Hi,
I want to use FIPS compliant algorithms and keys. For that I understand, I
need to have Openssl FIPS object library along with default openssl.
However, I am not understanding how to install them. My questions are :
1. Both are tar.gz. Should I run ./Configure, make and make install for
Thanx for pointin out for more detailed description. Tried actually
with no-camelia flag and had error:
#error CAMELLIA is disabled
from ./crypto/camellia/camellia.h.
I didn't know that i also should manually remove that directory after
make depend.
On Wed, Jan 9, 2013 at 7:23 PM, Jeremy Farrell
Tried to turn off everything i can:
#!/bin/bash
make clean make dclean ./config no-threads no-shared no-zlib \
no-camellia no-bf no-cast no-des no-dh no-dsa no-mac no-md2 no-mdc2 no-rc2 \
no-rc4 no-rc5 no-rsa no-krb5
make depend
make
# no-sha no-md5
# make make install
#
After turning off all ciphers i implicitly turned off whole TLS1:
#ifndef OPENSSL_NO_TLS1
# define OPENSSL_NO_TLS1
#endif
#ifndef OPENSSL_NO_TLSEXT
# define OPENSSL_NO_TLSEXT
#endif
- in my opensslconf.h
So, which cipher should remain i.e. which of them corresponds to
On 1/9/2013 6:40 PM, Ribhi Kamal wrote:
Hi all,
I've compiled openssl 0.9.8x on windows 7 using VS2010 pro using the
following steps:
perl Configure VC-WIN64A --prefix=%LIB_OUT%
CALL ms\do_win64a
nmake -f ms\ntdll.mak
nmake -f ms\ntdll.mak test
nmake -f ms\ntdll.mak install
Unfortunately the
On Thu, Jan 10, 2013 at 3:07 AM, Nayna Jain naynj...@in.ibm.com wrote:
Hi,
I want to use FIPS compliant algorithms and keys. For that I understand, I
need to have Openssl FIPS object library along with default openssl.
However, I am not understanding how to install them. My questions are :
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jakob Bohm
Sent: Friday, December 21, 2012 8:23 PM
To: openssl-users@openssl.org
Subject: Re: RSA_private_decrypt function takes longer time.
On 12/21/2012 1:13 PM,
On Thu, Jan 10, 2013 at 6:13 AM, Tayade, Nilesh
nilesh.tay...@netscout.com wrote:
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jakob Bohm
Sent: Friday, December 21, 2012 8:23 PM
To: openssl-users@openssl.org
Subject:
On 1/10/2013 12:13 PM, Tayade, Nilesh wrote:
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jakob Bohm
Sent: Friday, December 21, 2012 8:23 PM
To: openssl-users@openssl.org
Subject: Re: RSA_private_decrypt function takes
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jakob Bohm
Sent: Thursday, January 10, 2013 6:56 PM
To: openssl-users@openssl.org
Subject: Re: RSA_private_decrypt function takes longer time.
[...]
Coming back to this.
On Thu, Jan 10, 2013 at 9:01 AM, Tayade, Nilesh
nilesh.tay...@netscout.com wrote:
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jakob Bohm
Sent: Thursday, January 10, 2013 6:56 PM
To: openssl-users@openssl.org
Subject:
Hi,
in the process of upgrading and migrating our server infrastructure I
have just put the updated Request Tracker into operation. The request
tracker stays reachable via r...@openssl.org (or the alias
openssl-b...@openssl.org).
While the migration is still in progress, the web interface is
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jeffrey Walton
Sent: Thursday, January 10, 2013 7:54 PM
To: openssl-users@openssl.org
Subject: Re: RSA_private_decrypt function takes longer time.
[...]
So I feel like
True. But HSM claims performance, correctness and security.
Jeffrey's point is that you need whole-system security, not just faster crypto.
(And your original note didn't say HSM, but implied just an accelerator card.)
For example, how do you make sure that only authentic and authorized
Thanks Jeffrey for the quick response.
I have one more question.
Actually there is also NIST Recommendations document i.e. NIST SP 800-131
A.
To satisfy the requirements for NIST SP 800-131 A ,
1. Do we need to use FIPS Object library module ?
2. Do we just need to make sure that we use
On Thu, Jan 10, 2013 at 11:04 AM, Nayna Jain naynj...@in.ibm.com wrote:
Thanks Jeffrey for the quick response.
I have one more question.
Actually there is also NIST Recommendations document i.e. NIST SP 800-131
A.
To satisfy the requirements for NIST SP 800-131 A ,
1. Do we need to use
Thanks Jakob, I'm using MASM (ml and ml64) and it seems to work ok for the
32bit build at least. Should I be using nasm for 64bit instead?
The functionality for SHA512 and the rest seems to be implemented because
the test for SHA512 (sha512t.exe) is compiled and works correctly. And I
think the
My issue is resolved. I had to add the following before calling httpd
configure:
export CC=fipsld
export FIPSLD_CC=gcc
Thanks.
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
From: owner-openssl-us...@openssl.org On Behalf Of Srivardhan Hebbar
Sent: Tuesday, 08 January, 2013 08:34
X509_STORE_add_cert() would add a certificate to the list of trusted
certificates in the ctx. What is the way to remove a certificate from
this trusted store? Am not finding any function
From: owner-openssl-us...@openssl.org On Behalf Of jeetendra gangele
Sent: Wednesday, 09 January, 2013 01:28
when I use AES_ofb128_encrypt for decrpyting 2 bytes of data.
Actually I have 18 bytes of data so 16 bytes I am decryting with CBC
and 2 bytes with OFB mode.
For this 2 bytes I am
On Thu, Jan 10, 2013 at 5:50 PM, Ribhi Kamal rbhka...@gmail.com wrote:
Never mind, the application (virtualbox) was incorrectly trying to use the
32bit version of openssl. But I still don't understand why a 32bit version
has different symbols that the 64bit one.
The message is probably similar
So even though the names differ by a prefixed underscore in ( _SHA1_Update
vs SHA1_Update ), the names are actually the same? I wonder what linker
logic is behind this
Thanks for the help,
RK
On Thu, Jan 10, 2013 at 6:09 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Jan 10, 2013 at
On Thu, Jan 10, 2013 at 6:33 PM, Ribhi Kamal rbhka...@gmail.com wrote:
So even though the names differ by a prefixed underscore in ( _SHA1_Update
vs SHA1_Update ), the names are actually the same? I wonder what linker
logic is behind this
Yes. That's a 'C' decoration. The underscore'd name is
From: owner-openssl-us...@openssl.org On Behalf Of Ribhi Kamal
Sent: Thursday, 10 January, 2013 17:51
Never mind, the application (virtualbox) was incorrectly trying to use
the 32bit version of openssl. But I still don't understand why a 32bit
version has different symbols that the 64bit one.
24 matches
Mail list logo