Am 05.03.2018 um 20:39 schrieb Alan Dean:
> Thanks Matthias for your response.
>
> I have a different question:
>
> Per your suggestion in the previous email, FIPS_mode_set() can be
> moved inside of OPENSSL_init(), in order to force the FIPS mode
> enabled in the library level.
>
> However curren
Thanks Matthias for your response.
I have a different question:
Per your suggestion in the previous email, FIPS_mode_set() can be moved
inside of OPENSSL_init(), in order to force the FIPS mode enabled in the
library level.
However currently OPENSSL_init() is actually invoked from within
FIPS_mo
Am 05.03.2018 um 19:55 schrieb Alan Dean:
> Thanks a lot Matthias for the suggestion.
>
> I have few follow-up questions below:
>
Please see my other replies.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Am 05.03.2018 um 20:07 schrieb Salz, Rich via openssl-users:
>
> * Did you mean if an application uses the low level crypto algorithm
> functions (e.g. SHA256_Init/ SHA256_Update/ SHA256_Final) then
> they won't work under FIPS mode (and hence may cause unpredictable
> issues)?
>
>
* Did you mean if an application uses the low level crypto algorithm
functions (e.g. SHA256_Init/ SHA256_Update/ SHA256_Final) then they won't work
under FIPS mode (and hence may cause unpredictable issues)?
Yes.
It’s not unpredictable issues, but rather that your application cannot claim t
On Mon, Mar 5, 2018 at 3:04 AM, Dr. Matthias St. Pierre <
matthias.st.pie...@ncp-e.com> wrote:
>
>
> On 05.03.2018 11:57, Dr. Matthias St. Pierre wrote:
> >
> > However, I am sceptical whether this approach will be accepted,
> > because there are (at least) two potential problems:
> >
> > * Normal
Thanks a lot Matthias for the suggestion.
I have few follow-up questions below:
On Mon, Mar 5, 2018 at 2:57 AM, Dr. Matthias St. Pierre <
matthias.st.pie...@ncp-e.com> wrote:
>
>
> On 05.03.2018 10:46, Alan Dean wrote:
>
> Question 1: Is it even feasible to make the FIPS mode always enabled for
Dr. Matthias St. Pierre wrote:
> On 05.03.2018 10:46, Alan Dean wrote:
>> Question 1: Is it even feasible to make the FIPS mode always enabled
>> for the whole OpenSSL library (i.e. for both libcrypto and libssl), so
> The optimal location for inserting the FIPS_mode_set(1) call
On 05.03.2018 11:57, Dr. Matthias St. Pierre wrote:
>
> However, I am sceptical whether this approach will be accepted,
> because there are (at least) two potential problems:
>
> * Normally, it is mandatory to check the result of FIPS_mode_set() or
> FIPS_mode() to ensure that the FIPS initializa
On 05.03.2018 10:46, Alan Dean wrote:
> Question 1: Is it even feasible to make the FIPS mode always enabled
> for the whole OpenSSL library (i.e. for both libcrypto and libssl), so
> that most the applications which dynamically linked to libcrypto and
> libssl will be automatically use OpenSSL F
Hi All:
I am working on a project to integrate the OpenSSL FIPS capable library
into our product platform. (We will be doing our own FIPS 140-2 level 1
certification)
There are a large number of third party applications/ library (e.g. wget,
libcurl, postfix, etc) run on our platform which use Ope
11 matches
Mail list logo
