Hi,
Building the FIPS module on sparc 64-bit is generating a 32-bit
binary. The following message is in the output:
WARNING! If you wish to build 64-bit library, then you have to
invoke './Configure solaris64-sparcv9-cc' *manually*.
My understanding is that building with that
.
On Thu, Feb 14, 2013 at 8:55 AM, Steve Marquess
marqu...@opensslfoundation.com wrote:
On 02/13/2013 06:58 PM, Zeke Evans wrote:
Hi,
Building the FIPS module on sparc 64-bit is generating a 32-bit
binary. The following message is in the output:
WARNING! If you wish to build 64-bit library
I get an error building a fips capable shared object on sparc64.
./config fips shared
make depend
make
ld: fatal: symbol 'bn_mul_mont_fpu' is multiply-defined:
(file /usr/local/ssl/fips-2.0/lib//fipscanister.o type=FUNC;
file libcrypto.a(sparcv9a-mont.o) type=FUNC);
ld: fatal: file
I get an error building a fips capable shared object on sparc64.
./config fips shared
make depend
make
ld: fatal: symbol 'bn_mul_mont_fpu' is multiply-defined:
(file /usr/local/ssl/fips-2.0/lib//fipscanister.o type=FUNC; file
libcrypto.a(sparcv9a-mont.o) type=FUNC);
ld: fatal: file processing
Of Zeke Evans
Sent: Wednesday, July 03, 2013 4:29 PM
To: openssl-users@openssl.org
Subject: bn_mul_mont_fpu multiply-defined error
I get an error building a fips capable shared object on sparc64.
./config fips shared
make depend
make
ld: fatal: symbol 'bn_mul_mont_fpu' is multiply-defined
That resolved the issue. Thanks!
On Thu, Jul 4, 2013 at 4:22 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, Jul 03, 2013, Zeke Evans wrote:
I built the FIPS module as specified in the User Guide (only using
./config). The 'bn_mul_mont_fpu' multiply-defined error only occurs
when
Is an OpenSSL 1.0.1j build that does not use the no-ssl3 build option
still vulnerable to CVE-2014-3569? It seems the SSLv3 handshake to a
no-ssl3 application scenario is just one way to exploit this and that
the ssl23_get_client_hello function causes this issue for any
unsupported or
Thanks for clarifying.
On Tue, Dec 30, 2014 at 5:55 AM, Kurt Roeckx k...@roeckx.be wrote:
On Mon, Dec 29, 2014 at 10:37:49AM -0700, Zeke Evans wrote:
Is an OpenSSL 1.0.1j build that does not use the no-ssl3 build option
still vulnerable to CVE-2014-3569? It seems the SSLv3 handshake
Hi,
Our win32 applications will sometimes fail to start due to a
fingerprint mismatch in the fips module. It appears this is caused by
the fixed baseaddr used to verify the checksum. We are building with
the /FIXED and /DYNAMICBASE:NO options.
The User Guide states:
The standard OpenSSL build
n various forms" will address this or not. An option
to compile the fips module as a dll instead of a static lib would be nice or at
least allow the fips capable module to be rebased.
Zeke Evans
Senior Software Engineer
Micro Focus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
validations on the Active Validation List that implement the previously
allowed AES or TDEA key wrapping:
* Entries will be moved to the Historical List.
Can someone verify whether the FIPS 2.0 validation is affected by this?
Thanks,
Zeke Evans
Senior Software Engineer
Micro Focus
--
openssl-users
surrounding this.
Thanks for your help!
Zeke Evans
Senior Software Engineer
Micro Focus
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Salz, Rich via openssl-users
Sent: Friday, February 02, 2018 5:26 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] FIPS 140
platforms can be
validated would also be helpful.
Thanks,
Zeke Evans
Senior Software Engineer, Micro Focus
From: openssl-project on behalf of Matt
Caswell
Sent: Wednesday, February 13, 2019 4:26 AM
To: openssl-annou...@openssl.org; openssl-users@openssl.org
module. Will they
be supported in 3.0 with fips? If not, is there a way for applications running
in fips approved mode to support the same functionality and use existing
stores/files that contain PKCS12 objects?
Thanks,
Zeke Evans
Micro Focus
That works. Thanks!
-Original Message-
From: openssl-users On Behalf Of Dr Paul
Dale
Sent: Tuesday, January 26, 2021 6:01 PM
You could set the default property query to "?fips=yes". This will prefer FIPS
algorithms over any others but will not prevent other algorithms from being
rder to maintain backwards compatibility. Is there a
recommended method going forward that would allow reading and writing to a key
store while only using the fips provider?
Thanks,
Zeke Evans
Micro Focus
-Original Message-
From: openssl-users On Behalf Of Dr Paul
Dale
Sent: Tuesday, Ja
then they could block.
Thanks,
Zeke Evans
Thanks for the explanation. I figured I was headed down a dead end. This will
at least help me figure out how to handle things appropriately.
Zeke Evans
somewhere.
Are there plans to publish the FIPS documents? When and where do you think
we'll see those?
Thanks,
Zeke Evans
Micro Focus
19 matches
Mail list logo