[openssl-users] OpenSSL FIPS mode system integration
jonetsu at teksavvy.com
Thu Feb 19 14:57:56 UTC 2015
> From: "Marcus Meissner" <meissner at suse.de>
> To: openssl-users at openssl.org
> Date: 02/19/15 08:07
> Subject: Re: [openssl-users] OpenSSL FIPS mode system integration
> Well, the writing is that the "crypto module" must stop operating
> on error.
> We solved this by calling abort(); in the openssl library on FIPS
> related error conditions.
Hmmmm... What I have written from a consultancy compliance report is that all crypto operations must stop and, all data output of the designed Data Output interface(s) must also stop. Hence my concern for the OS knowing about FIPS crypto test results. Thanks for your comment.
More information about the openssl-users