Kyle Hamilton wrote:
You're looking at the User Guide. This isn't the right thing to look
at; the relevant document (and indeed the controlling document) is the
Security Policy, http://openssl.org/docs/fips/SecurityPolicy-1.2.pdf ,
and the relevant section is Appendix A, Installation
On Fri, Jan 9, 2009 at 8:18 AM, Dr. Stephen Henson st...@openssl.org wrote:
So either use a box supporting SSE2 or use a pure C build (no-asm) which
will have poorer performance.
config with,
./Configure shared --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
linux-generic32 no-asm
PGNet wrote:
On Fri, Jan 9, 2009 at 3:29 PM, Kyle Hamilton aerow...@gmail.com wrote:
If you read it, you too will see this. :)
Actually, I HAD already read section 4.2.1 of the UserGuide for *v1.2*,
4.2.1Building the FIPS Object Module from Source
The specification of any other
On Sun, Jan 11, 2009 at 7:11 AM, Steve Marquess
marqu...@oss-institute.org wrote:
As an uncontrolled document the User Guide can contain extraneous detail and
can be amended as often as necessary, and I try hard to keep it as technically
complete and accurate as possible. So yes, the Security
You're looking at the User Guide. This isn't the right thing to look
at; the relevant document (and indeed the controlling document) is the
Security Policy, http://openssl.org/docs/fips/SecurityPolicy-1.2.pdf ,
and the relevant section is Appendix A, Installation Instructions.
It's very likely
On Fri January 9 2009, Kyle Hamilton wrote:
You're looking at the User Guide. This isn't the right thing to look
at; the relevant document (and indeed the controlling document) is the
Security Policy, http://openssl.org/docs/fips/SecurityPolicy-1.2.pdf ,
and the relevant section is Appendix A,
Michael S. Zick wrote:
On Fri January 9 2009, Kyle Hamilton wrote:
You're looking at the User Guide. This isn't the right thing to
look at; the relevant document (and indeed the controlling
document) is the Security Policy,
http://openssl.org/docs/fips/SecurityPolicy-1.2.pdf , and the
On Thu, Jan 08, 2009, PGNet wrote:
...
Testing SHA-512 ... passed.
Testing SHA-384 ... passed.
if [ -n libcrypto ]; then \
../util/shlib_wrap.sh ./fips_shatest SHAmix.r | diff -w
SHAmix.x - ; \
fi
Hi Stephen,
On Fri, Jan 9, 2009 at 8:18 AM, Dr. Stephen Henson st...@openssl.org wrote:
You can get the answer with openssl errstr or by checking the source file
referenced.
Noted. Thanks.
So either use a box supporting SSE2 or use a pure C build (no-asm) which
will have poorer performance.
If you're running it on a processor with SSE, and it's failing, what
does this tell you? SSE2 is required to use the asm code path. SSE
just doesn't cut it.
In the fips-1.2 configuration step, use
./config fipscanisterbuild no-asm
-Kyle H
On Fri, Jan 9, 2009 at 9:25 AM, PGNet
On Fri, Jan 9, 2009 at 12:25 PM, Kyle Hamilton aerow...@gmail.com wrote:
In the fips-1.2 configuration step, use
./config fipscanisterbuild no-asm
As I had alread noted above, I did.
So either use a box supporting SSE2 or use a pure C build (no-asm) which
will have poorer performance.
My mistake.
That's for fipscanisterbuild.
Trying now ...
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
per advice,
./config fipscanisterbuild no-asm
completes without error, but, now,
make
fails @,
...
/usr/bin/ranlib ../libssl.a || echo Never mind.
make[1]: Leaving directory `/usr/local/src/openssl/openssl-fips-1.2/ssl'
make[1]: Entering directory `/usr/local/src/openssl/openssl-fips-1.2'
Delete the directory, untar it fresh, and reconfigure with that config line.
What you're seeing is a situation caused by prior builds not being
completely cleaned. The problem is that if you do anything that isn't
in the security policy (including 'make clean'), the result cannot be
claimed to
Kyle,
On Fri, Jan 9, 2009 at 2:37 PM, Kyle Hamilton aerow...@gmail.com wrote:
Delete the directory, untar it fresh, and reconfigure with that config line.
ok,
rm -rf openssl-fips-1.2
tar zxf openssl-fips-1.2.tar.gz
cd openssl-fips-1.2/
Directory: /usr/local/src/openssl/openssl-fips-1.2
'no-asm' used to be a violation of the security policy with the 1.1.x
series, but it is explicitly allowed in the 1.2 policy.
If you read it, you too will see this. :)
-Kyle H
On Fri, Jan 9, 2009 at 3:13 PM, PGNet pgnet.trash+...@gmail.com wrote:
Kyle,
On Fri, Jan 9, 2009 at 2:37 PM, Kyle
On Fri, Jan 9, 2009 at 3:29 PM, Kyle Hamilton aerow...@gmail.com wrote:
If you read it, you too will see this. :)
Actually, I HAD already read section 4.2.1 of the UserGuide for *v1.2*,
4.2.1Building the FIPS Object Module from Source
The specification of any other options on the command line,
and, just for reference, per guidance above, finally,
uname -a
Linux dt.loc 2.6.27.7-9-default #1 SMP 2008-12-04 18:10:04 +0100
i686 i686 i386 GNU/Linux
openssl version
OpenSSL 0.9.8j-fips 07 Jan 2009
thanks!
__
OpenSSL
You're looking at the User Guide. This isn't the right thing to look
at; the relevant document (and indeed the controlling document) is the
Security Policy, http://openssl.org/docs/fips/SecurityPolicy-1.2.pdf ,
and the relevant section is Appendix A, Installation Instructions.
It's very likely
I've managed to build/install openssl 098j+fips12 on
(1) a PPC mac, running OSX 10.5.6
uname -a
Darwin mac 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:39:01 PST
2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh
(2) a shared, Debian host,
uname -a
Linux cobra
20 matches
Mail list logo