> FIPS is not supported for 1.1.0
>
>jUST A SMALL FIX WILL DO.
No. All of the FIPS supporting code has been pulled out of 1.1.0 Even if you
get it to compile, it will fail at link or runtime because of missing functions.
--
openssl-dev mailing list
To unsubscribe:
The Doctor skrev: (16 september 2017 15:26:16 CEST)
>On Sat, Sep 16, 2017 at 12:56:08PM +, Salz, Rich via openssl-dev
>wrote:
>>
>> Tryong to compile Fips into OPEnssl-1.1.0 and I run into
>>
>> FIPS is not supported for 1.1.0
>>
>
>jUST A SMALL FIX
On Sat, Sep 16, 2017 at 12:56:08PM +, Salz, Rich via openssl-dev wrote:
>
> Tryong to compile Fips into OPEnssl-1.1.0 and I run into
>
> FIPS is not supported for 1.1.0
>
jUST A SMALL FIX WILL DO.
> --
> openssl-dev mailing list
> To unsubscribe:
Tryong to compile Fips into OPEnssl-1.1.0 and I run into
FIPS is not supported for 1.1.0
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
I thought it was just me.
Tryong to compile Fips into OPEnssl-1.1.0 and I run into
cc: warning: argument unused during compilation: '-rdynamic'
[-Wunused-command-line-argument]
crypto/err/err_all.c:47:69: error: invalid operands to binary expression
('void' and 'int')
On 02/23/2016 08:16 AM, Wall, Stephen wrote:
> Thanks for the feedback, I was deliberately ignoring the issue of not
> running non-FIPS algos, there are actually instances where it's
> desirable to have access to them in FIPS mode (RADIUS, eg). A
> generic way to handle that (aside from Richards
> A generic
> way to handle that (aside from Richards dream proposal) would be to
> have a NO_INTERNAL_ALGORITHMS setting somewhere in the API. Possibly
> split into NO_INTERNAL_SYMMETRIC_ALGOS, ASYMMETRIC, HASHES, etc, for
> finer grained control.
Replying to my own post, a second idea: what if
Thanks for the feedback, I was deliberately ignoring the issue of not running
non-FIPS algos, there are actually instances where it's desirable to have
access to them in FIPS mode (RADIUS, eg). A generic way to handle that (aside
from Richards dream proposal) would be to have a
On 22 February 2016 at 20:18, Richard Levitte wrote:
>
> This is where I go dreamy eyed with a desire to make all our built in
> algorithm into an engine, loadable like any other engine.
I have never tried such setup but this sounds like SoftHSM2 [0] with
OpenSSL crypto
On 02/22/2016 01:58 PM, Dr. Stephen Henson wrote:
> On Mon, Feb 22, 2016, Wall, Stephen wrote:
>
>> I wonder if I could get the thoughts of some of you developers on how
>> difficult it would be to build an engine for OpenSSL 1.1.0 that makes use of
>> the current (2.0.11?) fipscanister.o. Also,
In message <20160222185829.ga19...@openssl.org> on Mon, 22 Feb 2016 18:58:29
+, "Dr. Stephen Henson" said:
steve> On Mon, Feb 22, 2016, Wall, Stephen wrote:
steve>
steve> > I wonder if I could get the thoughts of some of you developers on how
steve> > difficult it would
On Mon, Feb 22, 2016, Wall, Stephen wrote:
> I wonder if I could get the thoughts of some of you developers on how
> difficult it would be to build an engine for OpenSSL 1.1.0 that makes use of
> the current (2.0.11?) fipscanister.o. Also, opinions on if this would be a
> legitimate way to get
On 02/22/2016 11:01 AM, Wall, Stephen wrote:
> I wonder if I could get the thoughts of some of you developers on how
> difficult it would be to build an engine for OpenSSL 1.1.0 that makes
> use of the current (2.0.11?) fipscanister.o. Also, opinions on if
> this would be a legitimate way to get
, opinions on if this would be a legitimate way
to get FIPS in 1.1.0.
Thanks,
spw
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
I wonder if I could get the thoughts of some of you developers on how difficult
it would be to build an engine for OpenSSL 1.1.0 that makes use of the current
(2.0.11?) fipscanister.o. Also, opinions on if this would be a legitimate way
to get FIPS in 1.1.0.
Thanks,
spw
--
openssl-dev
15 matches
Mail list logo