I am trying to generate a shell script to run the fips algorithim tests
for CAVP testing on our platform. When running the test vectors through
fipsalgtest.pl to generate the script, I get some file name errors. It
looks like the fipsalgtest.pl perl script doesnt know about 186-3 files
yet
I suspect you need a
export FIPS_SIG=path to openssl-fips/util/incore
which embeds the signature in libcrypto.
On 18/03/13 17:16, Abhijit Ray Chaudhury wrote:
Hello,
I am trying to cross compile FIPS compliant openssl module
(openssl-fips-ecp-2.0.2.tar.gz) for linux armv4 pratform :
I have
Have you looked at http://www.matrixssl.org/ ?
On 07/03/13 08:37, Peter Sand wrote:
Hello,
My current solution is a cut down version of OpenSSL adapted for an
embedded solution.
So there is no filesystem etc.
A lot of underlying functions are stubbed.
I currently can save the SSL_SESSION in
Comparing printed debug values that I put into the incore script, it
looks like our compileris putting the signature somewhere between
FIPS_rodata_start and FIPS_rodata_end resulting in thefingerprint does
not match segment aliasing error. I can get around this by removing the
-fPIC option
Does anyone know what the incore script is supposed to do in some detail
or point me to some documentation about it? I don't know perl and am
struggling to get past a fingerprint mismatch error when attempting to
enter FIPS mode. In the previous version (0.9.8r + FIPSv1.2.3), where
incore
Hi All
I need some help with this one please...
What is segment aliasing and how can I fix this error?
In my makefile, I essentially have:
export CROSS_COMPILE=$(CROSS_COMPILE) \
export SYSTEM=Linux \
export MACHINE=ppc \
export RELEASE=2.4 \
export
Does anyone know why this warning is produced when attempting to call
SSL_export_keying_material()?
I have the FIPS module linked in and I notice that the Makefile in the
openssl-fips-2.0 dir contains the line:
OPTIONS= no-asm no-bf no-camellia no-cast no-ec_nistp_64_gcc_128 no-gmp
On 22/02/13 11:29, Dr. Stephen Henson wrote:
On Fri, Feb 22, 2013, T J wrote:
Does anyone know why this warning is produced when attempting to
call SSL_export_keying_material()?
I have the FIPS module linked in and I notice that the Makefile in
the openssl-fips-2.0 dir contains the line
On 22/02/13 11:48, Dr. Stephen Henson wrote:
On Fri, Feb 22, 2013, T J wrote:
On 22/02/13 11:29, Dr. Stephen Henson wrote:
On Fri, Feb 22, 2013, T J wrote:
Does anyone know why this warning is produced when attempting to
call SSL_export_keying_material()?
I have the FIPS module linked
, or don't set one.
On Sun, Feb 17, 2013 at 7:40 PM, T J jordan.tre...@gmail.com
mailto:jordan.tre...@gmail.com wrote:
Hi
I'm have some problems getting a client to connect to a server
using DTLS. My code is based on Robin Seggelmann's DTLSv1 example
at fh-muenster.de http://fh
exactly what I/O problem is occurring?
On 19/02/13 09:55, T J wrote:
Well passing the ret value from SSL_get_error() (which is 2) to
ERR_error_string() results in:
... error:0002:lib(0):func(0):system lib ...
which is a system error isn't it? - hence my reasoning to try using
the server is enabled, it hangs up on the client
before the handshake is complete. Why would it do that? Can the clients'
ssl give me anymore information?
On 19/02/13 11:49, Dr. Stephen Henson wrote:
On Tue, Feb 19, 2013, T J wrote:
I think it might be my client as SSL_connect() is returning 0. When
Hi
I'm have some problems getting a client to connect to a server using
DTLS. My code is based on Robin Seggelmann's DTLSv1 example at
fh-muenster.de. I'm implementing it on a point-point network only (data
connection between 2 radios), IP4 over udp so I've stripped it down a bit.
In my
From what I understand so far, the KeyBlock is the place to look for the
key? It's just a matter of getting the sizes and order of the individual
Keys and IV's so that I can extract the bits I need. Any pointers in that
area?
While it is technically possible to extract keys (search for
, Viktor Dukhovni wrote:
On Fri, Feb 01, 2013 at 10:05:15AM +1300, T J wrote:
These are sufficient to generate a session unique key via a suitable KDF
salted with an application-specific string.
OK, great. So I get the master key and run it through the a KDF and
I get a 256 bit encryption key
On Wed, Jan 30, 2013 at 06:15:27PM +, Viktor Dukhovni wrote:
If the OP does not mind potential future binary compatibility
issues, and is willing to use non-public interfaces, then
the master secret can be accessed via:
SSL *ssl;
/* ... */
SSL_SESSION *sess =
to
cryptography). I need a symmetric key for encrypting bulk data with
AES256. Wouldn't I need an input to the KDF with keyspace of at least
256 bits to generate the same key at both ends after the TLS handshake?
T J
__
OpenSSL Project
still need
to extract/derive a AES256 symmetric key from that - any ideas how?
Any pointers appreciated...
T J
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On 26/01/13 03:07, Dr. Stephen Henson wrote:
On Fri, Jan 25, 2013, T J wrote:
openssl version -d shows the INSTALL_PREFIX directory == $(SSLDIR)/base.
OpenSSL version -d
OPENSSLDIR: /home/tjordan/workspace/myproject/current/appfs/openssl/build/base
OpenSSL
If I set --openssldir=/usr/bin, I
On 28/01/13 11:20, Dr. Stephen Henson wrote:
On Mon, Jan 28, 2013, T J wrote:
On 26/01/13 03:07, Dr. Stephen Henson wrote:
On Fri, Jan 25, 2013, T J wrote:
openssl version -d shows the INSTALL_PREFIX directory == $(SSLDIR)/base.
OpenSSL version -d
OPENSSLDIR: /home/tjordan/workspace
It seems the path to the config file is hardcoded into the openssl
executable at compile time based on the install dir and the only way
to change it is by setting the environment variable OPENSSL_CONF. I
don't have that option.
In my setup, I am installing openssl to a temp dir
On 25/01/13 12:15, Dr. Stephen Henson wrote:
On Fri, Jan 25, 2013, T J wrote:
It seems the path to the config file is hardcoded into the openssl
executable at compile time based on the install dir and the only way
to change it is by setting the environment variable OPENSSL_CONF. I
don't have
It seems the path to the config file is hardcoded into the openssl
executable at compile time based on the install dir and the only way
to change it is by setting the environment variable OPENSSL_CONF. I
don't have that option.
In my setup, I am installing openssl to a temp dir
On 25/01/13 15:39, Dr. Stephen Henson wrote:
On Fri, Jan 25, 2013, T J wrote:
It seems the path to the config file is hardcoded into the openssl
executable at compile time based on the install dir and the only way
to change it is by setting the environment variable OPENSSL_CONF. I
don't have
It seems the path to the config file is hardcoded into the openssl
executable at compile time based on the install dir and the only way to
change it is by setting the environment variable OPENSSL_CONF. I don't
have that option.
In my setup, I am installing openssl to a temp dir
25 matches
Mail list logo
