From: Dr. Stephen Henson st...@openssl.org
Date: 03/10/15 20:04
I mean you could add a callback to FIPS_mode_set using
FIPS_post_set_callback: see the fips_test_suite.c application
for an example. The supplied callback is called during each
POST, continuous RNG and pairwise consistency
Hello,
Is there a method that is always in the path of execution when a crypto error
occurs ? The reason for asking is that I would like to very slightly modify
the OpenSSL FIPS version so that it will write a file in tmpfs when an error
occurs. That place will be observed by another app
From: Steve Marquess marqu...@openssl.com
Date: 03/10/15 08:56
Hello,
Thanks for your reply.
You're talking about a Level 2 validation (or higher)? You most
definitely do *not* want to include the OS or applications in the
cryptographic module boundary for Level 1.
It's a level 2.
On 03/10/2015 08:20 AM, jonetsu wrote:
...
Steve has replied that indeed the validation will be lost - I wonder
if that would have any impact on the total validation costs for a
whole unit, OS and apps ?
You're talking about a Level 2 validation (or higher)? You most
definitely do *not* want
On Tue, Mar 10, 2015, jonetsu wrote:
Hello,
Is there a method that is always in the path of execution when a crypto
error occurs ? The reason for asking is that I would like to very slightly
modify the OpenSSL FIPS version so that it will write a file in tmpfs when
an error occurs.
Is there a method that is always in the path of execution when a crypto error
occurs ?
It looks like fips_set_selftest_fail() would be a likely candidate where to
create an empty file on a tmpfs in order to let the OS know about the error.
Comments and suggestions welcomed. Based on
From: Dr. Stephen Henson st...@openssl.org
Date: 03/10/15 10:21
Although you cannot modify the FIPS module itself without voiding the
validation you *can* change the FIPS capable OpenSSL.
You might (for example) change FIPS_mode_set() to always add a callback
which logs any errors.
I
On Tue, Mar 10, 2015, jonetsu wrote:
From: Dr. Stephen Henson st...@openssl.org
Date: 03/10/15 10:21
Although you cannot modify the FIPS module itself without voiding the
validation you *can* change the FIPS capable OpenSSL.
You might (for example) change FIPS_mode_set() to