On Wed, 2011-08-03 at 15:02 -0300, Tatiana Evers wrote:
> Hi,
>
>
> I'm a little confused with FIPS integrity test. I'm using openssh and
> it is using fipscheck library (FIPSCHECK_verify) to verify integrity
> of its binaries. But FIPS_mode_set function calls
> FIPS_incore_fingerprint to verify in execution time the integrity of
> the application. Why do we need an external validation?
> Isn't FIPS_incore_fingerprint sufficient to verify integrity?
You're mixing the OpenSSL upstream FIPS module with the Red Hat
Enterprise Linux OpenSSL and OpenSSH modules. They use different
integrity verification test and they do not use the
FIPS_incore_fingerprint call.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
