Re: how to compile openssl with -bindist option

Hi Matt, One more doubt. Please let me know if I compiled my openssl 0.9.8za without -no-ec option and I am not using this alogorithm in any of my application then shall I can say my application is fips complaint? Thanks, Gayathri On Wed, Aug 6, 2014 at 7:22 PM, Gayathri Manoj wrote: > Hi, >

Re: Build problem with FIPS-enabled 1.0.1i, Linux 32 and 64-bit

On Wed, Aug 06, 2014, Porter, Andrew wrote: > The "make test" step for FIPS-enabled 1.0.1i is failing for me in the ectest > (elliptic curves) section with: > > SEC2 curve secp160r1 -- Generator: > x = 0x4A96B5688EF573284664698968C38BB913CBFC82 > y = 0x23A628553168947D59DCC912042351377

Re: SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 option flags

On Wed, Aug 06, 2014 at 05:32:08PM -0700, Alex Chen wrote: > I assume SSL_OP_NO_TLSv1 affect TLS v1.0 only but not TLS v1.x in general? Correct. -- Viktor. __ OpenSSL Project http://www.o

SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 option flags

I assume SSL_OP_NO_TLSv1 affect TLS v1.0 only but not TLS v1.x in general? Alex

Build problem with FIPS-enabled 1.0.1i, Linux 32 and 64-bit

The "make test" step for FIPS-enabled 1.0.1i is failing for me in the ectest (elliptic curves) section with: SEC2 curve secp160r1 -- Generator: x = 0x4A96B5688EF573284664698968C38BB913CBFC82 y = 0x23A628553168947D59DCC912042351377AC5FB32 verify degree ... ok verify group order ok l

Re: Support for AES-GCM on OpenSSL-0.9.8

On 06/08/14 19:32, Mukesh Yadav wrote: > Hi, > > AES_GCM is supported on OpenSSL-1.0.1 > Regarding support on OpenSSL-0.9.8, have found patch on link below. > http://rt.openssl.org/Ticket/Display.html?id=2092&user=guest&pass=guest > > From various opensource discussion, it seems it cleanly ap

OpenSSL Security Advisory

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [6 Aug 2014] Information leak in pretty printing functions (CVE-2014-3508) = A flaw in OBJ_obj2txt may cause pretty printin

OpenSSL version 0.9.8zb released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8zb released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8zb of our open sourc

OpenSSL version 1.0.0n released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0n released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0n of our open source

OpenSSL version 1.0.1i released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1i released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1i of our open source

Support for AES-GCM on OpenSSL-0.9.8

Hi, AES_GCM is supported on OpenSSL-1.0.1 Regarding support on OpenSSL-0.9.8, have found patch on link below. http://rt.openssl.org/Ticket/Display.html?id=2092&user=guest&pass=guest >From various opensource discussion, it seems it cleanly apply to old version. Is it ok for this patch to be used o

Re: how to compile openssl with -bindist option

Hi, Thanks for your update. We tried to compile without -no-ec . but its got failed. Thanks, Gayathri On Wed, Aug 6, 2014 at 7:16 PM, Matt Caswell wrote: > On 6 August 2014 14:35, Gayathri Manoj wrote: > > Hi Matt, > > > > Is there any solution to compile openssl-0.9.8za without -no-ec opti

Re: how to compile openssl with -bindist option

On 6 August 2014 14:35, Gayathri Manoj wrote: > Hi Matt, > > Is there any solution to compile openssl-0.9.8za without -no-ec option. Or > do we have any patch available to fix the fips breakage issue. > Known issues in OpenSSL 0.9.8za: > > FIPS capable link failure with missing symbol BN_consttime

Re: how to compile openssl with -bindist option

Hi Matt, Is there any solution to compile openssl-0.9.8za without -no-ec option. Or do we have any patch available to fix the fips breakage issue. *Known issues in OpenSSL 0.9.8za:* - FIPS capable link failure with missing symbol BN_consttime_swap. Fixed in 0.9.8zb-dev. Workaround is to com

Re: how to compile openssl with -bindist option

On 6 August 2014 14:12, Gayathri Manoj wrote: > Hi Matt, > > Thanks Matt. > > My actual issue is that I am not able to generate ecdsa keys after upgrading > openssl version from 0.9.8y to 0.9.8za. For making our openssl fips > compliant we complied the same with -no-ec option that is recommended b

Re: how to compile openssl with -bindist option

Hi Matt, Thanks Matt. My actual issue is that I am not able to generate ecdsa keys after upgrading openssl version from 0.9.8y to 0.9.8za. For making our openssl fips compliant we complied the same with -no-ec option that is recommended by openssl fourm. For this issueIi goggled and got this inf

Re: how to compile openssl with -bindist option

On 6 August 2014 11:27, Gayathri Manoj wrote: > Hi All, > > Please let me know how to compile openssl with -bindist option. > I suspect you are asking this on the wrong forum as I think this is a gentoo thing not an openssl thing. With the caveat that I know nothing about gentoo, a few minutes g

how to compile openssl with -bindist option

Hi All, Please let me know how to compile openssl with -bindist option. Thanks, Gayathri

Unable to generate key using ecdsa

Hi All, I have installed openssl-0.9.8za with -no-ec option. But after this i am not able to generate ecdsa keys . # ssh-keygen -t ecdsa -b 1024 unknown key type ecdsa # Earlier I am able to do the same with openssl-0.9.8y version. Please let me know how can I solve this issue. Thanks, Gayath