, 2012 8:10 PM
To: openssl-dev@openssl.org
Subject: Re: ENGINE reference leak using FIPS-capable OpenSSL
On Fri, Apr 20, 2012, Roumen Petrov wrote:
Dr. Stephen Henson wrote:
On Wed, Apr 18, 2012, Erik Tkal wrote:
Any takers? Should I be able to build a FIPS-capable OpenSSL and have some
Dr. Stephen Henson wrote:
On Wed, Apr 18, 2012, Erik Tkal wrote:
Any takers? Should I be able to build a FIPS-capable OpenSSL and have some of
the implementation be provided via an ENGINE (e.g. let's say I have a hardware
module to perform AES) but some by the OpenSSL FIPS canister? Or is
On Fri, Apr 20, 2012, Roumen Petrov wrote:
Dr. Stephen Henson wrote:
On Wed, Apr 18, 2012, Erik Tkal wrote:
Any takers? Should I be able to build a FIPS-capable OpenSSL and have some
of the implementation be provided via an ENGINE (e.g. let's say I have a
hardware module to perform AES)
.
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Erik Tkal
Sent: Monday, April 16, 2012 10:02 AM
To: openssl-dev@openssl.org
Subject: ENGINE reference leak using FIPS-capable OpenSSL
I've been investigating
On Wed, Apr 18, 2012, Erik Tkal wrote:
Any takers? Should I be able to build a FIPS-capable OpenSSL and have some
of the implementation be provided via an ENGINE (e.g. let's say I have a
hardware module to perform AES) but some by the OpenSSL FIPS canister? Or is
it truly all or nothing?
I've been investigating a memory leak in using a FIPS-capable OpenSSL in
non-FIPS mode.
For example, the following code does not seem to be correct in evp_enc.c:
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE
*impl,
...
#ifndef OPENSSL_NO_ENGINE