On Thu, Sep 25, 2008, joshi chandran wrote:
I am using openssl 0.9.7m . Yes,I have the used the OPENSSL_FIPS=1 when
calling the command . i am attaching the testscript which i am using.
please help me
[snipped]
Your config files have default_md = md5 in several places. Change those to
I am trying to test the Fips capable openssl and when i am testing it i am
getting some error
openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform
PEM
Generating a 2048 bit RSA private key
On Thu, Sep 25, 2008, joshi chandran wrote:
I am trying to test the Fips capable openssl and when i am testing it i am
getting some error
openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform
PEM
Generating a 2048 bit RSA private key
On Thu, Sep 25, 2008, joshi chandran wrote:
I am trying to test the Fips capable openssl and when i am testing it i am
getting some error
openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform
PEM
Generating a 2048 bit RSA private key
I am using openssl 0.9.7m . Yes,I have the used the OPENSSL_FIPS=1 when
calling the command . i am attaching the testscript which i am using.
please help me
Thanks
Joshi
On Thu, Sep 25, 2008 at 10:02 PM, Dr. Stephen Henson [EMAIL PROTECTED]wrote:
On Thu, Sep 25, 2008, joshi chandran
when i have done FIPS_mod_set(1),it goes into the fips mode and when i am
doing FIPS_mod_set(0), it come out of fips mode but when i again apply
FIPS_mod_set(1) ,it does not goes to fips mode
can u please help me out
Thanks
Joshi
On Wed, Sep 24, 2008 at 3:55 AM, Tim Hudson [EMAIL PROTECTED]
Is it possible to create FIPS enabled openssl shared library(openssl 0.9.7m)
? I am not able to build shared library .I am using AIX unix system
Thanks
Joshi
On Wed, Sep 24, 2008 at 6:47 PM, joshi chandran
[EMAIL PROTECTED]wrote:
when i have done FIPS_mod_set(1),it goes into the fips mode and
This is a known issue.
This workflow fails:
FIPS_mode_set(1);
FIPS_mode_set(0);
FIPS_mode_set(1); /* fails */
This workflow succeeds:
FIPS_mode_set(1);
FIPS_mode_set(0);
RAND_set_rand_method(NULL);
FIPS_mode_set(1); /* succeeds */
The reason is that the 1.1.x series of FIPS did not properly
In a word: no.
That's one of the goals of the FIPS 1.2.0 release and 0.9.8-fips branches.
-Kyle H
On Wed, Sep 24, 2008 at 7:38 AM, joshi chandran
[EMAIL PROTECTED] wrote:
Is it possible to create FIPS enabled openssl shared library(openssl 0.9.7m)
? I am not able to build shared library .I am
I am rather confused why people need to drop out of FIPS mode. The
Federal Information Processing Standard dictates that FIPS-validated
cryptography be used for everything that requires cryptographic
transformation for storage (or really anything that enters or leaves
the cryptograpic
David Schwartz wrote:
In many cases, FIPS actually results in (you might reasonably think, at
least) reduced security. ...
C) Quasi-FIPS. All FIPS rules are followed, except where it is genuinely
believed that these rules reduce security or are unreasonably impractical.
For example,
-capable curl built
successfully.
Thanks again.
-Original Message-
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: Monday, September 22, 2008 3:44 AM
To: openssl-users@openssl.org
Subject: Re: FIPS-capable curl: Solaris 9 - fingerprint does
: FIPS-capable curl: Solaris 9 - fingerprint does not match
when i am using make CC=fipsld FIPSLD_CC=gcc , i am getting error message
if test ! -z ; then /.../
austin.ibm.com/fs/projects/aix/aix53L/53L_SERVICE/ode_tools/power/usr/bin/perl
./fixprogs ssh_prng_cmds ; fi
(cd openbsd
joshi chandran wrote:
when i am using make CC=fipsld FIPSLD_CC=gcc , i am getting error message
gcc: unrecognized option `-qnostdinc'
gcc: unrecognized option `-qnolm'
Those are xlc options - i.e. the IBM compiler.
Perhaps
make CC=fipsld FIPSLD_CC=xlc
might be a better option. Look
Back to square 2 out of 3:
Platform:
SunOS bear 5.9 Generic_118558-34 sun4u sparc SUNW,Ultra-5_10
gcc (GCC) 3.4.6
GNU ld version 2.17
GNU ar 2.17
1. Built fips-1.1.2 successfully
2. Built openssl-0.9.7m successfully with ...
./Configure solaris-sparcv9-gcc27 fips
On Sun, Sep 21, 2008, Welling, Conrad Gerhart wrote:
Back to square 2 out of 3:
Platform:
SunOS bear 5.9 Generic_118558-34 sun4u sparc SUNW,Ultra-5_10
gcc (GCC) 3.4.6
GNU ld version 2.17
GNU ar 2.17
1. Built fips-1.1.2 successfully
2. Built openssl-0.9.7m successfully with ...
how to link fipsld with the application .Can u please explain
On Mon, Sep 22, 2008 at 4:14 PM, Dr. Stephen Henson [EMAIL PROTECTED]wrote:
On Sun, Sep 21, 2008, Welling, Conrad Gerhart wrote:
Back to square 2 out of 3:
Platform:
SunOS bear 5.9 Generic_118558-34 sun4u sparc
FIPS-capable curl built successfully.
Thanks again.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: Monday, September 22, 2008 3:44 AM
To: openssl-users@openssl.org
Subject: Re: FIPS-capable curl: Solaris 9 - fingerprint does not match
18 matches
Mail list logo
