Is there a way to determine if OpenSSL binaries were compiled with the FIPS
"certified" module v1.2.x ? Compiling OpenSSL FIPS test module gives me the
s
Is there a way to determine if OpenSSL binaries were compiled with the FIPS
"certified" module v1.2.x ? Compiling OpenSSL FIPS test module gives me the
same results using fips_test_suite.
Thanks,
Robert Zamora
__
OpenSSL Projec
10 matches
Mail list logo
