vendor had executed 'make' at the appropriate stage as
> opposed to (say) '/usr/bin/make'? How would a tool check that the vendor
> had got the original tar file from the OSF CD rather than by downloading it?
>
>> This convoluted and complex object module linkin
ct. It should not come down to some vendor document
> written in good faith.
How can it come down to anything else? What other possible means are
there for a customer to know that an OpenSSL-based product is FIPS 140-2
validated?
--
J. J. Farrell
Not speak
There isn't necessarily any embedded signature in a shared object. In many
cases, there won't be one. If your shared object was built with a new
enough version of GCC, hasn't been fully stripped, and its note section has
not been removed during the build process, you can get a SHA-1 checksum
from
Steve,
How does one get a hold of the embedded signature in libcrypto.so ?
Thanks
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Steve Marquess
Sent: Tuesday, March 15, 2016 3:54 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-user
On 15/03/2016 21:24, Satya Das wrote:
Even if a vendor letter is good for CMVP, how is the vendor supposed to know ?
By remembering whether or not he followed the required procedure; it's
the only way for him to know.
I would say openssl should give such a tool so that vendor and the testin
On 03/15/2016 04:58 PM, Mike Mohr wrote:
> During the linking process, parts of fipscanister.o are removed
> (discarded) by the linker. Also, jumps and call instructions have their
> operands changed (addresses are filled in or relocation information is
> added) and the machine code is fundamentall
On 03/15/2016 05:24 PM, Satya Das wrote:
> Hello Steve,
>
> Even if a vendor letter is good for CMVP, how is the vendor supposed
> to know ?
Ummm, because the vendor is the one who created the validated module.
Only that vendor can know for sure how the module was created, because
the FIPS 140-2
Hello Steve,
Even if a vendor letter is good for CMVP, how is the vendor supposed to know ?
I would say openssl should give such a tool so that vendor and the testing Lab
can know such things. It is more than critical that the applications link to
the intended crypto module. This convoluted an
During the linking process, parts of fipscanister.o are removed (discarded)
by the linker. Also, jumps and call instructions have their operands
changed (addresses are filled in or relocation information is added) and
the machine code is fundamentally altered.
Imagine the linking process as someth
On 03/15/2016 02:22 PM, Satya Das wrote:
> Hello Steve,
>
> Thank you for your comments.
>
> Is there a way to verify that the correct version of object module
> (fipscanister.o) was assimilated into the libcrypto.so ?
> I just need some surefire way to run an engineering check on the build.
>
Hello Steve,
Thank you for your comments.
Is there a way to verify that the correct version of object module
(fipscanister.o) was assimilated into the libcrypto.so ?
I just need some surefire way to run an engineering check on the build.
Essentially what my question boils down to, is
that the
Hi Folks,
Need help.
I'm not able to encrypt a key using passphrase, below is the error message.
*"error:0D07209B:asn1 encoding routines:ASN1_get_object:too long"*
Have already googled for error but couldn't got much info
Snippet of my code:
unsigned char pass[] = "123456";
BIO *
On 03/14/2016 08:30 PM, Satya Das wrote:
> Hello,
>
>
>
> I have a simple problem I am trying to solve. I have built a fips
> capable openssl shared object (.so). I also have the sha1 hash of the
> fipscanister.o in a file called fipscanister.o.sha1. I also have the
> sha1 hash of fips_premain.
Hi,
As there was some discussion about AEAD, I am still curious to know why OCB
mode isn't flagged as one of them :
assert( EVP_CIPHER_flags( EVP_aes_128_ocb() ) & EVP_CIPH_FLAG_AEAD_CIPHER );
failed ?
Can someone please explain this to me ?
And by the way, I would also be happy to und
Hello Jakob,
Thank you for the information. So what you are saying is the object module
build that generated the SHA1s are not the ones that are embedded. That makes
sense.
So then what would be the best way to validate the build to have consumed the
right object files ? Is there a way to gene
15 matches
Mail list logo
