Am 05.03.2018 um 20:39 schrieb Alan Dean:
> Thanks Matthias for your response.
>
> I have a different question:
>
> Per your suggestion in the previous email, FIPS_mode_set() can be
> moved inside of OPENSSL_init(), in order to force the FIPS mode
> enabled in the library level.
>
> However
Thanks Matthias for your response.
I have a different question:
Per your suggestion in the previous email, FIPS_mode_set() can be moved
inside of OPENSSL_init(), in order to force the FIPS mode enabled in the
library level.
However currently OPENSSL_init() is actually invoked from within
Am 05.03.2018 um 19:55 schrieb Alan Dean:
> Thanks a lot Matthias for the suggestion.
>
> I have few follow-up questions below:
>
Please see my other replies.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Am 05.03.2018 um 20:07 schrieb Salz, Rich via openssl-users:
>
> * Did you mean if an application uses the low level crypto algorithm
> functions (e.g. SHA256_Init/ SHA256_Update/ SHA256_Final) then
> they won't work under FIPS mode (and hence may cause unpredictable
> issues)?
>
>
* Did you mean if an application uses the low level crypto algorithm
functions (e.g. SHA256_Init/ SHA256_Update/ SHA256_Final) then they won't work
under FIPS mode (and hence may cause unpredictable issues)?
Yes.
It’s not unpredictable issues, but rather that your application cannot claim
On Mon, Mar 5, 2018 at 3:04 AM, Dr. Matthias St. Pierre <
matthias.st.pie...@ncp-e.com> wrote:
>
>
> On 05.03.2018 11:57, Dr. Matthias St. Pierre wrote:
> >
> > However, I am sceptical whether this approach will be accepted,
> > because there are (at least) two potential problems:
> >
> > *
Thanks a lot Matthias for the suggestion.
I have few follow-up questions below:
On Mon, Mar 5, 2018 at 2:57 AM, Dr. Matthias St. Pierre <
matthias.st.pie...@ncp-e.com> wrote:
>
>
> On 05.03.2018 10:46, Alan Dean wrote:
>
> Question 1: Is it even feasible to make the FIPS mode always enabled for
Dr. Matthias St. Pierre wrote:
> On 05.03.2018 10:46, Alan Dean wrote:
>> Question 1: Is it even feasible to make the FIPS mode always enabled
>> for the whole OpenSSL library (i.e. for both libcrypto and libssl), so
> The optimal location for
On 05.03.2018 11:57, Dr. Matthias St. Pierre wrote:
>
> However, I am sceptical whether this approach will be accepted,
> because there are (at least) two potential problems:
>
> * Normally, it is mandatory to check the result of FIPS_mode_set() or
> FIPS_mode() to ensure that the FIPS
On 05.03.2018 10:46, Alan Dean wrote:
> Question 1: Is it even feasible to make the FIPS mode always enabled
> for the whole OpenSSL library (i.e. for both libcrypto and libssl), so
> that most the applications which dynamically linked to libcrypto and
> libssl will be automatically use OpenSSL
10 matches
Mail list logo