openssl FIPS 140-2 certificate after 2010

2010-07-14 Thread David Stafford
What are the issues, if any, with using the "FIPS module" after the end of 2010 ? Does the certificate number 1051 become invalid ? Thanks, David Stafford __ OpenSSL Project http://www.openssl.org U

Re: crash from curl with pkcs12 certs and threads

2010-07-14 Thread Brian Makin
On Thu, 2010-07-08 at 18:54 +0200, Dr. Stephen Henson wrote: > On Thu, Jul 08, 2010, Brian Makin wrote: > > > > > Ahh, got it. > > in crypto/evp/evp_pbe.c:EvP_PBE_alg_add > > pbe_tmp isn't initialized which means sometimes it has a bogus value. > > > > 119c119 > > < EVP_PBE_CTL *pbe_tmp = NULL

Re: OpenSSL 1.0.0a and FIPS

2010-07-14 Thread Warren Halstead
Thank you all for your replies. I guess I will regress to 0.9.8 and see what happens with 1.0 V/R, ~Warren __ OpenSSL Project http://www.openssl.org User Support Mailing Listope

Re: handling SSL_ERROR_ZERO_RETURN from SSL_read

2010-07-14 Thread Amit Ben Shahar
Assuming i'm only using SSL_set_bio to assign a BIO to the SSL object (all other calls are read/write), will the SSL_free suffice? Amit On Wed, Jul 14, 2010 at 16:08, Darryl Miles wrote: > Amit Ben Shahar wrote: >> >> The documentation specifies that SSL_ERROR_ZERO_RETURN is returned if >> the

Re: handling SSL_ERROR_ZERO_RETURN from SSL_read

2010-07-14 Thread Darryl Miles
Amit Ben Shahar wrote: The documentation specifies that SSL_ERROR_ZERO_RETURN is returned if the transport layer is closed normally. My question is, how should i handle this return code? specifically should i call SSL_free normally to free resources, or are resources already freed? Yes you need

Re: OpenSSL 1.0.0a and FIPS

2010-07-14 Thread Dr. Stephen Henson
On Wed, Jul 14, 2010, Anil Tambe wrote: > >> Is "fips" no longer a valid flag to incorporate the FIPS library in > 1.0.0a? > Yes , FIPS support is removed in 1.0.X series , please also read the below. Well it wasn't actually "removed" as never ported. Here is roughly how things went: The funding

Re: OpenSSL 1.0.0a and FIPS

2010-07-14 Thread Steve Marquess
Warren Halstead wrote: > Using OpenSSL 1.0.0a and OpenSSL FIPS 1.2 on Debian 5 > > After the configuration and installation of FIPS 1.2, I go into the > openssl-1.0.0a directory and attempt to run > > ./config fips --openssldir=/etc/ssl --prefix=/usr shared > > The text I get back is: > > Operating

Re: encrypting long strings

2010-07-14 Thread Jakob Bohm
On 14-07-2010 07:52, Jeffrey Walton wrote: On Tue, Jul 13, 2010 at 3:04 PM, Jakob Bohm wrote: On 13-07-2010 15:00, Jeffrey Walton wrote: [SNIP] proponents of the RSA and DH algorithms said that the number was wildly exaggerated and proposed some much smaller values. I'm not willing to g

Re: OpenSSL 1.0.0a and FIPS

2010-07-14 Thread Anil Tambe
>> Is "fips" no longer a valid flag to incorporate the FIPS library in 1.0.0a? Yes , FIPS support is removed in 1.0.X series , please also read the below. http://www.mail-archive.com/openssl-users@openssl.org/msg60593.html http://www.openssl.org/docs/fips/fipsnotes.html