Hi,
On invoking FIPS_mode_set(1), the self test would be run internally
first. The test would be run for all modules like dsa, rsa, rng, etc.
This error indicates a failure in any of these self test run.
Try to view the "FIPSerr" which could show you which module's test
actually failed; so you ca
This call fails on two platforms with:
fips.c(143): OpenSSL internal error, assertion failed: FATAL FIPS
SELFTEST FAILURE
(or line 139)
The openssl installs are:
OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL 1.0.2g-fips 1 Mar 2016
Any hints? Do I have to call a self test before entering
Thanks Matthias for your response.
I have a different question:
Per your suggestion in the previous email, FIPS_mode_set() can be moved
inside of OPENSSL_init(), in order to force the FIPS mode enabled in the
library level.
However currently OPENSSL_init() is actually invoked from within
FIPS_mo
Am 05.03.2018 um 19:55 schrieb Alan Dean:
> Thanks a lot Matthias for the suggestion.
>
> I have few follow-up questions below:
>
Please see my other replies.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Am 05.03.2018 um 20:07 schrieb Salz, Rich via openssl-users:
>
> * Did you mean if an application uses the low level crypto algorithm
> functions (e.g. SHA256_Init/ SHA256_Update/ SHA256_Final) then
> they won't work under FIPS mode (and hence may cause unpredictable
> issues)?
>
>
* Did you mean if an application uses the low level crypto algorithm
functions (e.g. SHA256_Init/ SHA256_Update/ SHA256_Final) then they won't work
under FIPS mode (and hence may cause unpredictable issues)?
Yes.
It’s not unpredictable issues, but rather that your application cannot claim t
On Mon, Mar 5, 2018 at 3:04 AM, Dr. Matthias St. Pierre <
matthias.st.pie...@ncp-e.com> wrote:
>
>
> On 05.03.2018 11:57, Dr. Matthias St. Pierre wrote:
> >
> > However, I am sceptical whether this approach will be accepted,
> > because there are (at least) two potential problems:
> >
> > * Normal
Thanks a lot Matthias for the suggestion.
I have few follow-up questions below:
On Mon, Mar 5, 2018 at 2:57 AM, Dr. Matthias St. Pierre <
matthias.st.pie...@ncp-e.com> wrote:
>
>
> On 05.03.2018 10:46, Alan Dean wrote:
>
> Question 1: Is it even feasible to make the FIPS mode always enabled for
Dr. Matthias St. Pierre wrote:
> On 05.03.2018 10:46, Alan Dean wrote:
>> Question 1: Is it even feasible to make the FIPS mode always enabled
>> for the whole OpenSSL library (i.e. for both libcrypto and libssl), so
> The optimal location for inserting the FIPS_mode_set(1) call
Hi all
As many of you know we are looking to change the licence for OpenSSL to
the Apache Licence. To do that we are trying to trace all previous
committers.
We have a small number of people left to find. See:
https://license.openssl.org/trying-to-find
Of these one stands out as being a particu
On 05.03.2018 11:57, Dr. Matthias St. Pierre wrote:
>
> However, I am sceptical whether this approach will be accepted,
> because there are (at least) two potential problems:
>
> * Normally, it is mandatory to check the result of FIPS_mode_set() or
> FIPS_mode() to ensure that the FIPS initializa
On 05.03.2018 10:46, Alan Dean wrote:
> Question 1: Is it even feasible to make the FIPS mode always enabled
> for the whole OpenSSL library (i.e. for both libcrypto and libssl), so
> that most the applications which dynamically linked to libcrypto and
> libssl will be automatically use OpenSSL F
Hi All:
I am working on a project to integrate the OpenSSL FIPS capable library
into our product platform. (We will be doing our own FIPS 140-2 level 1
certification)
There are a large number of third party applications/ library (e.g. wget,
libcurl, postfix, etc) run on our platform which use Ope
On 04/03/18 02:22, Adam Shannon wrote:
> Was there a change included in the 1.1.0 series which prints names
> differently? I've looked, but been unable to narrow down what in
> specific changed.
This was changed by commit f1cece554d.
The default "nameopt" setting for the x509 app (and a few oth
14 matches
Mail list logo
