Can any please tell me how to configure/compile FIPS on VC6?
I am failed to do the configuration.
C:\openssl-fips-1.1.1\openssl-fips-1.1.1perl Configure VC-WIN32 fips
[snip]
What have I done wrong?
You are showing the commands used to build a FIPS capable OpenSSL, not the
commands to build
Hi Kit,
u can follow the instruction give in file INSTALL.W32 for
installing openssl-fips-1.1.1.
1. Install active perl on C:\
2. Extract openssl-fips-1.1.1 at C:\
3. Then -c:\openssl-fips-1.1.1perl Configure
VC-WIN32 --prefix=c:/OpenSSL/SSL this can be any path u like.
4.
Hello,
as a newbie, I have some assumptions / questions hereafter about OpenSSL
and certificates. Many thanks to correct / confirm me.
- a certificate is a public key with metadata
- metadata contain mandatories (ie. subject and issuer) and optional
parameters
- there is no relation between
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8e and 0.9.7m released
==
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version
Bruno Costacurta schrieb:
Hello,
as a newbie, I have some assumptions / questions hereafter about OpenSSL
and certificates. Many thanks to correct / confirm me.
- a certificate is a public key with metadata
- metadata contain mandatories (ie. subject and issuer) and optional
parameters
-
Dr. Stephen Henson wrote:
You need a recent 0.9.7 snapshot to use the 1.1.1 FIPS module, no
official
release supports it yet. There will be an official release real soon
now.
I have tried with openssl-0.9.7-stable-SNAP-20070223.tar.gz,
openssl-0.9.7-stable-SNAP-20070222.tar.gz and openssl
Sorry for previous post. All worked fine with the shared term removed
from the config line using openssl-0.9.7m.
Steps I used are as follows:
cd /usr/src
tar -xvf openssl-fips-1.1.1.tar.gz
cd openssl-fips-1.1.1
./config fips
make
make install
cd ..
rm -rf openssl-fips-1.1.1
tar -xvf
Short answer; no. There's more to running an application in FIPS approved mode
than just
linking against a properly generated fipscanister.o. Please refer to the
definitive
reference, the Security Policy
(http://csrc.nist.gov/cryptval/140-1/140sp/140sp733.pdf),
especially sections 4 and 5.
As far as I know, to have a FIPS certified module, you have to use “./config
fips; make; make install”. Anything else violates the conditions of
certification. This seems to preclude using VC6 to compile FIPS itself.
I was able to do this successfully on Windows using MinGW and MSYS. There
On Fri, Feb 23, 2007, David Hartman wrote:
There is a perl wrapper for the link command that you can use when linking
with other utilities. I tried using this with VC7 and VC8. I was successful
linking, and things ran fine in non-FIPS mode. When I tried enabling FIPS, I
found problems with
I will have to retry this. I was using gcc 3.2.3.
Thanks
-David
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Friday, February 23, 2007 9:54 AM
To: openssl-users@openssl.org
Subject: Re: FIPS compilation with VC6
On Fri, Feb
BATCHELOR, SCOTT (CONTRACTOR) would like to recall the message, Fips
Compilation on Solaris 10.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
The openssl provides a Engine interface to bridge with a crypto capable
hardware. I was wondering if anyone else have tried to use the engine
interface ?
Thanks.
Anindya
__
OpenSSL Project
Roy, Anindya (Anindya) wrote:
The openssl provides a Engine interface to bridge with a crypto capable
hardware. I was wondering if anyone else have tried to use the engine
interface ?
I have recently used it to work with the IBM Cell processor
I'd recommend the GMP engine as a starting
I am using openssl-fips-1.1.1 and openssl-0.9.7m
When I try to build the FIPS Canister I am getting this error on Solaris
10
/usr/ccs/bin/ld: illegal option -- n
ld error output
Now obviously its finding the solaris version of ld and not gnu ld. But
I can't seem to circumvent this behavior no
Never mind
I had an epiphany.
Sorry about that.
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of BATCHELOR, SCOTT
(CONTRACTOR)
Sent: Friday, February 23, 2007 3:20 PM
To: openssl-users@openssl.org
Subject: Fips Compilation on Solaris 10
I am using
Actually, I ran into this as well. The problem is with a command echo
-n ... used to create the list of objects to put into the FIPS archive.
Bourne shell's echo doesn't use the -n, it is perceived as part of what
to echo.
I found I could avoid this problem by using the GNU linker. GNU's
-Original Message-
From: Neil Costigan
I have recently used it to work with the IBM Cell processor
I'd recommend the GMP engine as a starting point
any specific questions or issues ?
/Neil
Hi Neil,
Its good to know that I am not alone :). I don't understand
what
Hello,
I'm having trouble converting a PKCS12 container to PEM format using
PKCS12_parse(). Instead of getting all certificates in the container, I only
get one.
Our organization sources SSL keys and certificates in PKCS12 format, but I
want to use them with libcurl, which calls
Yes,
That was exactly the thought I had. The GNU Linker should work just
fine in this instance.
-B
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Hartman
Sent: Friday, February 23, 2007 3:44 PM
To: openssl-users@openssl.org
Subject: RE: Fips Compilation on
Hi.
I am trying to build openSSL0.9.7m against FIPS object module.
FIPs is installed with standard
./config fips
make
make install.
From openSSL-FIPs-1.1.1.tar.gz.
And I downloaded openSSL0.9.7m, and configured it with
./config fips shared --with-fipslibdir=/usr/local/ssl/lib/
Wei: Try just using just
./config fips --prefix=/opt/openssl-0.9.7m/
The shared optin causes the errors you were seeing.
Bill
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
There is a perl wrapper for the link command that you can use when linking
with other utilities. I tried using this with VC7 and VC8. I was successful
linking, and things ran fine in non-FIPS mode. When I tried enabling FIPS, I
found problems with global statics in the FIPS module not being
Hi Kit,
u can follow the instruction give in file INSTALL.W32
for installing openssl-fips-1.1.1.
1. Install active perl on C:\
2. Extract openssl-fips-1.1.1 at C:\
3. Then -c:\openssl-fips-1.1.1perl Configure VC-WIN32
--prefix=c:/OpenSSL/SSL this can be any path u like.
4.
Hi David,
Yes, I did link with fips_premain.c. I specified the compile and link
options for the fipslink.pl script, and included fips_remain.o as an
object.
The problem was that static globals in the gcc-compiled code were not
initialized. For example, I believe there was static int
On Fri, Feb 23, 2007, Wei Weng wrote:
Chris: Thanks for the reply.
Here is the thing I want: I need to build a openssl library that is fips
capable so that I can link libcurl against the library, since libcurl
uses openssl library to do the decode/encode stuff.
I am guessing that I
Wei:
Here's what I think I've learned about this question.
I think if you compiled openssl-fips-1.1.1 with config fips; make; make
install the result would
be an openssl library that was fips certified.
Getting libcurl to make proper use of it would then be a question of whether
libcurl makes
This among other things requires the application to enable FIPS
mode which a
typical application will not do. One of several effects of
entering FIPS mode
is to disable the use of non-FIPS algorithms: this may cause
problems where
the application expectes to use such algorithms and cannot
28 matches
Mail list logo