I had a problem after building as well, I built the fips-mode (version
1.2) of openssl on LInux via running ./config fipscanisterbuild and
then make, this builds fine, and make test works, only
fipscanister.o doesn't have the strings that fipsld expects, when I run
strings fipscanister.o |
Kyle Hamilton wrote:
The FIPS version of OpenSSL has an external verification
mechanism
which does not require a PGP signature verification. In the Security
Policy, there are keyed HMACs ...
Thanks for your reply, now this would be I think the second
verification, after the
Hi everyone,
I expect this has been asked before, but which PGP product is
appropriate for the FIPS validation of the FIPS ssl archive
(openssl-fips-1.1.1.tar.gz) via the openssl-fips-1.1.1.tar.gz.asc file?
I verified it with gpg, per the FIPS instructions ("gpg --verify *.asc
*.gz"), but I
Well, X509 is defined in openssl/ossl_typ.h, did it complain about this file not being found? But this file should be included for you as long as OPENSSL_NO_X509 is not defined. SSL is defined in ssl.h (line 354 in my version), so then maybe some include file is redefining SSL? You might check
Hi everyone,
It seems I am leaking memory every time I call EVP_encrypt/decrypt routines, about 240 bytes are leaked by OPENSSL_malloc(), this happens in versions 0.9.7d, in the FIPS-certified version 1.0, and in the latest version 0.9.8b.
I found two bug reports that might possibly be
Thanks, Steve and Marek, only I wonder now if this documentation might then be misleading in the man page:
EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
EVP_CipherFinal_ex() except ctx is