On Thu, Sep 25, 2008, joshi chandran wrote:
> I am using openssl 0.9.7m . Yes,I have the used the OPENSSL_FIPS=1 when
> calling the command . i am attaching the testscript which i am using.
> please help me
>
[snipped]
Your config files have default_md = md5 in several places. Change those to
s
I am using openssl 0.9.7m . Yes,I have the used the OPENSSL_FIPS=1 when
calling the command . i am attaching the testscript which i am using.
please help me
Thanks
Joshi
On Thu, Sep 25, 2008 at 10:02 PM, Dr. Stephen Henson <[EMAIL PROTECTED]>wrote:
> On Thu, Sep 25, 2008, joshi chandran wro
On Thu, Sep 25, 2008, joshi chandran wrote:
> I am trying to test the Fips capable openssl and when i am testing it i am
> getting some error
>
> openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform
> PEM
>
> Generating a 2048 bit RSA private key
>
On Thu, Sep 25, 2008, joshi chandran wrote:
> I am trying to test the Fips capable openssl and when i am testing it i am
> getting some error
>
> openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform
> PEM
>
> Generating a 2048 bit RSA private key
>
I am trying to test the Fips capable openssl and when i am testing it i am
getting some error
openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform
PEM
Generating a 2048 bit RSA private key
+
David Schwartz wrote:
> In many cases, FIPS actually results in (you might reasonably think, at
> least) reduced security. ...
>
> C) Quasi-FIPS. All FIPS rules are followed, except where it is genuinely
> believed that these rules reduce security or are unreasonably impractical.
> For example,
> I am rather confused why people need to drop out of FIPS mode. The
> Federal Information Processing Standard dictates that FIPS-validated
> cryptography be used for everything that requires cryptographic
> transformation for storage (or really anything that enters or leaves
> the cryptograpic s
In a word: no.
That's one of the goals of the FIPS 1.2.0 release and 0.9.8-fips branches.
-Kyle H
On Wed, Sep 24, 2008 at 7:38 AM, joshi chandran
<[EMAIL PROTECTED]> wrote:
> Is it possible to create FIPS enabled openssl shared library(openssl 0.9.7m)
> ? I am not able to build shared library .I
This is a known issue.
This workflow fails:
FIPS_mode_set(1);
FIPS_mode_set(0);
FIPS_mode_set(1); /* fails */
This workflow succeeds:
FIPS_mode_set(1);
FIPS_mode_set(0);
RAND_set_rand_method(NULL);
FIPS_mode_set(1); /* succeeds */
The reason is that the 1.1.x series of FIPS did not properly hand
Is it possible to create FIPS enabled openssl shared library(openssl 0.9.7m)
? I am not able to build shared library .I am using AIX unix system
Thanks
Joshi
On Wed, Sep 24, 2008 at 6:47 PM, joshi chandran
<[EMAIL PROTECTED]>wrote:
> when i have done FIPS_mod_set(1),it goes into the fips mode an
when i have done FIPS_mod_set(1),it goes into the fips mode and when i am
doing FIPS_mod_set(0), it come out of fips mode but when i again apply
FIPS_mod_set(1) ,it does not goes to fips mode
can u please help me out
Thanks
Joshi
On Wed, Sep 24, 2008 at 3:55 AM, Tim Hudson <[EMAIL PROTECTED]> w
joshi chandran wrote:
when i am using make CC=fipsld FIPSLD_CC=gcc , i am getting error message
> gcc: unrecognized option `-qnostdinc'
> gcc: unrecognized option `-qnolm'
Those are xlc options - i.e. the IBM compiler.
Perhaps
make CC=fipsld FIPSLD_CC=xlc
might be a better option. Look
Sent: Monday, September 22, 2008 3:44 AM
To: openssl-users@openssl.org
Subject: Re: FIPS-capable curl: Solaris 9 - fingerprint does not match
On Sun, Sep 21, 2008, Welling, Conrad Gerhart wrote:
> Back to square 2 out of 3:
>
> Platform:
> SunOS bear 5.9 Generic_118558-34 sun4u sparc SUNW
alf Of Dr. Stephen Henson
> Sent: Monday, September 22, 2008 3:44 AM
> To: openssl-users@openssl.org
> Subject: Re: FIPS-capable curl: Solaris 9 - fingerprint does not match
>
>
> On Sun, Sep 21, 2008, Welling, Conrad Gerhart wrote:
>
> > Back to square 2 out of 3:
>
course, my FIPS-capable curl built successfully.
Thanks again.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: Monday, September 22, 2008 3:44 AM
To: openssl-users@openssl.org
Subject: Re: FIPS-capable curl: Solaris 9 - fingerprin
joshi chandran wrote:
> how to link fipsld with the application .Can u please explain
Please read the documentation:
http://www.openssl.org/docs/fips/SecurityPolicy-1.1.2.pdf and
http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf.
-Steve M.
--
Steve Marquess
Open Source Software institute
[EM
how to link fipsld with the application .Can u please explain
On Mon, Sep 22, 2008 at 4:14 PM, Dr. Stephen Henson <[EMAIL PROTECTED]>wrote:
> On Sun, Sep 21, 2008, Welling, Conrad Gerhart wrote:
>
> > Back to square 2 out of 3:
> >
> > Platform:
> > SunOS bear 5.9 Generic_118558-34 sun4u sparc S
On Sun, Sep 21, 2008, Welling, Conrad Gerhart wrote:
> Back to square 2 out of 3:
>
> Platform:
> SunOS bear 5.9 Generic_118558-34 sun4u sparc SUNW,Ultra-5_10
> gcc (GCC) 3.4.6
> GNU ld version 2.17
> GNU ar 2.17
>
> 1. Built fips-1.1.2 successfully
>
> 2. Built openssl-0.9.7m successfully with
18 matches
Mail list logo