Hi All:
My understand is by using OPENSSL_config(), we will be able to enable the
FIPS mode globally on the system, is that correct?
My question is, if we enable FIPS mode through configuration and using
OPENSSL_config(), does it means for all the applications which link to
OpenSSL library, the
Hi All:
I was using the fipsalgtest.pl utility for running tests with some input
vectors.
Somehow I ran into the following errors:
Any suggestions will be greatly appreciated.
Thanks.
*Running ECDSA2 tests*
DEBUG: KeyPair, Pass=240, Fail=0
ERROR: PKV mismatch:
"QX =
Hi Steve,
Thanks. Yes I first built it using the standard way (./config fips shared)
and it went fine.
It's just when I switched to using the debian/ ubuntu build script (which
generated a slightly different Makefile compared to the standard one).
Not sure what could cause this problem.
I also
). Is that
correct?
The reason I ask was mainly because I am evaluating how I should modify my
server platform and applications in order to adapt FIPS capable OpenSSL
library into the platform.
Thanks and any suggestions are greatly appreciated.
On Mon, Feb 1, 2016 at 1:35 PM, security veteran
Hi All:
Based on the OpenSSL FIPS user guide, the FIPS_mode_set API from the
OpenSSL FIPS modules run a the necessary self-tests.
I was wondering does the OPENSSL_config() API also run the self-tests?
Your suggestions are greatly appreciated.
Thanks.
On Mon, Feb 1, 2016 at 1:37 PM, security
com>
wrote:
> On 01/28/2016 07:11 PM, security veteran wrote:
> > Hi All:
> >
> > Is there a way to enable FIPS mode globally, instead of having to
> > explicitly invoke the FIPS_mode_set() API from each application, for
> > enabling the FIPS mode?
> >
Hi All:
Based on the OpenSSL FIPS user guide, the FIPS_mode_set API from the
OpenSSL FIPS modules run a the necessary self-tests.
I was wondering does the OPENSSL_config() API also run the self-tests?
Thanks.
___
openssl-users mailing list
To
Hi All:
Is there a way to enable FIPS mode globally, instead of having to
explicitly invoke the FIPS_mode_set() API from each application, for
enabling the FIPS mode?
The reason I ask is, it will be much easier to enable FIPS mode if there're
many applications which rely on OpenSSL for crypto
Hi All,
What type of license does OpenSSL FIPS modules have? Is it the same as the
OpenSSL license, or is it a different license?
Thanks.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi,
I am trying to build a system with both the non-FIPS OpenSSL and the
OpenSSL with FIPS modules, and was wondering does OpenSSL FIPS modules
actually only affect libcrypto.so?
Thanks.
___
openssl-users mailing list
To unsubscribe:
Marquess <marqu...@openssl.com>
wrote:
> On 01/19/2016 04:33 AM, security veteran wrote:
> > Hi,
> >
> > I am trying to build a system with both the non-FIPS OpenSSL and the
> > OpenSSL with FIPS modules, and was wondering does OpenSSL FIPS modules
> > act
Hi All:
What version of OpenSSL source can be built with FIPS modules?
We are using Ubuntu, and we noticed that the Ubuntu 12.04 and 14.04
packaged their openssl .deb from different version of openssl source.
e.g. Ubuntu 12.04 uses openssl_1.0.1
Thanks Steve.
When the environment variable OPENSSL_FIPS is set, does it enable FIPS mode
globally, so that any applications which use OpenSSL also enter FIPS mode?
On Tue, Jan 19, 2016 at 10:52 AM, Dr. Stephen Henson <st...@openssl.org>
wrote:
> On Tue, Jan 19, 2016, security vete
this way?
Thanks.
On Tue, Jan 19, 2016 at 11:17 AM, Steve Marquess <marqu...@openssl.com>
wrote:
> On 01/19/2016 01:54 PM, security veteran wrote:
> > Hi All:
> >
> > What version of OpenSSL source can be built with FIPS modules?
>
> Stock OpenSSL 0.9.8 is co
Hi All:
We will be using OpenSSL FIPS modules on our Linux appliances and we
have some Python and PHP applications which need to invoke crypto related
functionalities provided by OpenSSL.
I was wondering has anyone integrated Python and PHP with OpenSSL FIPS
modules?
Since for each application
Thanks Steve.
Just out of my curiosity that I can image there might already be a lot of
companies use the OpenSSL FIPS modules for the FIPS validation.
Since OpenSSH is almost everywhere in most of the server/ appliance
products, people should have run into the "OpenSSH not working with OpenSSL
Hi All:
I tried to enable the FIPS mode by making the following changes in my
openssl.cfg config file.
After making the changes, I verified that I can no longer run the non FIPS
approval algorithm such as MD5 by running openssl command, which is
expected:
openssl md5 123.txt
However, I can
It seems like there's no easy way to make OpenSSH to work with FIPS mode
without making code changes to it.
Is there any reliable patch for OpenSSH to support FIPS mode?
Thanks and appreciate all the helps.
___
openssl-users mailing list
To
>From the User Guide of OpenSSL FIPS Object Module v2.0, page 54, it
mentioned the FIPS mode can be initialized indirectly by indirect call vial
OPENSSL_config() API.
My question is, from where should we call this API?
If we use Apache and Python as examples, does that mean both of them need
to
e default ca section
--
On 09/14/2015 05:21 PM, security veteran wrote:
>* I asked this question from a different thread, but thought it may be the
*>* best to start a new thread to discuss this question since it sounds like
*>* a big deal to me.
*> >* I've built an openssl library w
I asked this question from a different thread, but thought it may be the
best to start a new thread to discuss this question since it sounds like a
big deal to me.
I've built an openssl library with the FIPS objects modules, and I was
testing the new lib files by replacing the original library
space. Therefore, if your Python code was all
running in a single process space, then you'd only need to invoke it
once. But if you're spawning multiple processes, then you'll need to
invoke it whenever a new process was created.
On 09/14/2015 03:51 PM, security veteran wrote:
>* Hi,
*>&
Hi,
I've built an openssl library with the FIPS objects modules, and I was
testing the new lib files by replacing the original library files such as
libcrypto.so with the new ones.
>From the FIPS user guide I understand that any applications which need to
use the OpenSSL FIPS modules will need
23 matches
Mail list logo