On Tue, 12 May 2015, Robert Relyea wrote:
So, in FIPS mode, in a standalone test program, what is the correct way to
turn g^ir into PK11SymKey.
PK11SymKey *sym_key = PK11_ImportSymKey(slot,
CKM_DH_PKCS_DERIVE,
On 05/12/2015 08:58 AM, Andrew Cagney wrote:
Hi,
I'm looking to clean up some test code (IKEv2, NISTs CAVP tests), so that
they "work" in FIPS mode (what ever that means).
So CAVS tests require hooking outside the FIPS mode boundary because
CAVS tests access CSPs which aren't allowed outside t
On Tue, May 12, 2015 9:44 am, Peter Bowen wrote:
> How about an even simpler solution? Don't have p11-kit load the
> PKCS#11 modules, just provide a list of paths and let the application
> pass those to NSS. That way the application can choose to
> transparently load modules without user int
On Tue, May 12, 2015 at 8:40 AM, David Woodhouse wrote:
> On Mon, 2015-05-11 at 11:21 -0700, Ryan Sleevi wrote:
>> It's not simply sufficient to load module X into Chrome or not. p11-kit's
>> security model is *broken* for applications like Chrome, at least with
>> respect to how you propose to im
Hi,
I'm looking to clean up some test code (IKEv2, NISTs CAVP tests), so that
they "work" in FIPS mode (what ever that means).
The test inputs look like:
Ni = 3651fef5c9c35e93
Nr = c09a8b90a3f04d59
g^ir =
d084a30166a50fb7325c3960874a839449ef9741c2f4f947d0201dd8c1269273d79509f37e3ca3eb4fa2fe2a282
On Mon, 2015-05-11 at 11:21 -0700, Ryan Sleevi wrote:
> It's not simply sufficient to load module X into Chrome or not. p11-kit's
> security model is *broken* for applications like Chrome, at least with
> respect to how you propose to implement.
I've proposed at least four different options and as
On Mon, 2015-05-11 at 11:24 -1000, Brian Smith wrote:
>
> Said differently, there is nothing special about Linux. Just as Firefox
> intentionally doesn't use Windows's central certificate trust database on
> Windows, and just as it doesn't use Mac OS X's central certificate trust
> database on Mac
7 matches
Mail list logo