Dear Experts,
Why can one not build the OpenSSL FIPS object module (FOM) with /MT on
windows officially?
I read that modifying any flags / steps while building FOM is not allowed.
Is there any complaint workaround for using FOM with an application which
is built with /MT?
Thank you.
OpenSSL releases
> a bugfix to OpenSSL 1.0.x .
That's my understanding too, though I don't deal with a FIPS-validated
distribution myself. As the OpenSSL FIPS User Guide puts it, "OpenSSL itself is
not validated,and never will be". For FIPS, what matters is the OpenSSL FIPS
Object
On 16/05/2019 02:11, Paul Dale wrote:
Just noting that any module built in this manner is *not* FIPS compliant.
The distribution must be unmodified and build exactly as per the documentation.
Any change to the files or the build process renders the result invalid from a
FIPS perspective.
| Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
-Original Message-
From: sreekanth1m [mailto:sreekant...@gmail.com]
Sent: Thursday, 16 May 2019 7:56 AM
To: openssl-users@openssl.org
Subject: Re: Build the FIPS Object Module issue on Ubuntu 18.04
I was
I was able to generate FIPS Object Module - fipscanister.o
fipscanister.o.sha1 fips_premain.c fips_premain.c.sha1 successfully but
now struck in generating Build the FIPS capable library.
followed below steps:
$ . ./setenv-android.sh
$ cd openssl-1.0.1e/
Next, fix the makefile and run
Hi,
I am trying to build the FIPS object module using the fips library
openssl-fips-2.0.16 on Ubuntu 18.04 for x86 arch.
I am following the steps in
https://wiki.openssl.org/index.php/FIPS_Library_and_Android
below steps are followed to Build the FIPS Object Module:
$ . ./setenv-android.sh
$ cd
I'm responding to a previous post about obtaining a CD of the OpenSSL FIPS
Object Module from KeyPair Consulting rather than directly from OpenSSL.
The question is:
> Just curious, but does this satisfy Section 6.6 of the User Guide,
> since the CD does not come directly from the O
: openssl-users on behalf of Mark
Minnoch
Sent: Wednesday, June 20, 2018 4:33 PM
To: openssl-users@openssl.org
Subject: [openssl-users] OpenSSL FIPS Object Module 2.0 on CD
If you are looking for a copy of the OpenSSL FIPS Object Module (versions 2.0
to 2.0.16) delivered to you on CD
If you are looking for a copy of the OpenSSL FIPS Object Module (versions
2.0 to 2.0.16) delivered to you on CD, then please send an email to
c...@keypair.us with your shipping address.
We will send you a copy of the original OpenSSL FOM CD.
For details, see: https://keypair.us/2018/05/cd/
Mark
On 10/03/2017 05:26 PM, Diaz de Grenu, Jose wrote:
>
>> You reprocessed all of the hundreds of test vectors? I'm impressed. That
>> must have taken many days of compute time.
>
> Sorry, the download script I set up seg faulted after some time, and I didn't
> noticed. In fact it only tested a
> You reprocessed all of the hundreds of test vectors? I'm impressed. That
> must have taken many days of compute time.
Sorry, the download script I set up seg faulted after some time, and I didn't
noticed. In fact it only tested a few tarballs.
> The most recent set of test vectors used for
esult frequent adjustment of fipsalgtest.pl is often necessary.
>
> I have tried with all the tarballs but I am not able to find one which works
> without errors.
You reprocessed all of the hundreds of test vectors? I'm impressed. That
must have taken many days of compute time.
>
> Is
to find one which works
without errors.
Is there any way to check which test vector were used for FIPS Object Module
2.0.16?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 09/28/2017 11:07 AM, Diaz de Grenu, Jose wrote:
> I am trying to validate the FIPS Object Module.
>
> I have built the test tools as specified in [1] Appendix B.1 and I have
> downloaded and extract the test vectors from [2].
>
> At that point I run the following:
>
I am trying to validate the FIPS Object Module.
I have built the test tools as specified in [1] Appendix B.1 and I have
downloaded and extract the test vectors from [2].
At that point I run the following:
perl fipsalgtest.pl --dir=/run/media/sda1/fips_tv/OSF_JN2859_OE46.results
(where /run
I have a question on compiling Openssl-fips object module as 64 bit static
library in win 8.1.
I am using following versions of source and compile instruction.
openssl-fips-2.0.12
1. cd openssl-fips-2.0.12
2. SET FIPSDIR=C:\tools\fips\opensslfips
3. ms\do_fips no-asm
This turns out the build
On 02/09/2016 03:19 PM, cloud force wrote:
> Hello everyone,
>
> Would the FIPS Object Module v2.0 supposed to only work with the vanilla
> openssl library? If I apply the security patches to the openssl library,
> should the FIPS Object Module v2.0 still work without problems?
Y
On 2/9/2016 12:29 PM, Steve Marquess wrote:
> On 02/09/2016 03:19 PM, cloud force wrote:
>> Hello everyone,
>>
>> Would the FIPS Object Module v2.0 supposed to only work with the vanilla
>> openssl library? If I apply the security patches to the openssl library,
>&
Hello everyone,
Would the FIPS Object Module v2.0 supposed to only work with the vanilla
openssl library? If I apply the security patches to the openssl library,
should the FIPS Object Module v2.0 still work without problems?
Thanks,
Rich
--
openssl-users mailing list
To unsubscribe: https
On 01/20/2016 05:07 PM, Imran Ali wrote:
> Hi Steve,
>
>
>
> Is there any update on the submissions for the OpenSSL FIPS Object
> Module v2.0, validation(s) #1747/#2398/#2474
>
Still waiting on the CMVP. The paperwork for all three validations was
submitted on December 2
Hi Steve,
Is there any update on the submissions for the OpenSSL FIPS Object Module v2.0,
validation(s) #1747/#2398/#2474
Regards,
Imran
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
The 2.0.11 revision of the OpenSSL FIPS Object Module v2.0 has been
approved:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398
Note that this is the same module as for the #1747 and #2374
validations; the proliferation of validation numbers is due to the
"ho
On 02/27/2015 01:56 AM, Jakob Bohm wrote:
I think it was clear enough:
NIST/NSA/CMVP is demanding that OpenSSL change the
definition of*already* validated platforms before they
will allow OpenSSL to addnew platforms.
But changing those definitions would invalidate existing
On 02/26/2015 09:24 PM, Jeffrey Walton wrote:
Hi Steve,
I read the 'The FIPS 140-2 Hostage Issue' page. Its not clear to me
what the problem is, ...
I have failed miserably in my objective then, as that web page is an
attempt to explain a complex and important issue. It's always a struggle
of the open source
validated module. This is a situation that reminds me of the old for
want of a nail... ditty (https://en.wikipedia.org/wiki/For_Want_of_a_Nail).
Tedious details can be found here:
http://openssl.com/fips/hostage.html
The short take is that for now at least the OpenSSL FIPS Object
-users] End of the line for the OpenSSL FIPS Object Module?
On 02/26/2015 07:04 AM, Isaac Hailperin wrote:
Steve,
thank you for alerting us. Do I understand correctly that by
platform, not a general OS (like Linux, Solaris) on a specific
hardware (sparc, x86, ...) is meant, but a very specific
On 02/26/2015 07:04 AM, Isaac Hailperin wrote:
Steve,
thank you for alerting us. Do I understand correctly that by
platform, not a general OS (like Linux, Solaris) on a specific
hardware (sparc, x86, ...) is meant, but a very specific distribution
release, like Ubuntu 14.04, or CentOS 7.0,
-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Steve Marquess
Sent: Mittwoch, 25. Februar 2015 15:08
To: openssl-users@openssl.org
Subject: [openssl-users] End of the line for the OpenSSL FIPS Object Module?
As always, if you don't know or care what FIPS 140-2 is count yourself
://openssl.com/fips/hostage.html
The short take is that for now at least the OpenSSL FIPS Object Module
v2.0, certificate #1747, can no longer be updated to include new
platforms. This development also wrecks the already marginal economics
of tentative plans for a new open source based
/hostage.html
The short take is that for now at least the OpenSSL FIPS Object Module
v2.0, certificate #1747, can no longer be updated to include new
platforms. This development also wrecks the already marginal economics
of tentative plans for a new open source based validation to succeed the
current
CVE-2014-3570 is fixed in 0.9.8ze. Does the BN_sqr implementation in FIPS
Object Module 1.* also need to be fixed?
If I run 0.9.8ze on FIPS mode with using FIPS Object Module 1.x, am I
vulnerable to the CVE-2014-3570 attacks?
___
openssl-users mailing
CVE-2014-3570 is fixed in 0.9.8ze. Does the BN_sqr implementation in FIPS
Object Module 1.* also need to be fixed?
If I run 0.9.8ze on FIPS mode with using FIPS Object Module 1.x, am I
vulnerable to the CVE-2014-3570 attacks?
___
openssl-users mailing
It only took nine months, but we finally have a revision of the OpenSSL
FIPS Object Module v2.0 (validation certificate #1747) that supports all
formally tested platforms and omits Dual EC DRBG entirely.
The earlier revision 2.0.6 also removed Dual EC DRBG, but was superseded
only three days
Hi all,
My team is using Nodejs and we just released an instruction on how to
compile nodejs with openssl with the object module. A customer doesn't
want to do that and my question is, if we are shipping a custom nodejs
compiled with openssl with fips mode on, does it still compliant to the
As long as you compile the linked openssl with a fipscanister that's
created in accordance with the Security Policy, yes.
Remember, FIPS was developed around non-software crypto. You're
creating and delivering a black box piece of code for delivery to the
customer.
-Kyle H
On 7/18/2014 8:48
the OpenSSL FIPS Object Module v2.0 (validation certificate #1747). That
prospective revision, 2.0.6, languished for months. We weren't
particularly surprised because expert opinion was divided on our chances
of success. One accredited test lab was absolutely positively certain it
would never ever
On 7/5/2014 10:51 AM, Jayalakshmi bhat wrote:
Thanks a lot for the explanation. We have range of products that
provides network connectivity.
1. On these we would be using TPM to provide additional security.
2. On the products that are bit slow in software cryptographic
operation, we
On 7/6/2014 10:44 AM, Kyle Hamilton wrote:
On 7/5/2014 10:51 AM, Jayalakshmi bhat wrote:
Thanks a lot for the explanation. We have range of products that
provides network connectivity.
1. On these we would be using TPM to provide additional security.
2. On the products that are bit slow
Hi Kyle,
Thanks a lot for detailed explaination, it helped me lots.
Regards
Jayalakshmi
On Sun, Jul 6, 2014 at 2:44 AM, Kyle Hamilton aerow...@gmail.com wrote:
On 7/5/2014 10:51 AM, Jayalakshmi bhat wrote:
Thanks a lot for the explanation. We have range of products that
provides network
Hi Jakob,
Thank you very much for detailed and helpful explanation.
Regards
Jayalakshmi
On Sun, Jul 6, 2014 at 9:32 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 7/6/2014 10:44 AM, Kyle Hamilton wrote:
On 7/5/2014 10:51 AM, Jayalakshmi bhat wrote:
Thanks a lot for the explanation. We
Hi All,
We want to support a hardware accelerator on our device. We are using
OpenSSL with OpenSSL FIPS Object module. I wanted to know if we can add
engine support in OpenSSL FIPS Object module.
I welcome all valuable inputs.
Regards
Jayalakshmi.
On 07/05/2014 02:09 AM, Jayalakshmi bhat wrote:
Hi All,
We want to support a hardware accelerator on our device. We are using
OpenSSL with OpenSSL FIPS Object module. I wanted to know if we can add
engine support in OpenSSL FIPS Object module.
I welcome all valuable inputs.
First, please
On Sat, Jul 05, 2014, Jayalakshmi bhat wrote:
Hi All,
We want to support a hardware accelerator on our device. We are using
OpenSSL with OpenSSL FIPS Object module. I wanted to know if we can add
engine support in OpenSSL FIPS Object module.
If you literally mean adding ENGINE support
st...@openssl.org
wrote:
On Sat, Jul 05, 2014, Jayalakshmi bhat wrote:
Hi All,
We want to support a hardware accelerator on our device. We are using
OpenSSL with OpenSSL FIPS Object module. I wanted to know if we can add
engine support in OpenSSL FIPS Object module.
If you
Hi All,
We are using OpenSSL 1.0.1c along with OpenSSL FIPS object Module in our
product. Recently we have added TPM support. TPM chip is not FIPS
compliant. Hence in FIPS mode none of the SSL applications are working.
I wanted inputs on the following questions. I would be grateful to receive
On Fri, Jul 04, 2014, Jayalakshmi bhat wrote:
Hi All,
We are using OpenSSL 1.0.1c along with OpenSSL FIPS object Module in our
product. Recently we have added TPM support. TPM chip is not FIPS
compliant. Hence in FIPS mode none of the SSL applications are working.
I wanted inputs
On 07/04/2014 10:44 AM, Dr. Stephen Henson wrote:
On Fri, Jul 04, 2014, Jayalakshmi bhat wrote:
Hi All,
We are using OpenSSL 1.0.1c along with OpenSSL FIPS object Module in our
product. Recently we have added TPM support. TPM chip is not FIPS
compliant. Hence in FIPS mode none of the SSL
Hi Steve,
Thank you very much for the response. I have one more question. In order
use a FIPS 140-2 certified TPM hardware in OpenSSL FIPS enabled
environment, do I have to add engine support in OpenSSL FIPS Object Module
and go for private label?
Regards
Jayalakshmi
On Fri, Jul 4, 2014 at 8
Hi Steve,
Thanks a lot for the reply. I have one more question. In order use a FIPS
140-2 certified TPM hardware in OpenSSL FIPS enabled environment, do I have
to add engine support in OpenSSL FIPS Object Module and go for private
label?
Regards
Jayalakshmi
On Fri, Jul 4, 2014 at 8:14 PM, Dr
On 07/04/2014 12:06 PM, Jayalakshmi bhat wrote:
Hi Steve,
Thank you very much for the response. I have one more question. In order
use a FIPS 140-2 certified TPM hardware in OpenSSL FIPS enabled
environment, do I have to add engine support in OpenSSL FIPS Object Module
and go for private
certified TPM hardware in OpenSSL FIPS enabled
environment, do I have to add engine support in OpenSSL FIPS Object
Module
and go for private label?
I don't know enough about TPM to say for sure. If you have to make *any*
changes to the FIPS module code (which is likely) then you would need a
new
updates to existing validations. As a consequence we have been
unable to proceed with the addition of platforms to the #1747
validation, aka the OpenSSL FIPS Object Module 2.0.
I am pleased to report that after three months the CMVP has finally
issued the guidance that allows us to proceed with change
On 03/12/2014 01:19 AM, T, Satyanarayana (GE Healthcare) wrote:
Hi,
First thanks for the reply...
Just some clarification needed, The difference between two processors I see is
TI (AM37xx)Freescale(imx6)
1)ARMv7-A cortex A8Armv7-A cortex A9
2)
Hi,
I have some queries on fips object module validation for openssl:
I see in openssl project fips module that it is validated for linux 2.6 on some
platforms (ex: TIAM3xx (armv7), PowerPC etc). The compiler for linux 2.6 is
4.2/4.1 versions pointed.
We are planning to use freescale imx6
On 03/11/2014 06:16 AM, T, Satyanarayana (GE Healthcare) wrote:
Hi,
I have some queries on fips object module validation for openssl:
I see in openssl project fips module that it is validated for linux 2.6
on some platforms (ex: TIAM3xx (armv7), PowerPC etc). The compiler
@openssl.org
Cc: Vember, Ananth G (GE Healthcare)
Subject: Re: Questions on fips object module for openssl
On 03/11/2014 06:16 AM, T, Satyanarayana (GE Healthcare) wrote:
Hi,
I have some queries on fips object module validation for openssl:
I see in openssl project fips module
the case these requirements apply
retroactively to existing validations such as certificate #1747, the
OpenSSL FIPS Object Module 2.0.
A consequence of one of those requirements is a new format for the RSA
algorithm testing, per FIPS 186-4. As currently written the 2.0 module
cannot handle that new
On 01/29/2014 07:16 PM, Nath, Satyajit wrote:
Hi,
While building the fips object module on our OS (FreeBSD 7.1 based)
according to the instructions in
http://www.openssl.org/docs/fips/UserGuide-2.0.pdf, we ran into a
bug. We have things mostly working starting with
http
The Security Policy for the FIPS Object Module 2.0 states:
5.1 Exclusive Use of the FIPS Object Module for Cryptography
In order for the referencing application to claim FIPS 140-2 validation, all
cryptographic functions
utilized by the application must be provided exclusively by the FIPS Object
On 09/23/2013 04:16 PM, Jim Adams wrote:
The Security Policy for the FIPS Object Module 2.0 states:
5.1 Exclusive Use of the FIPS Object Module for Cryptography
In order for the referencing application to claim FIPS 140-2 validation,
all cryptographic functions
utilized by the application
Hi All,
This relates to 'OpenSSL Security Advisory [05 Feb 2013]' and the
accompanying CVEs. The bulletin did not address combinations of FIPS
Object Module and FIPS Capable Library Combinations.
Please forgive my ignorance. I don't like to take a lot of latitude or
license on these things. I'm
On 02/05/2013 03:11 PM, Jeffrey Walton wrote:
Hi All,
This relates to 'OpenSSL Security Advisory [05 Feb 2013]' and the
accompanying CVEs. The bulletin did not address combinations of FIPS
Object Module and FIPS Capable Library Combinations.
Please forgive my ignorance. I don't like
On 12/09/2012 04:33 AM, Jeffrey Walton wrote:
Hi All,
On page 133 of the User Guide 2.0 for the OpenSSL FIPS Object Module
v2.0, the document (book?) talks about symbol renaming. The discussion
occurs in Appendix I, API Entry Points by Source File, and the text
is below.
Why does symbol
Hi All,
On page 133 of the User Guide 2.0 for the OpenSSL FIPS Object Module
v2.0, the document (book?) talks about symbol renaming. The discussion
occurs in Appendix I, API Entry Points by Source File, and the text
is below.
Why does symbol renaming occur?
Jeff
Symbol renaming: Some symbol
We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
and I'd like to test out this set of assumptions (or maybe they are
'assertions')
- In the context of OpenSSL, FIPS compliance is all about algorithm
choice. In FIPS mode (FIPS_mode_set() returns success),
On Tue, Nov 13, 2012 at 4:26 PM, mclellan, dave dave.mclel...@emc.com wrote:
We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
and I’d like to test out this set of assumptions (or maybe they are
‘assertions’)
- In the context of OpenSSL, FIPS compliance is
.
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of mclellan, dave
Sent: Tuesday, November 13, 2012 4:26 PM
To: openssl-users@openssl.org
Subject: OpenSSL/FIPS Object Module
: Thursday, November 15, 2012 10:17 AM
To: openssl-users@openssl.org
Subject: RE: OpenSSL/FIPS Object Module and FIPS compliance - testing some
assertions
The term 'FIPS compliant' does not refer to the software capability, but to the
implementation used to perform the cryptographic operations
[If this is posted a 2nd time, my apologies, I believe my subscription was
broken]
We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
and I'd like to test out this set of assumptions (or maybe they are
'assertions')
- In the context of OpenSSL, FIPS
On Wed, Nov 14, 2012 at 3:25 PM, mclellan, dave dave.mclel...@emc.com wrote:
...
We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
and I’d like to test out this set of assumptions (or maybe they are
‘assertions’)
- In the context of OpenSSL, FIPS
...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Wednesday, November 14, 2012 3:57 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL/FIPS Object Module and FIPS compliance - testing some
assertions
On Wed, Nov 14, 2012 at 3:25 PM, mclellan, dave dave.mclel...@emc.com wrote:
...
We are starting our
Object Module and FIPS compliance - testing some
assertions
On Wed, Nov 14, 2012 at 3:25 PM, mclellan, dave dave.mclel...@emc.com wrote:
...
We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1)
and I’d like to test out this set of assumptions (or maybe
On 11/14/2012 04:21 PM, mclellan, dave wrote:
Thanks for that clarification. It's not so cut and dry, I see.
About this: ... and don't even bother to build fipscanister.o... Then on
what grounds could they claim FIPS compliance?
There is a common confusion between FIPS compliant
and generate the proper library?
In this context it means we expect to be adding iOS to the OpenSSL FIPS
Object Module 2.0 (#1747) validation as a formally tested platform
(Operational Environment), which will mean that module can be used on
iOS where FIPS 140-2 validation is required.
2. Since
or is
it
simple changes in the configure script to make the code compile
correctly
in a specific OS and generate the proper library?
In this context it means we expect to be adding iOS to the OpenSSL FIPS
Object Module 2.0 (#1747) validation as a formally tested platform
(Operational Environment), which
assume this module will work with both OpenSSL 1.0.0 and 1.0.1?
No, the OpenSSL FIPS Object Module 1.2.4 is only compatible with OpenSSL
0.9.8.
We do expect to be adding support for iOS to the 2.0 FIPS module in the
near future. The 2.0 FIPS module is compatible with OpenSSL 1.0.1
On 07/03/2012 07:35 PM, Alex Chen wrote:
I assume this module will work with both OpenSSL 1.0.0 and 1.0.1?
No, the OpenSSL FIPS Object Module 1.2.4 is only compatible with OpenSSL
0.9.8.
We do expect to be adding support for iOS to the 2.0 FIPS module in the
near future. The 2.0 FIPS module
I assume this module will work with both OpenSSL 1.0.0 and 1.0.1?
On 6/25/12 7:03 AM, Steve Marquess marqu...@opensslfoundation.com
wrote:
The OpenSSL FIPS Object Module 1.2 has been extended to include support
for the iOS and Mac OS X operating systems, as the newly released
revision 1.2.4
On 06/30/2012 08:55 PM, Paul Suhler wrote:
I see that the FIPS 2.0 tarball is not available online. Moreover,
the link to request a CD (http://openssl.com/fips/verify.html)
doesn't work.
Should be fixed now ... we've only recently recovered from a major and
extended power outage.
-Steve M.
I do wonder if this is the proper time place to discuss the implications
of requiring source code to have been obtained by a secure path excluding
the internet. Can an internet-enabled open source therefore be considered
secure by that definition?
--
Keith Bennett
On 06/28/2012 12:42 PM, Keith Bennett wrote:
I do wonder if this is the proper time place to discuss the
implications of requiring source code to have been obtained by a secure
path excluding the internet. Can an internet-enabled open source
therefore be considered secure by that definition?
On 06/28/2012 06:42 PM, Keith Bennett wrote:
I do wonder if this is the proper time place to discuss the
implications of requiring source code to have been obtained by a
secure path excluding the internet. Can an internet-enabled open
source therefore be considered secure by that definition?
On 06/28/2012 01:17 PM, Magosányi, Árpád wrote:
On 06/28/2012 06:42 PM, Keith Bennett wrote:
I do wonder if this is the proper time place to discuss the
implications of requiring source code to have been obtained by a
secure path excluding the internet. Can an internet-enabled open
source
When the validation is obtained for FIPS Object Module v2.0, and that
version is officially released, will there also be an update to OpenSSL? Or
are those two now independent as long as v1.0.1 is used with the FIPS
module?
Thanks,
Kevin
On 04/23/2012 09:17 AM, Kevin Fowler wrote:
When the validation is obtained for FIPS Object Module v2.0, and that
version is officially released, will there also be an update to OpenSSL?
Or are those two now independent as long as v1.0.1 is used with the FIPS
module?
The new OpenSSL FIPS
On Fri, Mar 16, 2012, Alex Chen wrote:
I have downloaded the OpenSSL 1.0.1 and FIPS object module v1.2.
Don't. OpenSSL 1.0.1 works with the (currently) unvalidated 2.0 module. If you
want to use the 1.2.x module use OpenSSL 0.9.8.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core
My mistake in the subject line in previous mail. What I have actually
downloaded is FIPS 2.0.
The questions below are still valid.
Alex
On Mar 16, 2012, at 6:48 PM, Alex Chen alex_c...@filemaker.com wrote:
I have downloaded the OpenSSL 1.0.1 and FIPS object module v2.0. Both will
build
On Fri, Mar 16, 2012, Alex Chen wrote:
I have downloaded the OpenSSL 1.0.1 and FIPS object module v1.2. Both will
build a libcrypto.a library. I have some questions and hope someone can
clarify them for me. This FIPS thing is totally new so please if forgive me
if the questions are off
I have downloaded the OpenSSL 1.0.1 and FIPS object module v1.2. Both will
build a libcrypto.a library. I have some questions and hope someone can
clarify them for me.
This FIPS thing is totally new so please if forgive me if the questions are off
the target.
1. Is the crypto code in FIPS
I've received a number of queries about the reference in the recently
released OpenSSL 1.0.1 to Preliminary FIPS capability for unvalidated
2.0 FIPS module.
OpenSSL 1.0.1 is designed to support use of that FIPS 140-2
cryptographic module to provide a FIPS compatible API. However, the
formal
On 03/08/2012 08:49 PM, Ashit Vora wrote:
Steve,
First let me clarify that it isn't my intent to challenge OpenSSL
validation. In fact the reason I started down this path is because I
have a product that uses v1.2 and needs to claim FIPS compliance. I
cannot legitimately make that claim if
Steve,
Please see response from Randy (CMVP Director) below. It clearly indicates
older versions (including v1.2) are no longer considered validated since
they are not listed on the website:
*Ashit,
You can always view the change history by downloading the CMVP Validation
DB from:
On 03/09/2012 11:18 AM, Ashit Vora wrote:
Steve,
Please see response from Randy (CMVP Director) below. It clearly
indicates older versions (including v1.2) are no longer considered
validated since they are not listed on the website:
Randy is the man, so I stand corrected. A huge number of
Thanks Steve. I will look out for the update on the CMVP webpage.
-Ashit
On Fri, Mar 9, 2012 at 1:12 PM, Steve Marquess
marqu...@opensslfoundation.com wrote:
On 03/09/2012 11:18 AM, Ashit Vora wrote:
Steve,
Please see response from Randy (CMVP Director) below. It clearly
indicates
Hello,
I searched the archives but did not find the answer to this question.
What is the reason OpenSSL FIPS Object Module v1.2 is no longer listed as
FIPS validated? It seems only v1.2.3 is now listed:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1051
Thanks in advance
On 03/08/2012 01:43 PM, Ashit Vora wrote:
Hello,
I searched the archives but did not find the answer to this question.
What is the reason OpenSSL FIPS Object Module v1.2 is no longer listed
as FIPS validated? It seems only v1.2.3 is now listed:
That's because the original validation #1051
On Thu, Mar 8, 2012 at 3:46 PM, Steve Marquess
marqu...@opensslfoundation.com wrote:
On 03/08/2012 01:43 PM, Ashit Vora wrote:
Hello,
I searched the archives but did not find the answer to this question.
What is the reason OpenSSL FIPS Object Module v1.2 is no longer listed
as FIPS
On 03/08/2012 04:05 PM, Ashit Vora wrote:
Thanks Steve. This makes sense (i.e. newer versions subsuming older
versions).
However given that 1.2 is no longer listed on the NIST website, that
version can no longer be considered FIPS validated. This is an issue for
deployed products that have
On 03/08/2012 05:12 PM, Steve Marquess wrote:
On 03/08/2012 04:05 PM, Ashit Vora wrote:
Thanks Steve. This makes sense (i.e. newer versions subsuming older
versions).
However given that 1.2 is no longer listed on the NIST website, that
version can no longer be considered FIPS validated. This
Regarding the certificate, it will never be updated. Whenever the CMVP
updates a listing because of a change letter process (IG G.5 scenario 1)
they only update the website listing. They never update the certificate.
The understanding is that the website listing supersedes the certificate.
Please
1 - 100 of 152 matches
Mail list logo