.
Thanks,
Lester
-Original Message-
From: Memmott, Lester
Sent: Friday, February 08, 2013 12:07 PM
To: openssl-users@openssl.org
Subject: Only in FIPS mode: Crash in X509_sign() with memory corruption
I'm hoping someone has some insight into what I'm doing wrong or if I've just
bumped up
I'm hoping someone has some insight into what I'm doing wrong or if I've just
bumped up against a bug. I'm using Visual Studio 2008 on Windows 8 and am in
the process of running existing code with FIPS enabled. As expected a few
things don't work, but in this case, I'm a bit stumped. I've
[mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Wednesday, February 06, 2013 2:59 PM
To: openssl-users@openssl.org
Subject: Re: fipslink
On Wed, Feb 6, 2013 at 2:40 PM, Memmott, Lester lester.memm...@landesk.com
wrote:
Jon,
I’m having trouble with fipslink as well
is the
same place you get to.
I can't really copy my make files because they are on a secure system, so I
have to type everything here.
Thanks,
-Jon
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Memmott, Lester
Sent: Wednesday
,
Lester
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Thursday, February 07, 2013 8:00 AM
To: openssl-users@openssl.org
Subject: Re: fipslink
On Wed, Feb 06, 2013, Memmott, Lester wrote:
Jon,
I
Dr Henson,
Excellent! Thanks for clarifying that for us!
Jon,
I'm using dynamic openssl libraries so I have no need pursue this further. If
you still do, good luck!
Thanks,
Lester
__
OpenSSL Project
Jon,
I was able to get the sample from appendix C.1 to compile for me with the
following steps:
1. Build the fips module
2. Build openssl with --with-fipslibdir --with-fipsdir
3. Create a Windows console application in Visual Studio 2008
4. Add the openssl\inc32 folder to the include path
5.
Jon,
I’m having trouble with fipslink as well and thought it might help to compare
notes. These are the linker errors I’m getting using Visual Studio 2008:
fips_premain.obj : error LNK2001: unresolved external symbol unsigned char *
FIPS_signature (?FIPS_signature@@3PAEA)
fips_premain.obj :
Jon,
Regarding:
According to my interpretation of the documentation, it should be included in
libeay32.dll:
Section 2.4.2
Note that except in the most unusual circumstances the FIPS Object Module itself
(fipscanister.o) is not linked directly with application code.
Section 4.3.3
The resulting
Regarding:
C:\temp\nma0452:
setargv.obj d:\work\ssl\ved\Debug\VED.obj d:\work\ssl\ved\Debug\stdafx.obj
d:\work\ssl\ved\Debug\fips_premain.obj
d:\Work\SSL\openssl-1.0.1c\out32dll\libeay32.lib ws2_32.lib gdi32.lib
advapi32.lib crytp32.bli user32.lib
I’m not sure but did you link in
I'm in the process of incorporating FIPS enabled OpenSSL into an application
when I realized that by default the FIPS module is built by dynamically linking
the C runtime, not statically linking. In my case, for Windows using Microsoft
Visual Studio it uses the /MD option, instead of /MT.
All modern Versions of Microsoft's C Runtime are thread safe. That occurred
around Visual Studio 6.0 (circa 2000 or so).
From http://msdn.microsoft.com/en-us/library/abx4dbyh.aspx: The
single-threaded CRT (libc.lib, libcd.lib) (formerly the /ML or /MLd
options) is no longer available. Instead,
I've gone through the FIPS User Guide and have built OpenSSL 1.0.1c with the
FIPS module 2.0.2. From a practical perspective I'm trying to sort out in my
mind the following:
- What is functionally different between the standard OpenSSL and OpenSSL
compiled with FIPS and _not_ in FIPS mode
It appears that the web site went through a few changes recently and some
aren't working quite right yet. Another case is on the FIPS page
(http://www.openssl.org/docs/fips/) the link for the User Guide is also broken.
Thanks,
Lester
-Original Message-
From:
After building openssl 1.0.1c with the 2.0.2 fips module on Windows 7 with
Visual Studio 2008, the ectest fails as follows:
C:\openssl-1.0.1cnmake -f ms\ntdll.mak test
ectest
Curve defined by Weierstrass equation
y^2 = x^3 + a*x + b (mod 0x17)
a = 0x1
b = 0x1
Point is not on
Regarding (from Joy Leima):
I am using openssl-1.0.1c.tar.gz openssl-fips-2.0.2.tar.gz.
...
The ms\do_fips resulted in a SUCCESS.The nmake had issues. Here is the
last few lines.
The error:
link /nologo /subsystem:console /opt:ref /debug /dll /map /base:0xFB0
After building openssl 1.0.1c with the 2.0.2 fips module on Windows 7 with
Visual Studio 2008, the ectest fails as follows:
C:\openssl-1.0.1cnmake -f ms\ntdll.mak test
ectest
Curve defined by Weierstrass equation
y^2 = x^3 + a*x + b (mod 0x17)
a = 0x1
b = 0x1
Point is not on
17 matches
Mail list logo