On Wed, 25 Mar 2015 17:03:04 -0400
Steve Marquess wrote:
> I wasn't aware the Linux kernel (the real one, not proprietary
> commercial derivatives) had a "FIPS" mode. Please enlighten me.
It could very well be that the word 'mode' is not the right one.
'option' would perhaps be better. This art
On Tue, 24 Feb 2015 16:16:17 +
"Dr. Stephen Henson" wrote:
> On Tue, Feb 24, 2015, jonetsu wrote:
> > Hello,
> >
> > To grasp how FIPS methods are called, and following one method
> > as an example, HMAC_Update() in hmac.c, we can see that if FIPS
> > mode is active then FIPS_hmac_update(
Hello,
Could you please comment on the following ? Any suggestion, insight,
hint, is greatly appreciated.
In FIPS mode, the OS, the device, must be aware of crypto errors, and
adopt a certain behaviour when one occurs. Like shutting down all
data output interfaces.
This means that when using O
Hello,
I have some questions regarding table '6b - Conditional Tests' of the
2.0.7 Security Policy.
It is mentioned that there are continuous tests for stuck fault. Is
the meaning of 'continuous' a the matter of frequency ? Or are these
continuous tests ran each time an algorithm is used ?
The
On Mon, 26 Jan 2015 22:35:12 -0500
Tom Francis wrote:
> This is a bad idea. It can generally be done, and it’s probably not
> even too hard (for some uses, anyway). But it’s a bad idea. Here’s
> why:
Thanks for the detailed comments. I understand the concerns, although
there's one thing I do
On Tue, 27 Jan 2015 14:13:57 -0500
Steve Marquess wrote:
> The user guide documents that correctly. For the OpenSSL FIPS Object
> Module 2.0 (#1747) the FIPS mode of operation is enabled with
> FIPS_mode_set(). There is no "library startup"; you keep confusing
> past validations with new ones.
O
On Fri, 16 Jan 2015 10:16:48 -0500
Steve Marquess wrote:
> On 01/15/2015 05:52 AM, Marcus Meissner wrote:
>> On Linux usually triggered by /proc/sys/crypto/fips_enabled
>> containing "1" or the environment variable
>> OPENSSL_FORCE_FIPS_MODE=1 (at least for the certs done by SUSE and
>> Redhat,
On Tue, 13 Jan 2015 21:33:49 -0500
"jone...@teksavvy.com" wrote:
> So basically every app that uses libssl will have to be modified to
> add a FIPS_mode_set() call near the beginning. Is that right ?
Is there a way to automatically have the FIPS test executed when an
appli
Hello,
A system running in FIPS can have several applications using libssl.
openvpn and openswan are two. There can be 3rd party web servers. So
on. Is there any 'library magic' these days that would prevent
modifying each and every application to add a FIPS_mode_set() call and
error handling ?
Hello,
There is an untarring error with file. Here are the details.
File size:
1425056 Jan 4 18:50 openssl-fips-2.0.9.tar.gz
md5sum test OK with:
c8256051d7a76471c6ad4fb771404e60
The error:
% tar xvfz openssl-fips-2.0.9.tar.gz
[...]
openssl-fips-2.0.9/util/ssleay.num
openssl-fips-2.0.
10 matches
Mail list logo
