Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)

2012-02-27 Thread Gatewood_Green
Is it possible to build a "debuggable" version of the canister (eg does not fail the fingerprint test)? Thanks, Woody Dr. Stephen Henson wrote on 02/27/2012 03:04 PM: > > On Mon, Feb 27, 2012, gatewood_gr...@mcafee.com wrote: > > > Even without linking the canister (not using fipsld), if I use t

Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)

2012-02-27 Thread Gatewood_Green
Even if I want to run in FIPS mode the RAND_status() should remain as-was and not remapped? That asked, I rebuilt per suggestion and RAND_status() succeeds, but FIPS_rand_status() still fails as does FIPS_selftest() and FIPS_rand_bytes(). ~/ # ./fips_can_test64 RAND_status (pre FIPS mode) succeed

intel-accel-1.4 on FreeBSD variant

2012-02-27 Thread no_spam_98
I built the intel-accel-1.4 engine under a FreeBSD variant.  However, when I specify its use on the command: env OPENSSL_ENGINES=`pwd` openssl speed -evp rc4 -engine intel-accel gdb shows me that the RC4 function from libcrypto.so is getting used - not the one from the libintel-accel.so.  If I

Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)

2012-02-27 Thread Dr. Stephen Henson
On Mon, Feb 27, 2012, gatewood_gr...@mcafee.com wrote: > Even without linking the canister (not using fipsld), if I use the FIPS > includes, RAND_status() fails. According to nm, the RAND_status is > still redirected to FIPS_rand_status. > > Ah you're including the FIPS module header files if

Re: Openssl-1.0.1/FIPS-2.0 FIPS_selftest() fails after successful FIPS_mode_set(1)

2012-02-27 Thread Gatewood_Green
Even without linking the canister (not using fipsld), if I use the FIPS includes, RAND_status() fails. According to nm, the RAND_status is still redirected to FIPS_rand_status. If I use the libcrypto by itself with the native includes only and without fipsld, the PRNG seeds fine. As expected, n

Re: Windows 7/IE8 CAC enabled sites

2012-02-27 Thread Dr. Stephen Henson
On Mon, Feb 27, 2012, Tammany, Curtis wrote: > There are the only messages that were appearing in the log: > [Fri Feb 24 15:16:23 2012] [error] [client XX.XX.XXX.XX] Certificate > Verification: Error (20): unable to get local issuer certificate > [Fri Feb 24 15:16:23 2012] [error] [client XX.XX.X

RE: Windows 7/IE8 CAC enabled sites

2012-02-27 Thread Tammany, Curtis
There are the only messages that were appearing in the log: [Fri Feb 24 15:16:23 2012] [error] [client XX.XX.XXX.XX] Certificate Verification: Error (20): unable to get local issuer certificate [Fri Feb 24 15:16:23 2012] [error] [client XX.XX.XXX.XX] Re-negotiation handshake failed: Not accepted

diffie hellman

2012-02-27 Thread Benamar Lydia
hello, i want to use diffie hellman to establish a connexion between two nodes in ns2. please, I need documentation. thank's. __ OpenSSL Project http://www.openssl.org User Support Mailing List