Re: [openssl-users] FIPS Static Library linked into Win32 Dll builds but fails self test

On Tue, Feb 02, 2016, Neptune wrote: > FIPS Object Module 2.0.9 > OpenSSL 1.0.1l > Platform: Win32 > > I am attempting to statically link a FIPS-capable library into a .dll. The > .dll is built without errors and by viewing the .dll in a hex editor I can > see the correct HMAC is embedded

[openssl-users] FIPS Static Library linked into Win32 Dll builds but fails self test

FIPS Object Module 2.0.9 OpenSSL 1.0.1l Platform: Win32 I am attempting to statically link a FIPS-capable library into a .dll. The .dll is built without errors and by viewing the .dll in a hex editor I can see the correct HMAC is embedded within and correct, but the self test is failing.

Re: [openssl-users] FIPS Static Library linked into Win32 Dll builds but fails self test

Thank you...that would explain why I'm suddenly having success when I give our .dll a fixed address. Unfortunately, this is something we are trying to avoid. Even more unfortunate is we are stuck with Win32 (at least for another year) and linking to the executable is not a solution because the dll

Re: [openssl-users] How to enable FIPS mode system-wide for the FIPS capable OpenSSL?

Thanks Steve. I think the way to use OPENSSL_config() and openssl.conf to enable FIPS mode basically still requires each application to explicitly invoke OPENSSL_config() API in order to truly enable the FIPS mode, is that correct? If that's the case, then basically there's no way to really

[openssl-users] Rgd. CVE-2015-3197 fix test verification !!

Can someone please tell me how to verify the fix done for CVE-2015-3197. I want to test 1.0.1r version for this issue. >From the issue description I'm not able to understand what exactly client and server doing. Please tell me what packet client has to send or else please provide me the packet

Re: [openssl-users] error when linking with OpenSSL library dynamically

On 02/02/16 09:18, Martin Vegter wrote: > On 1 February 2016 at 22:45, Viktor Dukhovni > wrote: >> >> You're using internal function names that are not exported by the >> libcrypto shared library on Debian systems. Use the EVP interface. >> >> In future versions of

Re: [openssl-users] Strange problem with 1.0.2f SSL_shutdown in multithreaded server

On 02/02/16 07:52, Jakob Bohm wrote: > I am trying to upgrade an existing 3rd party multithreaded server > from OpenSSL 1.0.2c to 1.0.2f . However when I do so, it starts > mishandling the close_notify "alert". > > 1.0.2f seems to send the close_notify alert unencrypted followed > by an

Re: [openssl-users] error when linking with OpenSSL library dynamically

On 1 February 2016 at 22:45, Viktor Dukhovni wrote: > > You're using internal function names that are not exported by the > libcrypto shared library on Debian systems. Use the EVP interface. > > In future versions of OpenSSL constrained visibility of shared > library

[openssl-users] Help with M2Crypto on Windows?

Hi, I am the crazy guy who decided to continue in maintenance of M2Crypto when everybody else wisely (?) left the ship. Unfortunately (for M2Crypto), I am a Linux guy, so while I have finally gave up and installed Windows X in VM, I am really lost in the Windows APIs and we have currently

Re: [openssl-users] Strange problem with 1.0.2f SSL_shutdown in multithreaded server

On 02/02/2016 11:40, Matt Caswell wrote: On 02/02/16 07:52, Jakob Bohm wrote: I am trying to upgrade an existing 3rd party multithreaded server from OpenSSL 1.0.2c to 1.0.2f . However when I do so, it starts mishandling the close_notify "alert". 1.0.2f seems to send the close_notify alert

Re: [openssl-users] Strange problem with 1.0.2f SSL_shutdown in multithreaded server

On 02/02/16 11:24, Jakob Bohm wrote: > On 02/02/2016 11:40, Matt Caswell wrote: >> On 02/02/16 07:52, Jakob Bohm wrote: >>> I am trying to upgrade an existing 3rd party multithreaded server >>> from OpenSSL 1.0.2c to 1.0.2f . However when I do so, it starts >>> mishandling the close_notify

Re: [openssl-users] OpenSSL FIPS: OPENSSL_config() and self-tests

Hi All: Based on the OpenSSL FIPS user guide, the FIPS_mode_set API from the OpenSSL FIPS modules run a the necessary self-tests. I was wondering does the OPENSSL_config() API also run the self-tests? Your suggestions are greatly appreciated. Thanks. On Mon, Feb 1, 2016 at 1:37 PM, security

Re: [openssl-users] OpenSSL FIPS: OPENSSL_config() and self-tests

On Tue, Feb 02, 2016, security veteran wrote: > Hi All: > > Based on the OpenSSL FIPS user guide, the FIPS_mode_set API from the > OpenSSL FIPS modules run a the necessary self-tests. > > I was wondering does the OPENSSL_config() API also run the self-tests? > Short answer: yes. Longer