somewhere.
Are there plans to publish the FIPS documents? When and where do you think
we'll see those?
Thanks,
Zeke Evans
Micro Focus
Thanks for the explanation. I figured I was headed down a dead end. This will
at least help me figure out how to handle things appropriately.
Zeke Evans
then they could block.
Thanks,
Zeke Evans
That works. Thanks!
-Original Message-
From: openssl-users On Behalf Of Dr Paul
Dale
Sent: Tuesday, January 26, 2021 6:01 PM
You could set the default property query to "?fips=yes". This will prefer FIPS
algorithms over any others but will not prevent other algorithms from being
rder to maintain backwards compatibility. Is there a
recommended method going forward that would allow reading and writing to a key
store while only using the fips provider?
Thanks,
Zeke Evans
Micro Focus
-Original Message-
From: openssl-users On Behalf Of Dr Paul
Dale
Sent: Tuesday, Ja
module. Will they
be supported in 3.0 with fips? If not, is there a way for applications running
in fips approved mode to support the same functionality and use existing
stores/files that contain PKCS12 objects?
Thanks,
Zeke Evans
Micro Focus
platforms can be
validated would also be helpful.
Thanks,
Zeke Evans
Senior Software Engineer, Micro Focus
From: openssl-project on behalf of Matt
Caswell
Sent: Wednesday, February 13, 2019 4:26 AM
To: openssl-annou...@openssl.org; openssl-users@openssl.org
surrounding this.
Thanks for your help!
Zeke Evans
Senior Software Engineer
Micro Focus
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Salz, Rich via openssl-users
Sent: Friday, February 02, 2018 5:26 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] FIPS 140
validations on the Active Validation List that implement the previously
allowed AES or TDEA key wrapping:
* Entries will be moved to the Historical List.
Can someone verify whether the FIPS 2.0 validation is affected by this?
Thanks,
Zeke Evans
Senior Software Engineer
Micro Focus
--
openssl-users
n various forms" will address this or not. An option
to compile the fips module as a dll instead of a static lib would be nice or at
least allow the fips capable module to be rebased.
Zeke Evans
Senior Software Engineer
Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi,
Our win32 applications will sometimes fail to start due to a
fingerprint mismatch in the fips module. It appears this is caused by
the fixed baseaddr used to verify the checksum. We are building with
the /FIXED and /DYNAMICBASE:NO options.
The User Guide states:
The standard OpenSSL build
Thanks for clarifying.
On Tue, Dec 30, 2014 at 5:55 AM, Kurt Roeckx k...@roeckx.be wrote:
On Mon, Dec 29, 2014 at 10:37:49AM -0700, Zeke Evans wrote:
Is an OpenSSL 1.0.1j build that does not use the no-ssl3 build option
still vulnerable to CVE-2014-3569? It seems the SSLv3 handshake
Is an OpenSSL 1.0.1j build that does not use the no-ssl3 build option
still vulnerable to CVE-2014-3569? It seems the SSLv3 handshake to a
no-ssl3 application scenario is just one way to exploit this and that
the ssl23_get_client_hello function causes this issue for any
unsupported or
That resolved the issue. Thanks!
On Thu, Jul 4, 2013 at 4:22 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, Jul 03, 2013, Zeke Evans wrote:
I built the FIPS module as specified in the User Guide (only using
./config). The 'bn_mul_mont_fpu' multiply-defined error only occurs
when
I get an error building a fips capable shared object on sparc64.
./config fips shared
make depend
make
ld: fatal: symbol 'bn_mul_mont_fpu' is multiply-defined:
(file /usr/local/ssl/fips-2.0/lib//fipscanister.o type=FUNC;
file libcrypto.a(sparcv9a-mont.o) type=FUNC);
ld: fatal: file
I get an error building a fips capable shared object on sparc64.
./config fips shared
make depend
make
ld: fatal: symbol 'bn_mul_mont_fpu' is multiply-defined:
(file /usr/local/ssl/fips-2.0/lib//fipscanister.o type=FUNC; file
libcrypto.a(sparcv9a-mont.o) type=FUNC);
ld: fatal: file processing
Of Zeke Evans
Sent: Wednesday, July 03, 2013 4:29 PM
To: openssl-users@openssl.org
Subject: bn_mul_mont_fpu multiply-defined error
I get an error building a fips capable shared object on sparc64.
./config fips shared
make depend
make
ld: fatal: symbol 'bn_mul_mont_fpu' is multiply-defined
.
On Thu, Feb 14, 2013 at 8:55 AM, Steve Marquess
marqu...@opensslfoundation.com wrote:
On 02/13/2013 06:58 PM, Zeke Evans wrote:
Hi,
Building the FIPS module on sparc 64-bit is generating a 32-bit
binary. The following message is in the output:
WARNING! If you wish to build 64-bit library
Hi,
Building the FIPS module on sparc 64-bit is generating a 32-bit
binary. The following message is in the output:
WARNING! If you wish to build 64-bit library, then you have to
invoke './Configure solaris64-sparcv9-cc' *manually*.
My understanding is that building with that
19 matches
Mail list logo