Re: OpenSSL 3.0 FIPS module configuration file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Yes, this has to do with the FIPS standards.  I forget which standard it is but the self tests are mandated to be run on each device independently.

The fipsinstall process runs the self tests before generating the configuration file.  If the self tests fail, the module doesn't install.  Copying the configuration file across avoids the self tests and therefore isn't compliant.


Pauli


On 15/2/22 02:25, Richard Dymond wrote:
Hi

Probably a dumb question, but why must the FIPS module configuration file for OpenSSL 3.0 be generated on every machine that it is to be used on (i.e. must not be copied from one machine to another)?

I just ran 'openssl fipsinstall' on two different machines with the same FIPS module and it produced exactly the same output each time, so presumably the reason has nothing to do with the config file being unique to the machine.

Does it have something to do with the FIPS standard itself?

Richard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux