The latest fips 2.0-test fails with the following:
fips_standalone_sha1.c
inc32\openssl/fipssyms.h(672) : warning C4068: unknown pragma
cl /Fotmp32dll\sha1dgst.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 -DOPENS
SL_FIPSCANISTER -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo
The openssl-1.0.1-stable-20111019 build fails as follows:
fips_premain.c
link /nologo /subsystem:console /opt:ref /debug /dll /map /base:0xFB0 /out:o
ut32dll\libeay32.dll /def:ms/LIBEAY32.def @C:\DOCUME~1\zkrr01\LOCALS~1\Temp\nmb0
2032.
LIBEAY32.def : error LNK2001: unresolved external
The latest 1.0.1 SNAP refers to an unknown option.
Configured for VC-WIN32.
C:\work\openssl-1.0.1-stable-SNAP-20111015ms\do_nasm
C:\work\openssl-1.0.1-stable-SNAP-20111015perl util\mkfiles.pl 1MINFO
C:\work\openssl-1.0.1-stable-SNAP-20111015perl util\mk1mf.pl nasm VC-WIN32 1m
s\nt.mak
unknown
Current 1.0.1 SNAP has the following errors:
inc32\openssl/cms.h(188) : error C2146: syntax error : missing ')' before
identifier 'passlen'
inc32\openssl/cms.h(188) : error C2081: 'ssize_t' : name in formal parameter
list illegal
inc32\openssl/cms.h(188) : error C2061: syntax error :
The latest fips build fails on Windows with:
fipscanister.lib(fips_post.obj) : error LNK2001: unresolved external symbol
_FIPS_selftest_ecdh
out32dll\fips_test_suite.exe : fatal error LNK1120: 1 unresolved externals
First stage Link failure at util\fipslink.pl line 42.
NMAKE : fatal error
The latest 1.0.1 snap has an error in DTLS related code at line 1068 in
ssl_lib.c
.\ssl\ssl_lib.c(1068) : warning C4018: '' : signed/unsigned mismatch
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.
Please, at least compile to test changes!
I ran the openssl-fips-2.0-test-20110906 version today on a 32-bit Dell XP
system and the fips_test_suite ran ok with no errors. I just ran again and
double checked the Integrity test and it was OK.
Ken
--- On Tue, 9/6/11, Dr. Stephen Henson st...@openssl.org wrote:
From: Dr. Stephen
The latest fips_test_suite.exe displays the following errors on start:
C:\work\openssl-fips-2.0-test-20110905\out32dllfips_test_suite
FIPS-mode test application
FIPS 2.0-dev unvalidated test module xx XXX
When openssl-1.0.1-stable-SNAP is configured for fips, and the environment
variable OPENSSL_FIPS is set to 1, the following errors are encountered when
the ms/test.bat is run on Microsoft Windows:
***
testenc
start testenc
Same here, works great. Fantastic work, especially considering this was fixed
over the weekend!
Ken
--- On Mon, 8/8/11, Tyrel Haveman ty...@binarypeople.net wrote:
From: Tyrel Haveman ty...@binarypeople.net
Subject: Re: FIPS CCM self-test failure
To: openssl-dev@openssl.org
Date: Monday,
Dr. Henson
Changing #define AESNI_CAPABLE 0 resolved the problem. All the tests run
ok.
Ken
--- On Fri, 8/5/11, Dr. Stephen Henson st...@openssl.org wrote:
From: Dr. Stephen Henson st...@openssl.org
Subject: Re: FIPS CCM self-test failure
To: openssl-dev@openssl.org
Date: Friday,
Dr. Henson
The error happens in fips_aes_selftest.c, lines 157-159:
if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
|| memcmp(out, ccm_ct, sizeof(ccm_ct)))
goto err;
If I comment out these three lines, all tests run ok.
Ken
--- On Fri, 8/5/11, Dr. Stephen Henson st...@openssl.org
I see the same exact same thing. I compile on a 32 bit XP system and test runs
ok. I copy the compiled exe's to a HP 64-bit Windows 7 machine with Intel
i7-2600 and the test fails with same exact error.
Ken
--- On Thu, 8/4/11, Dr. Stephen Henson st...@openssl.org wrote:
From: Dr. Stephen
The statement PS: I'm actually surprised that you got that far on
Windows, since we NEVER tested any line of the DTLS code on any kind of
Windows is quite disturbing.
Is DTLS code contained in production OpenSSL versions? If so, what else is in
OpenSSL that has never been tested on all systems
Dr. Henson
There is a problem in tls_srp.c as shown below.
Also, in the OpenSSL 1.0 compiles, we were required to use DOPENSSL_USE_IPV6=0
in our configure. Is this still required? If not, does that mean both IPV6
and IPV4 are supported?
Ken
--- On Thu, 5/12/11, Dr. Stephen Henson
Lutz
How does one get access to the contributed .chm file? I looked on the OpenSSL
site and cannot see any reference to it?
Ken
--- On Mon, 9/20/10, Lutz Jaenicke l...@lutz-jaenicke.de wrote:
From: Lutz Jaenicke l...@lutz-jaenicke.de
Subject: Re: How can I upload that .chm file?
To:
The thread example, mttest.c, needs to be updated for the 1.0.0 thread
requirements.
Ken
__
OpenSSL Project http://www.openssl.org
Development Mailing List
You need to take this discussion offline.
Ken
--- On Mon, 3/16/09, Allan K Pratt apr...@us.ibm.com wrote:
From: Allan K Pratt apr...@us.ibm.com
Subject: Re: SPARC assembly trick in libcrypto breaks IBM Rational Purify
To: openssl-dev@openssl.org
Date: Monday, March 16, 2009, 3:49 PM
According to Dr. Henson, this is a known problem and can be fixed by:
RAND_set_rand_method(NULL);
when calling FIPS_mode_set(0);
Ken
John Firebaugh [EMAIL PROTECTED] wrote: Is it intended that it is not
possible to re-enter FIPS mode via
FIPS_mode_set(1) after previouly calling
Eric
We are not networking/security experts, but in
general, you would not establish a session with your
router. The router would simply pass the connection
from your computer to the bank, where the connection
would either be accepted or rejected. If accepted, it
would start an SSL handshake
20 matches
Mail list logo