On 11/25/2013 05:51 AM, Leon Brits wrote:> Hi, > > I need to perform some Known-Answer-Tests with every start-up of my > system. ...
You're trying for your own "private label" validation. The OpenSSL FIPS Object Module was a good model for that (by design), but note the CMVP has recently introduced some new requirements that raise the pain threshold. On 11/26/2013 09:34 AM, Leon Brits wrote: > I also need to test CCM and GCM mode and realized that I cannot use the > CLI for that. So, I started writing a program to do the tests (wanted to > avoid this). ... You might want to look at the existing code for handling all required FIPS 140-2 algorithm testing. See the FIPS module User Guide: http://www.openssl.org/docs/fips/UserGuide-2.0.pdf Appendix B. That will be the easy part... -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct [email protected] [email protected] gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
