[openssl-users] FIPS: Common method executed in case of error
jonetsu
jonetsu at teksavvy.com
Tue Mar 10 13:10:06 UTC 2015
> Is there a method that is always in the path of execution when a crypto error occurs ?
It looks like fips_set_selftest_fail() would be a likely candidate where to create an empty file on a tmpfs in order to let the OS know about the error.
Comments and suggestions welcomed. Based on your experience with FIPS validation process, and many customers/sponsors, do you think that having a ever so slightly modified OpenSSL FIPS code would increase validation costs for a whole unit (OS and apps) ? Recently Steve, I think, has mentioned that the cost for an initial OpenSSL FIPS validation was well into the 6 numbers. Would this type of figure be added to a project if OpenSSL FIPS is modified ? I think the labs could go with a diff and see how simple the modification is.
Regards.
More information about the openssl-users
mailing list