Ø I am unable to find the openssl-fips module for 1.1.0f. Do you know when it
will be available?
We have no date. Work hasn’t fully started, and isn’t fully funded. Perhaps
your company would like to help? :) See our blog for updates (look in the
archive for postings with FIPS in the title
Hi All,
We would want to build our openssl 1.1.0f with FIPS but we noticed it is
mentioned as
“The 2.0 FIPS module is compatible with OpenSSL releases 1.0.1 and 1.0.2,
and no others”.
I am unable to find the openssl-fips module for 1.1.0f. Do you know when it
will be available?
Could you
Hi All,
I am trying to build CAVP test executable for WinCE. Most of the executable
are built except 1-2. I am facing iob_func unresolved error.
Every thing seems to be proper. Any idea or help is well appreciated.
Regards
Jaya
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.o
Hi All,
I am using OpenSSL-FIPS-2.0.4 library on ARM7 + WinCE 6.0 with "user
affirm" the validation for Y per I.G. G.5.
We want to run latest CAVP test suites. We have built the *build_algvs and
other executable* for the above product/build environment.
However when we are trying to e
ake your best guess at building it manually yourself from original
> source:
>
> (a) your old OpenSSL source here:
>
> https://www.openssl.org/source/old/1.0.1/
>
> (b) that string doesn't tell you which exact FIPS module source, the
> current version is here:
>
>
.org/source/old/1.0.1/
(b) that string doesn't tell you which exact FIPS module source, the current
version is here:
https://www.openssl.org/source/openssl-fips-2.0.16.tar.gz
(c) The FIPS-140 User Guide here, which covers how to build first the FIPS
module and then fips-ena
Hello Everyone,
Will someone tell me where the source code is to build this version of
openssl, please?
"OpenSSL 1.0.1e-fips 11 Feb 2013"
Thanks!
Joe
-
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 05/12/2017 05:17 PM, Hareesh Joshi wrote:
> Hi,
>
> I've a CentOS machine with
>1. FIPS capable OpenSSL module installed
>2. Kernel switched to FIPS with /proc/sys/crypto/fips_enabled=1
>
> Will this make OpenSSL to switch to FIPS mode as well? Or do I
Hi,
I've a CentOS machine with
1. FIPS capable OpenSSL module installed
2. Kernel switched to FIPS with /proc/sys/crypto/fips_enabled=1
Will this make OpenSSL to switch to FIPS mode as well? Or do I necessarily
need to use OPENSSL_FIPS=1 ?
Thank you,
-Hareesh Joshi
--
openssl-
>Try a shared build of the FIPS capable OpenSSL. You should then get
>fips_premain_dso built as part of that process. Alternatively just do:
> make fips_premain_dso
>The fips_premain_dso executable isn't anything special: all it does is load
>the library. It shoul
On Mon, May 01, 2017, Nathan Glasser wrote:
> Hello,
>
> We are using openssl-fips 2.0.14 with OpenSSL 1.0.2j.
>
> We have a shared library on both Linux and Windows which uses static OpenSSL
> libraries. We'd like it to use static FIPS-capable OpenSSL libraries.
>
&
Hello,
We are using openssl-fips 2.0.14 with OpenSSL 1.0.2j.
We have a shared library on both Linux and Windows which uses static OpenSSL
libraries. We'd like it to use static FIPS-capable OpenSSL libraries.
On Windows, everything is fine. On Linux, I have a problem. I am
doing my tes
: Re: [openssl-users] Static FIPS Library with Address
Randomization
Note you may not modify the openssl-FIPS build files or process.
However, building the openssl host container of the FIPS library build,
you may pin the DLL file with link flags and dodge this relocation.
Yes. That's
ssl.org
>>> Subject: Re: [openssl-users] Static FIPS Library with Address
>>> Randomization
>>>
>>> Note you may not modify the openssl-FIPS build files or process.
>>>
>>> However, building the openssl host container of the FIPS library build,
>&g
On 21/03/2017 14:02, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of William A Rowe Jr
Sent: Monday, March 20, 2017 20:59
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Static FIPS Library with Address Randomization
Note you may not
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of William A Rowe Jr
> Sent: Monday, March 20, 2017 20:59
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] Static FIPS Library with Address Randomization
>
> Note you may not modify t
On Fri, Mar 17, 2017 at 12:06 PM, Michael Wojcik
wrote:
>
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of Neptune
>> Sent: Friday, March 17, 2017 09:26
>> To: openssl-users@openssl.org
>> Subject: [openssl-users] Static FIPS L
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Neptune
> Sent: Friday, March 17, 2017 09:26
> To: openssl-users@openssl.org
> Subject: [openssl-users] Static FIPS Library with Address Randomization
>
> Platform: Win32
> FIPS Object
Platform: Win32
FIPS Object Module: 2.0.13
OpenSSL: 1.0.2j
We've been using FIPS-capable OpenSSL for over a year now. Some of our
components are .dlls that statically link the libraries. Using the BASE:
linker flag (but not /FIXED) has worked well with only very occasional
address cl
On 15.03.2017 10:50, Jayalakshmi bhat wrote:
> Hi All,
>
> OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have
> question associated with this.
>
> 1. OpenSSL wiki says : Default DRBG is 256-bit CTR AES *using a derivation
> function*
> 2. Where
Hi All,
OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have
question associated with this.
1. OpenSSL wiki says : Default DRBG is 256-bit CTR AES *using a derivation
function*
2. Where as the document
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf
, 2017 12:10 PM
To: openssl-users@openssl.org
Subject: [openssl-users] Can I rename the OpenSSL shared objects for FIPS?
We are shipping OpenSSL (1.0.2j) shared objects built with FIPS, which are
automatically loaded when the application starts. But if our software directory
is in the path (or
On 01/12/2017 02:10 PM, Perrow, Graeme wrote:
>
> We are shipping OpenSSL (1.0.2j) shared objects built with FIPS,
> which are automatically loaded when the application starts. But if our
> software directory is in the path (or LD_LIBRARY_PATH or platform
> equivalent) earlier
We are shipping OpenSSL (1.0.2j) shared objects built with FIPS, which are
automatically loaded when the application starts. But if our software directory
is in the path (or LD_LIBRARY_PATH or platform equivalent) earlier than the
system directories, then other applications that load OpenSSL
On 04/11/2016 09:26, Marcus Meissner wrote:
On Fri, Nov 04, 2016 at 10:03:21AM +0530, Akshar Kanak wrote:
Dear team
as per the documnet http://csrc.nist.gov/groups/
STM/cmvp/documents/fips140-2/FIPS1402IG.pdf
page 150 , Its mentioned
The implementation of the nonce_explicit manage
On Fri, Nov 04, 2016 at 10:03:21AM +0530, Akshar Kanak wrote:
> Dear team
> as per the documnet http://csrc.nist.gov/groups/
> STM/cmvp/documents/fips140-2/FIPS1402IG.pdf
> page 150 , Its mentioned
> The implementation of the nonce_explicit management logic inside the
> module shall ens
Dear team
as per the documnet http://csrc.nist.gov/groups/
STM/cmvp/documents/fips140-2/FIPS1402IG.pdf
page 150 , Its mentioned
The implementation of the nonce_explicit management logic inside the
module shall ensure that
when the nonce_explicit part of the IV exhausts the maximum n
Dear team
as per the documnet
http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf
page 150 , Its mentioned
The implementation of the nonce_explicit management logic inside the
module shall ensure that
when the nonce_explicit part of the IV exhausts the maximum nu
I'm seeing a problem where my application cannot initialize the FIPS library
(i.e. the call to FIPS_mode_set fails) when using 1.0.2j libraries. The error I
get is: "FIPS_check_incore_fingerprint:fingerprint does not match:fips.c:232:"
However if I build 1.0.2i libraries, everyt
I cannot seem to use EVP_aes_256_wrap() in FIPS mode. I saw some earlier
discussions on using low level APIs; but I am using the EVP method. Is it
supported? I am using 1.0.2h/2.0.12.
Thanks much
-S
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl
On 10/26/2016 06:06 PM, Eric Tremblay wrote:
> Hi Steve,
>
> Thanks for the quick reply.
>
> That is what I had understand from my reading but wasn't sure.
>
> My next question is about OpenSSH. There is no official support in
> OpenSSH for FIPS at the moment
-boun...@openssl.org] On Behalf Of
Eric Tremblay
Sent: Wednesday, October 26, 2016 3:06 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Enabling FIPS on an custom embedded system.
Hi Steve,
Thanks for the quick reply.
That is what I had understand from my reading but wasn't sure
Hi Steve,
Thanks for the quick reply.
That is what I had understand from my reading but wasn't sure.
My next question is about OpenSSH. There is no official support in OpenSSH
for FIPS at the moment right ?
Thanks
Eric
On Wed, Oct 26, 2016 at 5:04 PM, Steve Marquess
wrote:
>
On 10/26/2016 04:37 PM, Eric Tremblay wrote:
> Hi all,
>
> __ __
>
> I have built the FIPS module into our Platform but I am stuck at the
> point to enable it.
>
> __ __
>
> We need FIPS to be enabled « Platform wide » not just for one
> application.___
Hi all,
I have built the FIPS module into our Platform but I am stuck at the point
to enable it.
We need FIPS to be enabled « Platform wide » not just for one application.
I have read the documentation and search on the web for answer but it seem
that I would have
to modify a package or
Hey Openssl-User's,
I'm trying to understand the difference between how primes are generated in
RSA X9.31 ANSI standards ( which I don't have access to ) and FIPS 186-4 (
found here: http://csrc.nist.gov/groups/STM/cavp/documents/dss2/rsa2vs.pdf )
In the code at crypt
.4346
From: openssl-users on behalf of Dr.
Stephen Henson
Sent: Tuesday, October 11, 2016 10:35 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Building an application with OpenSSL and
FIPSsupport.
On Mon, Oct 10, 2016, Matthew Heimlich wrote:
> $openssl
On Mon, Oct 10, 2016, Matthew Heimlich wrote:
> $openssl version
>
> returns:
>
> OpenSSL 1.0.2j-fips
>
> My FIPS module version is openssl-fips-2.0.13
>
> $OPENSSL_FIPS=1 openssl md5 /dev/null
>
> returns:
>
> Error setting digest md5
> 14006
$openssl version
returns:
OpenSSL 1.0.2j-fips
My FIPS module version is openssl-fips-2.0.13
$OPENSSL_FIPS=1 openssl md5 /dev/null
returns:
Error setting digest md5
140066569107136:error:060A80A3:digital envelope
routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:
$OPENSSL_FIPS=1
On Fri, Oct 07, 2016, Matthew Heimlich wrote:
> Which returns
>
>
> Attempting to set FIPS mode to 1...
> Last error was: 2d06b06f
> FIPS_mode_set failed: 2d06b06f
> FIPS mode is: 0???
>
> So it would appear that my FIPS mode is never even being set, and walking
&g
On Fri, Oct 07, 2016, craig_we...@trendmicro.com wrote:
> I am trying to build a library of FIPS 2.0.12 and OpenSSL 1.0.2f for MIPS
> architecture on vxWorks. I am getting this error during the link step:
>
> ../libcrypto.a(bn-mips.o)(.text+0x700): In function `bn_div_3_words&#x
ers@openssl.org'
Subject: Linking FIPS 2.0.12 and OpenSSL 1.0.2f - "multiple definition of
`bn_div_3_words"
I am trying to build a library of FIPS 2.0.12 and OpenSSL 1.0.2f for MIPS
architecture on vxWorks. I am getting this error during the link step:
../libcrypto.a(bn-mip
t ret = 0;
unsigned long err = 0;
if(mode == 0)
{
ret = FIPS_mode_set(1 /* on */);
printf("Attempting to set FIPS mode to 1...\n");
err = ERR_peek_last_error();
printf("Last error was: %lx\n", err);
if(ret != 1)
{
Matt,
What part of the selftest fails? Can you step through it with a debugger?
Cheers,
Ethan
On Fri, Oct 7, 2016 at 10:56 AM, Matthew Heimlich
wrote:
> I'm on RHEL7. I've got a very simple encryption/decryption program that
> works fine without FIPS support enabled, but
I am trying to build a library of FIPS 2.0.12 and OpenSSL 1.0.2f for MIPS
architecture on vxWorks. I am getting this error during the link step:
../libcrypto.a(bn-mips.o)(.text+0x700): In function `bn_div_3_words':
: multiple definition of `bn_div_3_words'
/usr/local/src/w/bran
I'm on RHEL7. I've got a very simple encryption/decryption program that works
fine without FIPS support enabled, but fails when it is:
#include
#include
#include
#include
void handleErrors(void)
{
ERR_print_errors_fp(stderr);
abort();
}
int encrypt(unsigned char *plai
> Work on the new FIPS module has so far taken a backseat to higher
> priority topics like the 1.1 release ...
OpenSSL 1.1.0 was a very strong release. The team did an awesome job.
Hats off to them for a job that exceeded well done.
I did not observe problems at places where you can ta
On 09/29/2016 12:40 PM, Troy Smoke wrote:
> I am in the position of evaluating products that have (or claim to have)
> implemented the OpenSSL FIPS module.
>
> I would like to be able to be able to run a command or run the FIPS
> self-test on command, for the purpose of verifyin
I am in the position of evaluating products that have (or claim to have)
implemented the OpenSSL FIPS module.
I would like to be able to be able to run a command or run the FIPS
self-test on command, for the purpose of verifying if OpenSSL is operating
in FIPS mode.
This may not be important for
l address
> this or not. An option to compile the fips module as a dll instead
> of a static lib would be nice or at least allow the fips capable
> module to be rebased.
As I understand it (not being a Windows person), we don't have any
options good across the Windows ecosystem.
On 09/27/2016 10:56 AM, Perrow, Graeme wrote:
> I am trying to build FIPS OpenSSL libraries for Linux PPC64 but it does
> not seem possible. This has been raised before (link below) but I didn’t
> see any resolution.
>
>
>
> http://openssl.6102.n7.nabble.com/BUG-FIPS-cap
I am trying to build FIPS OpenSSL libraries for Linux PPC64 but it does not
seem possible. This has been raised before (link below) but I didn't see any
resolution.
http://openssl.6102.n7.nabble.com/BUG-FIPS-capable-OpenSSL-fails-to-build-on-Linux-PPC64-td66890.html
I can build it if
> As always, if you don't care about FIPS 140 then count yourself lucky and
> move on.
>
> Work on the new FIPS module has so far taken a backseat to higher priority
> topics like the 1.1 release and security vulnerabilities, but we should start
> to
> make some progre
On 27/09/2016 15:41, Steve Marquess wrote:
As always, if you don't care about FIPS 140 then count yourself lucky
and move on.
Work on the new FIPS module has so far taken a backseat to higher
priority topics like the 1.1 release and security vulnerabilities, but
we should start to make
As always, if you don't care about FIPS 140 then count yourself lucky
and move on.
Work on the new FIPS module has so far taken a backseat to higher
priority topics like the 1.1 release and security vulnerabilities, but
we should start to make some progress soon. I've put together a
;
> Regards,
>
>
Yes, it's fine to stay at 2.0.1 if that's working for you now.
With one singular exception, we're not allowed to implement improvements
or bug fixes in a validated cryptographic module, so the later revisions
of the OpenSSL FIPS module (now up to 2.0.1
Hi,
I am having a product which is right now using openssl1.0.1s and
opensslfips 2.0.1
I am upgrading to openssl1.0.2h, is it OK to still be at openssfips 2.0.1
or do i need to upgrade the opensslfips too to 2.0.12?
Regards,
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/
Multiple versions of OpenSSL can, with an additional source package (the
OpenSSL FIPS module) be built by you to be 140-2 compliant. See
http://openssl.com/fips/
for more info.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Vikram Kamaraj - ERS, HCL Tech
Sent
On 08/17/2016 09:10 AM, Vikram Kamaraj - ERS, HCL Tech wrote:
> Hello OpenSSL,
>
>
>
> Which version of OpenSSL is FIPS 140 compliant?
None. A more useful question to ask is "for which versions of OpenSSL
are compatible FIPS modules available?". The answer to tha
Hello OpenSSL,
Which version of OpenSSL is FIPS 140 compliant?
Thanks,
Vikram K
::DISCLAIMER::
The contents of this e-mail and any attachment(s
On 04/08/2016 17:53, Thomas Francis, Jr. wrote:
...
I really should point out three things, though:
1) FIPS 140 compliance (from any software package) is always less secure than
non-FIPS 140 compliant packages. By its nature, the validation process places
software several months to years
> On Aug 4, 2016, at 11:00 AM, o haya wrote:
>
> Hi,
>
> I've been tasked to look into FIPS 140-2 "compliance" for our systems,
> overall, and I know that there's a "FIPS 140-2 module" for OpenSSL, that
> needs to be built from source and
On 08/04/2016 11:00 AM, o haya wrote:
> Hi,
>
> I've been tasked to look into FIPS 140-2 "compliance" for our
> systems, overall, and I know that there's a "FIPS 140-2 module" for
> OpenSSL, that needs to be built from source and then integrated int
Hi,
I've been tasked to look into FIPS 140-2 "compliance" for our systems, overall,
and I know that there's a "FIPS 140-2 module" for OpenSSL, that needs to be
built from source and then integrated into OpenSSL by building OpenSSL with the
FIPS module.
T
Thanks for the explanation.
> Just link against the library produced by the FIPS capable
> OpenSSL build. If, for some reason, that only produced
> libcrypto.a, then you need to investigate why — perhaps you
> passed “no-shared” when running the config script?
The confusion came fr
> On Aug 2, 2016, at 1:59 PM, jonetsu wrote:
>
> The current FIPS User Guide mentions:
>
> "3.3 Creation of Shared Libraries
>
> The FIPS Object Module is not directly usable as a shared
> library, but it can be linked into an application that is a
> sh
On Tue, Aug 02, 2016, jonetsu wrote:
> FIPS: Need to use FIPS versions of (EVP) methods ?
>
> In FIPS mode, is there a need to use the FIPS_* methods instead of the
> regular ones once FIPS_mode_set(1) was successfully executed ? For
> instance, is there a need to use FIPS_evp_sh
FIPS: Need to use FIPS versions of (EVP) methods ?
In FIPS mode, is there a need to use the FIPS_* methods instead of the
regular ones once FIPS_mode_set(1) was successfully executed ? For
instance, is there a need to use FIPS_evp_sha1() instead of EVP_sha1()
? Wouldn't the FIPS versi
The current FIPS User Guide mentions:
"3.3 Creation of Shared Libraries
The FIPS Object Module is not directly usable as a shared
library, but it can be linked into an application that is a
shared library. A “FIPS compatible” OpenSSL distribution will
automatically incorpora
++
https://android.googlesource.com/platform/external/conscrypt/+/master/src/main/native/org_conscrypt_NativeCrypto.cpp
org_conscrypt_NativeCrypto.cpp
https://android.googlesource.com/platform/external/conscrypt/+/master/Android.mk
(Build OpenSSL or BoringSSL).
Intention: Load FIPS compliance
>
> I have been trying for the life of me to get the FIPS module to compile
> for those supported platforms. Our app compiles for those platforms so
> without a compatible version of the openssl FIPS it causes errors.
>
> Is there any plans to have the FIPS module support t
l function that I'm using for hashing is
> "SHA512" from FIPS OpenSSL.
> Does the mere usage of salt that was generated via a non-FIPS-recommended
> approach violate my compliance ?
You used what is typically considered a cryptographic function (some form of
RNG) from a so
Hi Thomas,
Thanks for your response! It clears up matters a lot :)
There's one thing that I thought of though -- even though I'm generating
the salt via non-OpenSSL means, the actual function that I'm using for
hashing is "SHA512" from FIPS OpenSSL.
Does the mere usage o
> On Jul 27, 2016, at 8:18 PM, pratyush parimal
> wrote:
>
> Hi all,
>
> I work on a consumer application which is striving to be fips-140-2 compliant.
>
> I'm using OpenSSL as recommended in the fips guide by invoking
> fips_mode_set(). However, in certa
Hi all,
I work on a consumer application which is striving to be fips-140-2
compliant.
I'm using OpenSSL as recommended in the fips guide by invoking
fips_mode_set(). However, in certain parts of the same application, I'm
using my own non-OpenSSL random number generator to generate
Hello,
Is it possible to simulate FIPS failure at run-time, at any given time ? Or
does OpenSSL have to start in failure simulation mode ? Also, is failure
simulation a standard part of a normal, non-debug, build ?
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com
> Does 2.0.12 support 186-4 ? Specifically, does it support the RSA
> requirements ?
No.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello,
Does 2.0.12 support 186-4 ? Specifically, does it support the RSA requirements
?
Thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
ply. I really appreciate your suggestion but I some
>> > how need to have static library not the dynamic one.
>>
>> You can statically link an application with the FIPS module, using the
>> special "fipsld" link process, but you cannot put the FIPS module in a
>&
tic library not the dynamic one.
>
> You can statically link an application with the FIPS module, using the
> special "fipsld" link process, but you cannot put the FIPS module in a
> conventional static library (as managed with "ar").
>
> Unfortunately the re
On 06/29/2016 07:09 AM, Sahil Gandhi wrote:
> Hi Ken,
>
> Sorry for the late reply. I really appreciate your suggestion but I some
> how need to have static library not the dynamic one.
You can statically link an application with the FIPS module, using the
special "fipsld"
> https://wiki.openssl.org/index.php/Android .
>
> Trying to warp libcryto.so to your dynamic library by the specified FIPS
> compiler, once you successfully generated your dynamic library, then no
> need to specify FIPS compiler for compiling your execute program any more,
> and it work
I think you should refer the way of building Android application
https://wiki.openssl.org/index.php/Android .
Trying to warp libcryto.so to your dynamic library by the specified FIPS
compiler, once you successfully generated your dynamic library, then no
need to specify FIPS compiler for
ws fingerprint mismatch error.
>>> My sample source file has FIPS_mode_set(1) call only.
>>>
>>> Because fipscannister.o is not compiled as 100% position independent
>> code (and cannot legally be done so due to the bureaucratic rules of
>> the FIPS validation), ev
if i use that new library(to create executable) as it is, it
>> throws fingerprint mismatch error.
>> My sample source file has FIPS_mode_set(1) call only.
>>
>> Because fipscannister.o is not compiled as 100% position independent
> code (and cannot legally be done so due
(and cannot legally be done so due to the bureaucratic rules of
the FIPS validation), every new program linked to the FIPS enabled
libcrypto.a will end up with a different fingerprint for the
fipscannister.
And if load address randomization is enabled in the operating system,
each new run of the pr
<mailto:jb-open...@wisemo.com>> wrote:
> >
> > On 24/06/2016 07:59, Sahil Gandhi wrote:
> >
> > Hi All,
> >
> > I have built Openssl-fips-2.0.10.tar on* RHEL Linux* (/_*Same
> > happens with Solaris 10*_/). Then I built
<mailto:jb-open...@wisemo.com>> wrote:
>
> On 24/06/2016 07:59, Sahil Gandhi wrote:
>
> Hi All,
>
> I have built Openssl-fips-2.0.10.tar on* RHEL Linux* (/_*Same
> happens with Solaris 10*_/). Then I built Openssl-1.0.1p using
>
Hi Jakob,
Could you please elaborate it? I am not getting it.
I might missing something but I did not get it.
Many Thanks Jakob for replying.
-Sahil
On Fri, Jun 24, 2016 at 11:57 AM, Jakob Bohm wrote:
> On 24/06/2016 07:59, Sahil Gandhi wrote:
>
>> Hi All,
>>
>> I
On 24/06/2016 07:59, Sahil Gandhi wrote:
Hi All,
I have built Openssl-fips-2.0.10.tar on* RHEL Linux* (/_*Same happens
with Solaris 10*_/). Then I built Openssl-1.0.1p using respective fips
object module (i.e. Openssl-fips-2.0.10.tar).
Once I have built Openssl-1.0.1p, libcrypto.a and
Hi All,
I have built Openssl-fips-2.0.10.tar on* RHEL Linux* (*Same happens with
Solaris 10*). Then I built Openssl-1.0.1p using respective fips object
module (i.e. Openssl-fips-2.0.10.tar).
Once I have built Openssl-1.0.1p, libcrypto.a and libssl.a has been created.
I need to join these 2
my above question is that, we don't want to build 2 versions of
our product, one that is built with 2.0.10 and another with 2.0.12 or higher
for the same OS with different version (say FreeBSD 9.x and 10.x) to claim
FIPS-validated status.
This way, we may be able to pay for re-asserting/revali
Hello all,
I have successfully compiled/linked w/ fipsld and FIPS_mode_set(1) returns
true.
I'm trying to understand what the FIPS_signature variable represents. Can
it be used to verify/match against the FIPS library somehow? Is it
supposed to match the sha/mac from the fips build? Or s
On 05/24/2016 07:56 AM, Philip Bellino wrote:
> Hello,
>
> I am looking for the Changelog that explains the changes between
> openssl-fips-2.0.9 and 2.0.12.
>
>
>
> The README.FIPS that comes with 2.0.12 points here:
> https://www.openssl.org/docs/fips bu
Hello,
I am looking for the Changelog that explains the changes between
openssl-fips-2.0.9 and 2.0.12.
The README.FIPS that comes with 2.0.12 points here:
https://www.openssl.org/docs/fips but I cannot find the changes.
Any help would be most appreciated.
Thanks,
Phil
[E-Banner]<h
g/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-23-20151030.x86_64.qcow2
OpenSSL: error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure
OpenSSL: error:2D08E06B:FIPS routines:FIPS_CHECK_EC:pairwise test failed
OpenSSL: error:1409802
Hello,
Is there anything new regarding the prime number requirement handling for
FIPS 186-4, as far as supporting it ? I asked some time ago. Just want to
see if anything has changed, if there's anything planned. - thanks !
--
View this message in context:
http://openssl.6102.n7.nabbl
If you neither know nor care what FIPS 140-2 is, count yourself lucky
and move on (even if you're a Star Wars fan; this isn't nearly as
entertaining).
The "Alternative Scenario 1A/1B" aka "clone" aka "rebrand" validations
have been an endless source of conf
On 04/05/2016 08:15, mani kanta wrote:
Hello,
While the SSL handshake is happening,I am getting the error as below
SSL_connect error:0408E09E:rsa routines:PKEY_RSA_SIGN:operation not
allowed in fips mode.
ssl handshake went well up to client sending key exchange to server
and failing in
Hello,
While the SSL handshake is happening,I am getting the error as below
SSL_connect error:0408E09E:rsa routines:PKEY_RSA_SIGN:operation not allowed
in fips mode.
ssl handshake went well up to client sending key exchange to server and
failing in the process of send client verify. Why this
401 - 500 of 2862 matches
Mail list logo
