|
Hi all, I’m currently updating an application from OpenSSL 1.0.2d to OpenSSL 3.0.0 in preparation for a FIPS 140-2 submission and I’m not sure how to approach the issue of induced failures for the power on self tests. In OpenSSL 1.0.2d we used to use The OpensSSL 3.0.0 design states that “Any special case code needed to return intermediate values (say for CAVS key generation), to display info (self test states), or change
the normal flow of FIPS module code (e.g - self test failure or failing a keygen loop that supplies fixed rand values) will be controlled by
embedding callbacks into the FIPS module code.” Could you give me some pointers on what would be the best approach for this in OpenSSL 3.0.0? Am I supposed to use
the OSSL_SELF_TEST_* APIs to replace the
fips_self_test()
callback inside the FIPS module or do I somehow need to patch the FIPS provider with new functionality? Any help would be greatly appreciated. Thanks, Cristian Sandu This message and any attachments may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. If you have received this message in error, please promptly notify the sender at Ceragon by reply E-mail and immediately delete this message from your system. |
