[openssl-users] cross-compiled binary with fips only generates encrypted string output
I'm trying to figure out what I have done wrong here... Using openssl-fips-2.0.16 and openssl 1.0.2l (please let me know if there is a newer/better combo to use) Openssl-fips config is: ./Configure linux-generic64 --prefix=/usr/openssl --openssldir=/usr/openssl --cross-compile-prefix=XYZ- Openssl config is: export FIPSDIR=/xyz-cross-compiled-image-dir/usr/openssl FIPS_OBJECT_MODULE=/xyz-cross-compiled-image-dir/usr/openssl/lib/fipscanister.o ./Configure linux-generic64 shared fips --prefix=/usr/openssl --openssldir=/usr/openssl --with-fipsdir=/xyz-cross-compiled-image-dir/usr/openssl There are no complaints while compiling, but when I load it onto the embedded linux device that it is targeted for and run simple version or invoke CLI, i see: # ./openssl version 878ea783d20992bcfcad2d1c474bfc01cc80d831 # ./openssl 878ea783d20992bcfcad2d1c474bfc01cc80d831 Can anyone throw me a bone? Thanks! K -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Forthcoming OpenSSL releases
On 30/10/17 13:50, Matt Caswell wrote: > Forthcoming OpenSSL releases > > > The OpenSSL project team would like to announce the forthcoming release > of OpenSSL versions 1.1.0g and 1.0.2m. > > These releases will be made available on 2nd November 2017 between > approximately 1300-1700 UTC. > > This is a bug-fix release. It will also include a fix for the low > severity security issue previously published here: > https://www.openssl.org/news/secadv/20170828.txt Correction: It will additionally include a fix for a moderate level security issue. > > Please also note that, as per our previous announcements, support for > 1.0.1 ended on 31st December 2016. > > Yours > > The OpenSSL Project Team > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Compiling OpenSSL 1.0.2l static library with FIPS -2.0.16 on Windows
Hi, I have am trying to compile OpenSSL 1.0.2l static library using FIPS - 2.0.16 on Windows 2012 R2, Visual Studio 2015, using reference from https://www.openssl.org/docs/fips/UserGuide-2.0.pdf , page #68. Step 1: - cd openssl-fips-2.0.16 - ms\do_fips Step 2: - cd openssl-1.0.2l - set FIPSDIR=C:\usr\local\ssl\fips-2.0 - perl Configure VC-WIN64A fips --with-fipsdir=%FIPSDIR% no-shared zlib no-idea no-mdc2 no-rc5 no-ssl2 no-ssl3 - nmake -f ms\nt.mak all I see that ms\do_fips compile the code with /MD, and somehow step 2 (nmake -f ms\nt.mak all) also ends up compiling with /MD switch. The application now requires the dynamic runt time libraries and compile and run time. OpenSSL static libraries builds fine with /MT switch without FIPS module, so there's something with FIPS module that ends up setting /MD switch. Has anyone else faced this problem? As per user guide, the FIPS module should build fine with static libraries, but looks like there is some issue with it. Is there any option that can be supplied to do_fips.bat, or a different build script that needs to be run? Appreciate any help on this. Thanks,NG -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Forthcoming OpenSSL releases
Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0g and 1.0.2m. These releases will be made available on 2nd November 2017 between approximately 1300-1700 UTC. This is a bug-fix release. It will also include a fix for the low severity security issue previously published here: https://www.openssl.org/news/secadv/20170828.txt Please also note that, as per our previous announcements, support for 1.0.1 ended on 31st December 2016. Yours The OpenSSL Project Team -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] SSL_read sys error 60.
Hi, Client Platform: OSX 10.12OpenSSL: openssl-1.0.2g, built by myself i.e. no system default OpenSSL server platform: ubuntu 16.4OpenSSL: 1.1.0e built by myself i.e. no system default OpenSSL Issue: SSL_read gets failed with errno is 60 (ETIMEDOUT, operation timed out), ERR_get_error return 0 at client side. SSL_read gets failed frequently at client side, ERR_get_error return 0 and errno is 60 i.e. ETIMEDOUT. The client socket is marked non-blocking socket and recv timeout is set. Ideally, there should not wait inside the SSL_read. I understand this 'may be' socket error but under what probable conditions SSL_read returns with error 60. Interesting point is, this issue may occur in ongoing traffic. 'select' method is used. Could you please give me the pointer to debug this issue further? ThanksAnand Choubey-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users