Re: [openssl-users] Linking FIPS 2.0.12 and OpenSSL 1.0.2f - "multiple definition of `bn_div_3_words"

2016-10-07 Thread craig_we...@trendmicro.com
I was able to at least make the multiple definition error go away by specifying 'no-asm' as a parameter to the Configure command. Can anyone explain what the implications of such a setting are? From: Craig Weeks (RD-US) Sent: Friday, October 7, 2016 1:45 PM To: 'openssl-users@openssl.org'

Re: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets"

2016-10-07 Thread Ajay Garg
Thanks Viktor. On all our device-types, we are using blocking-sockets, but reads can signal that no data is available (equivalent to SO_RCVTIMEO value set as the socket-option on linux-like systems). It seems you have provided me enough insight to get my hands dirty :) Thanks and Regards, Ajay

Re: [openssl-users] Building an application with OpenSSL and FIPS support.

2016-10-07 Thread Matthew Heimlich
Running fails specifically on the line: if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, )) handleErrors(); Although I've added some additional debugging code at this point, including this function: int Check_Enable_FIPS(void) { int mode = FIPS_mode(); int ret = 0; unsigned

Re: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets"

2016-10-07 Thread Viktor Dukhovni
On Fri, Oct 07, 2016 at 10:30:06PM +0530, Ajay Garg wrote: > Ok, so for sending app-payload-bytes, we do a bio_write() to "bio1", > and if "bio1" requires reading from bio2/peer, bio_write() will return > SSL_ERROR_WANT_READ (even for blocking sockets). We then read-in some >

Re: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets"

2016-10-07 Thread Ajay Garg
Thanks for the reply Viktor. On Fri, Oct 7, 2016 at 8:27 PM, Jakob Bohm wrote: > On 07/10/2016 16:35, Ajay Garg wrote: >> >> Hi Viktor. >> >> Thanks for your reply, and I am sorry for being idiotic, OpenSSL does >> seem daunting, but I am learning :) >> >> Also, let's not

[openssl-users] Building an application with OpenSSL and FIPS support.

2016-10-07 Thread Matthew Heimlich
I'm on RHEL7. I've got a very simple encryption/decryption program that works fine without FIPS support enabled, but fails when it is: #include #include #include #include void handleErrors(void) { ERR_print_errors_fp(stderr); abort(); } int encrypt(unsigned char *plaintext, int

Re: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets"

2016-10-07 Thread Jakob Bohm
On 07/10/2016 16:35, Ajay Garg wrote: Hi Viktor. Thanks for your reply, and I am sorry for being idiotic, OpenSSL does seem daunting, but I am learning :) Also, let's not bother too much about the APIs/methods as such. I will be grateful if you could confirm/reject my

Re: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets"

2016-10-07 Thread Ajay Garg
Hi Viktor. Thanks for your reply, and I am sorry for being idiotic, OpenSSL does seem daunting, but I am learning :) Also, let's not bother too much about the APIs/methods as such. I will be grateful if you could confirm/reject my architectural-understanding so far. Let's say "bio1" is the

[openssl-users] Linking FIPS 2.0.12 and OpenSSL 1.0.2f - "multiple definition of `bn_div_3_words"

2016-10-07 Thread craig_we...@trendmicro.com
I am trying to build a library of FIPS 2.0.12 and OpenSSL 1.0.2f for MIPS architecture on vxWorks. I am getting this error during the link step: ../libcrypto.a(bn-mips.o)(.text+0x700): In function `bn_div_3_words': : multiple definition of `bn_div_3_words'

Re: [openssl-users] Building an application with OpenSSL and FIPS support.

2016-10-07 Thread Ethan Rahn
Matt, What part of the selftest fails? Can you step through it with a debugger? Cheers, Ethan On Fri, Oct 7, 2016 at 10:56 AM, Matthew Heimlich wrote: > I'm on RHEL7. I've got a very simple encryption/decryption program that > works fine without FIPS support

Re: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets"

2016-10-07 Thread Ajay Garg
Victor, I realise I am still stuck with the original issue. Taking "bio1" as the SSL-facing-bio, and "bio2" as the network-facing-bio, how do we write-into/read-from "bio2"? Are there callbacks available that will allow :: * Writing to network via "bio2" (after "bio1" has

Re: [openssl-users] Root-Level queries while using SSL-connections wrapping "sockets"

2016-10-07 Thread Viktor Dukhovni
On Fri, Oct 07, 2016 at 12:28:46PM +0530, Ajay Garg wrote: > I realise I am still stuck with the original issue. Failure to read the documentation closely. > Also, how do "bio1" and "bio2" communicate in case of non-ideal > scenarios (timeouts, errors)? They don't, you move all the data. All

[openssl-users] socket change with SSL_set_fd

2016-10-07 Thread Ales Stibal
Hi folks, I have a small, but important question which affects my project design. May I change underlying socket for SSL with SSL_set_fd when socket was already set and used before? I believe it should not be problem, since in theory it's just the transport channel for OpenSSL where to