Hi
I have two queries. I am new to FIPS validation.
The first query is
1. We have a system which is using Arm Cortex-A9 on ThreadX.
If I cross compile FIPS module 2.0.16 for Threadx ( Arm Cortex-A9 ) and use
openssl 1.0.2s. Can we claim that our product is FIPS compliant ?
The second query is
2.
.4346
From: openssl-users on behalf of Dr.
Stephen Henson
Sent: Tuesday, October 11, 2016 10:35 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Building an application with OpenSSL and
FIPSsupport.
On Mon, Oct 10, 2016, Matthew Heimlich wrote:
> $openssl
On Mon, Oct 10, 2016, Matthew Heimlich wrote:
> $openssl version
>
> returns:
>
> OpenSSL 1.0.2j-fips
>
> My FIPS module version is openssl-fips-2.0.13
>
> $OPENSSL_FIPS=1 openssl md5 /dev/null
>
> returns:
>
> Error setting digest md5
> 140066569107136:error:060A80A3:digital envelope
> rou
: openssl-users@openssl.org
Subject: Re: [openssl-users] Building an application with OpenSSL and FIPS
support.
On Fri, Oct 07, 2016, Matthew Heimlich wrote:
> Which returns
>
>
> Attempting to set FIPS mode to 1...
> Last error was: 2d06b06f
> FIPS_mode_set failed: 2d06b06f
On Fri, Oct 07, 2016, Matthew Heimlich wrote:
> Which returns
>
>
> Attempting to set FIPS mode to 1...
> Last error was: 2d06b06f
> FIPS_mode_set failed: 2d06b06f
> FIPS mode is: 0???
>
> So it would appear that my FIPS mode is never even being set, and walking
> through the code would seem t
ers on behalf of Ethan Rahn
Sent: Friday, October 7, 2016 4:01 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Building an application with OpenSSL and FIPS
support.
Matt,
What part of the selftest fails? Can you step through it with a debugger?
Cheers,
Ethan
On Fri, Oc
Matt,
What part of the selftest fails? Can you step through it with a debugger?
Cheers,
Ethan
On Fri, Oct 7, 2016 at 10:56 AM, Matthew Heimlich
wrote:
> I'm on RHEL7. I've got a very simple encryption/decryption program that
> works fine without FIPS support enabled, but fails when it is:
>
>
I'm on RHEL7. I've got a very simple encryption/decryption program that works
fine without FIPS support enabled, but fails when it is:
#include
#include
#include
#include
void handleErrors(void)
{
ERR_print_errors_fp(stderr);
abort();
}
int encrypt(unsigned char *plaintext, int
On 04/08/2016 17:53, Thomas Francis, Jr. wrote:
...
I really should point out three things, though:
1) FIPS 140 compliance (from any software package) is always less secure than
non-FIPS 140 compliant packages. By its nature, the validation process places
software several months to years out
> On Aug 4, 2016, at 11:00 AM, o haya wrote:
>
> Hi,
>
> I've been tasked to look into FIPS 140-2 "compliance" for our systems,
> overall, and I know that there's a "FIPS 140-2 module" for OpenSSL, that
> needs to be built from source and then integrated into OpenSSL by building
> OpenSSL wi
On 08/04/2016 11:00 AM, o haya wrote:
> Hi,
>
> I've been tasked to look into FIPS 140-2 "compliance" for our
> systems, overall, and I know that there's a "FIPS 140-2 module" for
> OpenSSL, that needs to be built from source and then integrated into
> OpenSSL by building OpenSSL with the FIPS mod
Hi,
I've been tasked to look into FIPS 140-2 "compliance" for our systems, overall,
and I know that there's a "FIPS 140-2 module" for OpenSSL, that needs to be
built from source and then integrated into OpenSSL by building OpenSSL with the
FIPS module.
The User guide goes into how to integrate
I want to build the OpenSSL 1.0.1e distribution with the FIPS code from OpenSSL
FIPS 2.0.2 distribution WITHOUT using the FIPS canister method and in-core
fingerprint method described in the User Guide for the OpenSSL FIPS Object
Module v2.0 document.
Maybe to say it another way, I would like t
13 matches
Mail list logo
