How do I make the FIPS module point to the FIPS capable version that has been
built?
Look for the --with-fipslibdir option referenced in UserGuide 2.0. There is
also a --with-fipsdir that I don't believe is talked about in the document.
You might want to run ldd on your app executable to
In implementing AES-CMAC-128 over a message, I assumed it would be
equivalent in OpenSSL to hand the EVP_aes_128_cbc() EVP_CIPHER to CMAC, as
I did not see a regular AES-128 EVP_CIPHER availble.
It looks like sending AES-CBC into CMAC is the same thing as AES-CMAC-128.
Question answered.
Hi folks,
Thanks for your help with previous questions. I have a new one, which
should hopefully be quick:
In implementing AES-CMAC-128 over a message, I assumed it would be
equivalent in OpenSSL to hand the EVP_aes_128_cbc() EVP_CIPHER to CMAC, as
I did not see a regular AES-128 EVP_CIPHER
I want to make sure I don't potentially report openssl bugs that someone else
has already reported. Is there a database of open openssl bugs that I
haven't seen the link to, somewhere?
Thanks,
Cassie
__
OpenSSL Project
Hi folks,
I'm looking to compile fips and openssl with gdb symbols. So far both
compilations are unhappy with
make CFLAGS=-g
after doing my typical config stuff.
I noticed there are some debug options for fips/Configure, if you look really
hard in the Configure file...I think these typically
Actually, my real question was, where can I see a list of bugs that are
already reported for openssl, so I can anticipate certain openssl
functions failing? I wish I could contribute more to the source by
reporting bugs, but I have so many of my own already...and would like
to be able to see
I'm seeing odd failures in the MD4/MD4_Init functions and I can't
debug them with gdb because I can't see what the source is doing.
Maybe I should add that I've verified that FIPS_mode is turned on right before
my failing MD4 calls (think OpenSSLDie()), and I didn't do anything special
to
Maybe I should add that I've verified that FIPS_mode is turned on right before
my failing MD4 calls (think OpenSSLDie()), and I didn't do anything special
to compile or turn on the MD4 algorithm.could that be where I'm missing a
step?
Ah yes, now I see that what I am trying to do is
Eventually I solved this problem. Here is the set of commands I need to use to
generate the shared fips-capable openssl libraries:
su
cd fips // wherever that may be
./config
make
make install
// this installs fipscanister.o and adjacent files into /usr/local/ssl/fips-2.0/
cd openssl // still
ar: creating ../libcrypto.a
[ -z /usr/local/ssl/fips-2.0/lib ] || ar r ../libcrypto.a
/usr/local/ssl/fips-2.0/libfipscanister.o
ar: /usr/local/ssl/fips-2.0/libfipscanister.o: No such file or directory
Here is your problem, perhaps -- missing a slash at the end of lib. Should be
pointing to
Cassie Helms cassie.helms@... writes:
Built fips_algvs on build system and scp'd to target system as suggested.
Hmm. I incorporated building fips_algvs into my build system and ran it from
the
rpm install on the target machine. I get different results now -- can anyone
point to what
Dr. Stephen Henson steve@... writes:
Integrity test started
ERROR:2D06B06F:lib=45,func=107,reason=111:file=fips.c:line=229
Integrity test Failed Incorrectly!!
Well that error indicates the fingerprint error. The question is what is
different about the two build
Hi folks,
I have a FIPS capable OpenSSL library, where libcrypto.so and libssl.so get
linked into my product during build. I'm using FIPS 2.0 and OpenSSL 1.0.1c.
To the best of my knowledge, on the build machine I can do the following:
for fips, I call
./config
make
make install
where I give
What platform is the target system?
cat /etc/*-release: RHEL Server 5.5 (Tikanga)
uname -mrs: Linux 2.6.18-194.el5 x86_64
Build system specs are the same as these.
After you build the validated module do this:
make build_algvs
This should build an fips_algvs binary in the test directory.
Apologies, this thread is a duplicate of the one Dr. Henson is already
responding to. The authentication system made it unclear whether or
not my original question would post yesterday. Please do not respond
to this thread.
Cassie
Hi folks,
I have dynamically linked a FIPS capable OpenSSL library (libcrypto.so and
libssl.so) into my product's build, but still get a fingerprint does not
match
error when I call FIPS_mode_set(1). This is using a validated copy of FIPS 2.0
source and OpenSSL 1.0.1c.
The full error is:
16 matches
Mail list logo
