> From: "Dr. Stephen Henson"
> Date: 03/10/15 20:04
> I mean you could add a callback to FIPS_mode_set using
> FIPS_post_set_callback: see the fips_test_suite.c application
> for an example. The supplied callback is called during each
> POST, continuous RNG and pairwise consistency checks. Th
On Tue, Mar 10, 2015, jonetsu wrote:
>
>
> > From: "Dr. Stephen Henson"
> > Date: 03/10/15 10:21
>
> > Although you cannot modify the FIPS module itself without voiding the
> > validation you *can* change the FIPS capable OpenSSL.
>
> > You might (for example) change FIPS_mode_set() to alwa
> From: "Dr. Stephen Henson"
> Date: 03/10/15 10:21
> Although you cannot modify the FIPS module itself without voiding the
> validation you *can* change the FIPS capable OpenSSL.
> You might (for example) change FIPS_mode_set() to always add a callback
> which logs any errors.
I see. So t
On Tue, Mar 10, 2015, jonetsu wrote:
> Hello,
>
> Is there a method that is always in the path of execution when a crypto
> error occurs ? The reason for asking is that I would like to very slightly
> modify the OpenSSL FIPS version so that it will write a file in tmpfs when
> an error occurs.
> From: "Steve Marquess"
> Date: 03/10/15 08:56
Hello,
Thanks for your reply.
> You're talking about a Level 2 validation (or higher)? You most
> definitely do *not* want to include the OS or applications in the
> "cryptographic module boundary" for Level 1.
It's a level 2. The behaviou
> Is there a method that is always in the path of execution when a crypto error
> occurs ?
It looks like fips_set_selftest_fail() would be a likely candidate where to
create an empty file on a tmpfs in order to let the OS know about the error.
Comments and suggestions welcomed. Based on yo
On 03/10/2015 08:20 AM, jonetsu wrote:
> ...
> Steve has replied that indeed the validation will be lost - I wonder
> if that would have any impact on the total validation costs for a
> whole unit, OS and apps ?
You're talking about a Level 2 validation (or higher)? You most
definitely do *not* w
Hello,
Is there a method that is always in the path of execution when a crypto error
occurs ? The reason for asking is that I would like to very slightly modify
the OpenSSL FIPS version so that it will write a file in tmpfs when an error
occurs. That place will be observed by another app us
