I am experimenting with the OpenSSL FIPS Module 2.0, but am encountering some
difficulty.
I need to perform some RC4 calculations in code that does not need to be FIPS
compliant, even though I want all FIPS ciphers to be performed in FIPS mode.
I'm trying to use the
On Fri, Feb 10, 2012 at 09:39:20AM -0500, Erik Tkal wrote:
I am experimenting with the OpenSSL FIPS Module 2.0, but am encountering some
difficulty.
I need to perform some RC4 calculations in code that does not need to be
FIPS compliant, even though I want all FIPS ciphers to be
] On
Behalf Of Thor Lancelot Simon
Sent: Friday, February 10, 2012 9:52 AM
To: openssl-dev@openssl.org
Subject: Re: FIPS Module 2.0 -- using non-FIPS ciphers
On Fri, Feb 10, 2012 at 09:39:20AM -0500, Erik Tkal wrote:
I am experimenting with the OpenSSL FIPS Module 2.0, but am encountering some
On Fri, Feb 10, 2012 at 10:01:43AM -0500, Erik Tkal wrote:
Yes, I understand all that; we currently have our own certified FIPS module
that I wired into OpenSSL via the engine APIs. Assuming that the module
boundary is the code in the FIPS canister, I want that module to perform all
] On
Behalf Of Thor Lancelot Simon
Sent: Friday, February 10, 2012 10:08 AM
To: openssl-dev@openssl.org
Subject: Re: FIPS Module 2.0 -- using non-FIPS ciphers
On Fri, Feb 10, 2012 at 10:01:43AM -0500, Erik Tkal wrote:
Yes, I understand all that; we currently have our own certified FIPS module
that I
On Fri, Feb 10, 2012, Erik Tkal wrote:
I'm just saying that there are options to allow this and it just doesn't seem
to work.
#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW0x0008 /* Allow use of non
FIPS digest
* in FIPS mode */
/*
-- using non-FIPS ciphers
On Fri, Feb 10, 2012, Erik Tkal wrote:
I'm just saying that there are options to allow this and it just doesn't seem
to work.
#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW0x0008 /* Allow use of non
FIPS digest
Just go get source code for RC4 and call it directly when you need RC4.
--David
On 2/10/2012 6:39 AM, Erik Tkal wrote:
I am experimenting with the OpenSSL FIPS Module 2.0, but am
encountering some difficulty.
I need to perform some RC4 calculations in code that does not need to
be
On Fri, Feb 10, 2012, Erik Tkal wrote:
Hi Steve, thanks. This also seems to be a general issue with setting other
fields in the context, for example to override the key length (even in
non-FIPS mode) you have to initialize the cipher context with the cipher,
then set the fields in the
On Fri, Feb 10, 2012, Erik Tkal wrote:
I think the following in evp_enc.c at line 123 might work to only clean up
the CTX if you were specifying a cipher and one was already present:
if (cipher)
{
/* Ensure a context left lying around from last time is
10 matches
Mail list logo