Steve Marquess marqu...@openssl.com
writes:
If the CMVP bureaucracy insists on a specific kernel version
for the platform number, this should be one of the Long Term
Support kernel releases to maximize longevity (assuming that
regular OS patching within a version number is still accepted
as
On 03/27/2015 04:45 AM, Henrik Grindal Bakken wrote:
Steve Marquess marqu...@openssl.com
writes:
If the CMVP bureaucracy insists on a specific kernel version
for the platform number, this should be one of the Long Term
Support kernel releases to maximize longevity (assuming that
regular OS
Steve Marquess marqu...@openssl.com
writes:
Are you certain? For a user-space component like OpenSSL, this is
obviously true, but I think you could argue that a kernel module's
Operational Environment has no relation to the Linux distro, only to
the kernel it's loaded by and the hardware
On 03/26/2015 01:00 PM, Marcus Meissner wrote:
...
Unfortunately FIPS 140-2 validation conflicts rather violently with open
source software (and with software engineering best practice in general,
for that matter). Even if some benevolent benefactor ponied up the
quarter megabuck it would
On Thu, Mar 26, 2015 at 10:57:28AM -0400, Steve Marquess wrote:
On 03/25/2015 06:26 PM, jone...@teksavvy.com wrote:
On Wed, 25 Mar 2015 17:03:04 -0400
Steve Marquess marqu...@openssl.com wrote:
I wasn't aware the Linux kernel (the real one, not proprietary
commercial derivatives) had a
On 26/03/2015 16:56, Steve Marquess wrote:
On 03/26/2015 11:30 AM, John Foley wrote:
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable kernel module (a.k.a.
device driver). The idea would be to have a kernel module that
On 26/03/2015 22:29, Steve Marquess wrote:
On 03/26/2015 01:41 PM, Jakob Bohm wrote:
On 26/03/2015 16:56, Steve Marquess wrote:
On 03/26/2015 11:30 AM, John Foley wrote:
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable
On 03/26/2015 01:41 PM, Jakob Bohm wrote:
On 26/03/2015 16:56, Steve Marquess wrote:
On 03/26/2015 11:30 AM, John Foley wrote:
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable kernel module (a.k.a.
device driver). The idea
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable kernel module (a.k.a.
device driver). The idea would be to have a kernel module that provides
crypto support. This kernel module would be the FIPS object module,
with the
On 03/25/2015 06:26 PM, jone...@teksavvy.com wrote:
On Wed, 25 Mar 2015 17:03:04 -0400
Steve Marquess marqu...@openssl.com wrote:
I wasn't aware the Linux kernel (the real one, not proprietary
commercial derivatives) had a FIPS mode. Please enlighten me.
It could very well be that the
On 03/26/2015 11:30 AM, John Foley wrote:
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable kernel module (a.k.a.
device driver). The idea would be to have a kernel module that provides
crypto support. This kernel module
On Wed, Mar 25, 2015 at 4:12 PM, jonetsu jone...@teksavvy.com wrote:
Hello,
This is not about OpenSSL, although from experience, maybe some know the
answer. Does anyone know if actual documentation exists for the Linux kernel
FIPS mode apart from the source itself ? There is nothing in
On 03/25/2015 04:12 PM, jonetsu wrote:
Hello,
This is not about OpenSSL, although from experience, maybe some know
the answer. Does anyone know if actual documentation exists for the
Linux kernel FIPS mode apart from the source itself ? There is
nothing in Documentation/ as per 3.18.2. -
On Wed, 25 Mar 2015 17:03:04 -0400
Steve Marquess marqu...@openssl.com wrote:
I wasn't aware the Linux kernel (the real one, not proprietary
commercial derivatives) had a FIPS mode. Please enlighten me.
It could very well be that the word 'mode' is not the right one.
'option' would perhaps be
14 matches
Mail list logo