Building FIPS module on sparc 64bit

Hi, Building the FIPS module on sparc 64-bit is generating a 32-bit binary. The following message is in the output: WARNING! If you wish to build 64-bit library, then you have to invoke './Configure solaris64-sparcv9-cc' *manually*. My understanding is that building with that c

Re: Building FIPS module on sparc 64bit

x27;t see anything that suggests you can't use no-asm with SPARC. On Thu, Feb 14, 2013 at 8:55 AM, Steve Marquess wrote: > On 02/13/2013 06:58 PM, Zeke Evans wrote: >> Hi, >> >> Building the FIPS module on sparc 64-bit is generating a 32-bit >> binary. The follow

bn_mul_mont_fpu multiply-defined error building sparc64 fips capable shared object

I get an error building a fips capable shared object on sparc64. ./config fips shared make depend make ld: fatal: symbol 'bn_mul_mont_fpu' is multiply-defined: (file /usr/local/ssl/fips-2.0/lib//fipscanister.o type=FUNC; file libcrypto.a(sparcv9a-mont.o) type=FUNC); ld: fatal: file proce

bn_mul_mont_fpu multiply-defined error

I get an error building a fips capable shared object on sparc64. ./config fips shared make depend make ld: fatal: symbol 'bn_mul_mont_fpu' is multiply-defined: (file /usr/local/ssl/fips-2.0/lib//fipscanister.o type=FUNC; file libcrypto.a(sparcv9a-mont.o) type=FUNC); ld: fatal: file processing err

Re: bn_mul_mont_fpu multiply-defined error

tion 3.2: > > "note the ./config 'shared' option is forbidden by the terms of the > validation when building a FIPS validated module, but the fipscanister.o > object module can be used in a shared library." > > -Original Message- > From: owner-open

Re: bn_mul_mont_fpu multiply-defined error

That resolved the issue. Thanks! On Thu, Jul 4, 2013 at 4:22 AM, Dr. Stephen Henson wrote: > On Wed, Jul 03, 2013, Zeke Evans wrote: > >> I built the FIPS module as specified in the User Guide (only using >> ./config). The 'bn_mul_mont_fpu' multiply-defined error

PKCS12 APIs with fips 3.0

module. Will they be supported in 3.0 with fips? If not, is there a way for applications running in fips approved mode to support the same functionality and use existing stores/files that contain PKCS12 objects? Thanks, Zeke Evans Micro Focus

RE: PKCS12 APIs with fips 3.0

files in order to maintain backwards compatibility. Is there a recommended method going forward that would allow reading and writing to a key store while only using the fips provider? Thanks, Zeke Evans Micro Focus -Original Message- From: openssl-users On Behalf Of Dr Paul Dale Sent: T

RE: PKCS12 APIs with fips 3.0

That works. Thanks! -Original Message- From: openssl-users On Behalf Of Dr Paul Dale Sent: Tuesday, January 26, 2021 6:01 PM You could set the default property query to "?fips=yes". This will prefer FIPS algorithms over any others but will not prevent other algorithms from being fet

client authentication status

fail then they could block. Thanks, Zeke Evans

RE: client authentication status

Thanks for the explanation. I figured I was headed down a dead end. This will at least help me figure out how to handle things appropriately. Zeke Evans

FIPS validation and documents

ished somewhere. Are there plans to publish the FIPS documents? When and where do you think we'll see those? Thanks, Zeke Evans Micro Focus

[openssl-users] Does CVE-2014-3569 apply without the no-ssl3 build option

Is an OpenSSL 1.0.1j build that does not use the no-ssl3 build option still vulnerable to CVE-2014-3569? It seems the SSLv3 handshake to a no-ssl3 application scenario is just one way to exploit this and that the ssl23_get_client_hello function causes this issue for any unsupported or unrecognized

Re: [openssl-users] Does CVE-2014-3569 apply without the no-ssl3 build option

Thanks for clarifying. On Tue, Dec 30, 2014 at 5:55 AM, Kurt Roeckx wrote: > On Mon, Dec 29, 2014 at 10:37:49AM -0700, Zeke Evans wrote: >> Is an OpenSSL 1.0.1j build that does not use the no-ssl3 build option >> still vulnerable to CVE-2014-3569? It seems the SSLv3 handshake

[openssl-users] fingerprint mismatch issue with fips build on Win32

Hi, Our win32 applications will sometimes fail to start due to a fingerprint mismatch in the fips module. It appears this is caused by the fixed baseaddr used to verify the checksum. We are building with the /FIXED and /DYNAMICBASE:NO options. The User Guide states: "The standard OpenSSL build

Re: [openssl-users] new FIPS module

Support compilation in various forms" will address this or not. An option to compile the fips module as a dll instead of a static lib would be nice or at least allow the fips capable module to be rebased. Zeke Evans Senior Software Engineer Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] FIPS 140-2 key wrapping transition

validations on the Active Validation List that implement the previously allowed AES or TDEA key wrapping: * Entries will be moved to the Historical List. Can someone verify whether the FIPS 2.0 validation is affected by this? Thanks, Zeke Evans Senior Software Engineer Micro Focus -- openssl-users

Re: [openssl-users] FIPS 140-2 key wrapping transition

surrounding this. Thanks for your help! Zeke Evans Senior Software Engineer Micro Focus From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich via openssl-users Sent: Friday, February 02, 2018 5:26 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] FIPS 140

Re: [openssl-users] [openssl-project] OpenSSL 3.0 and FIPS Update

platforms can be validated would also be helpful. Thanks, Zeke Evans Senior Software Engineer, Micro Focus From: openssl-project on behalf of Matt Caswell Sent: Wednesday, February 13, 2019 4:26 AM To: openssl-annou...@openssl.org; openssl-users@openssl.org