Wow... That is certainly a very unfortunate limitation... Thank you for
clarifying... Bill
On Dec 19, 2012, at 6:40 AM, Steve Marquess wrote:
> On 12/19/2012 05:21 AM, Bill Durant wrote:
>> Hello Jeffrey:
>>
>> Thank you for the response.
>>
>> So FIPS mod
Hello Jeffrey:
Thank you for the response.
So FIPS mode enable is supported on non-SSE2 processors *only* with a
fipscanister that is built with the "no-asm" option?
Thanks,
Bill
On Dec 19, 2012, at 1:13 AM, Jeffrey Walton wrote:
> On Tue, Dec 18, 2012 at 11:15 PM, Bill Durant
Hello:
Is it not possible to build a FIPS-capable OpenSSL with assembly language
optimization enabled in the fipscanister that works under non-SSE2 capable
processors?
On SUSE Linux Enterprise Server 10, I have built the fipscanister with assembly
language optimization enabled as follows:
Thank you Jeff. I will take a look. -Bill
On Nov 27, 2012, at 5:59 AM, Jeffrey Walton wrote:
> On Mon, Nov 26, 2012 at 5:59 PM, Bill Durant wrote:
>> Hello:
>>
>> Is PKCS5_PBKDF2_HMAC() thread safe?
> See the "Is OpenSSL thread-safe?" under the PROG section
Hello:
Is PKCS5_PBKDF2_HMAC() thread safe?
Thanks,
Bill
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Hello,
Does RAND_bytes() now defaults to the full implementation of NIST SP 800-90
DRBG, while in FIPS mode with the latest FIPS-capable OpenSSL 1.0.1?
Per code inspection, that is what it looks like. But just wanted to double
check to be 100% certain.
If that is the case, is the continuous
On Nov 1, 2011, at 4:34 PM, Bill Durant wrote:
> On Nov 1, 2011, at 4:23 PM, Dr. Stephen Henson wrote:
>> On Tue, Nov 01, 2011, Bill Durant wrote:
>>
>>> Hello,
>>>
>>> What is the procedure for building a FIPS-capable OpenSSL snapshot on
>>
On Nov 1, 2011, at 4:23 PM, Dr. Stephen Henson wrote:
> On Tue, Nov 01, 2011, Bill Durant wrote:
>
>> Hello,
>>
>> What is the procedure for building a FIPS-capable OpenSSL snapshot on Ubuntu
>> 8.04.4 LTS from the following snapshots:
>>
>
&g
Hello,
What is the procedure for building a FIPS-capable OpenSSL snapshot on Ubuntu
8.04.4 LTS from the following snapshots:
ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-20111031.tar.gz
ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-20111031.tar
On Oct 28, 2011, at 3:51 PM, Dr. Stephen Henson wrote:
> On Fri, Oct 28, 2011, Bill Durant wrote:
>
>> On Oct 28, 2011, at 1:57 PM, Dr. Stephen Henson wrote:
>>> On Fri, Oct 28, 2011, Bill Durant wrote:
>>>
>>>> Hello,
>>>>
>>>>
On Oct 28, 2011, at 1:57 PM, Dr. Stephen Henson wrote:
> On Fri, Oct 28, 2011, Bill Durant wrote:
>
>> Hello,
>>
>> What is the procedure for building a 64-bit FIPS-capable OpenSSL on Windows
>> from the following latest snapshots:
>>
>> ftp://ftp
Hello,
What is the procedure for building a 64-bit FIPS-capable OpenSSL on Windows
from the following latest snapshots:
ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-20111028.tar.gz
ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-20111028.tar.gz
On Oct 25, 2011, at 4:17 AM, Dr. Stephen Henson wrote:
> On Mon, Oct 24, 2011, Bill Durant wrote:
>
>> On Oct 24, 2011, at 4:00 PM, Dr. Stephen Henson wrote:
>>> On Mon, Oct 24, 2011, Bill Durant wrote:
>>>
>>>>
>>>>
>>>> He
Hello,
Has the AES key wrap feature been removed from the nightly OpenSSL in FIPS
mode?
I have built a FIPS-capable OpenSSL using the following:
ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-20111025.tar.gz
ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-20111
On Oct 24, 2011, at 1:01 AM, Bill Durant wrote:
> On Oct 5, 2011, at 12:15 PM, Dr. Stephen Henson wrote:
>> On Wed, Oct 05, 2011, Bill Durant wrote:
>>> On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote:
>>>> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
>
On Oct 5, 2011, at 12:15 PM, Dr. Stephen Henson wrote:
> On Wed, Oct 05, 2011, Bill Durant wrote:
>> On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote:
>>> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
>>>> On 10/4/2011 10:45 PM, Bill Durant wrote:
>&g
On Oct 5, 2011, at 9:10 PM, William A. Rowe Jr. wrote:
> On 10/5/2011 10:08 AM, Dr. Stephen Henson wrote:
>> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
>>
>>> On 10/4/2011 10:45 PM, Bill Durant wrote:
>>>>
>>>> But when I run it unde
On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote:
> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
>
>> On 10/4/2011 10:45 PM, Bill Durant wrote:
>>>
>>> Does anyone know how to produce a FIPS-capable OpenSSL that works on
>>> Windows NT?
>>
Hello,
Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows NT?
I have built the latest FIPS-capable OpenSSL (openssl-fips-1.2.3) with
openssl-0.9.8r using MS Visual Studio .NET 2003 on Windows 7.
I have a small app that uses the OpenSSL library (just encrypts/decrypts
On May 24, 2011, at 5:42 PM, Dr. Stephen Henson wrote:
> On Tue, May 24, 2011, Bill Durant wrote:
>
>> On May 24, 2011, at 3:58 PM, Dr. Stephen Henson wrote:
>>> On Tue, May 24, 2011, ciphertexto wrote:
>>>
>>>> On May 24, 2011, at 4:18 AM, Dr. Stephe
On May 24, 2011, at 3:58 PM, Dr. Stephen Henson wrote:
> On Tue, May 24, 2011, ciphertexto wrote:
>
>> On May 24, 2011, at 4:18 AM, Dr. Stephen Henson wrote:
>>>
>>> It can take a long time to execute sometimes as it performs two slow DH
>>> parameter generation operations. Retry it a few times.
Hello,
Has anyone been successful at calling FIPS_mode_set() from a 64-bit application
on SnowLeopard?
I have a one-line app that uses the 64-bit version of a FIPS-capable OpenSSL
but it core dumps when I call FIPS_mode_set(). The core dump occurs in
EVP_SignFinal().
If this is working fo
Hello,
Has anyone been able to build a "working" 64-bit version of the FIPS-capable
OpenSSL on Mac OS X 10.6.7 (SnowLeopard)?
I have built a 64-bit version of the fipscanister from openssl-fips-1.2.3 on
Mac OS X 10.6.7.
But fips_shatest and the openssl command are core dumping when I do a 'ma
I listened to your email using DriveCarefully and will respond as soon as I can.
Download DriveCarefully for free at www.drivecarefully.com
__
OpenSSL Project http://www.openssl.org
User Support Mai
Hello,
Does anyone know if mttest (crypto/threads/mttest.c) works with a FIPS-
capable OpenSSL?
I am trying it on Mac OS X 10.5.8. I am not sure if the test results
are expected or not.
Am I running or building mttest incorrectly?
Here are the details:
$ sw_vers
ProductName:Mac OS X
Hello,
Does anyone know if the latest FIPS-capable OpenSSL can be used safely
by multi-threaded applications?
I have read the various FIPS-related docs for OpenSSL and did not see
any mention of thread support.
Per http://www.openssl.org/docs/crypto/threads.html, I understand that
the "
On Oct 13, 2010, at 5:27 PM, William A. Rowe Jr. wrote:
On 10/13/2010 7:22 PM, Bill Durant wrote:
On Oct 13, 2010, at 5:19 PM, William A. Rowe Jr. wrote:
On 10/13/2010 3:31 PM, Bill Durant wrote:
I am interested in building the static version of the FIPS-
capable OpenSSL as an universal
On Oct 13, 2010, at 5:19 PM, William A. Rowe Jr. wrote:
On 10/13/2010 3:31 PM, Bill Durant wrote:
I am interested in building the static version of the FIPS-capable
OpenSSL as an universal
binary.
Three builds, per spec, of the FIPS canister. No tweaks, no
exceptions to
the security
On Oct 13, 2010, at 11:30 AM, Michael S. Zick wrote:
On Wed October 13 2010, Bill wrote:
Hello Mike,
It is not a script:
===> Ubuntu 8.04
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu 8.04.4 LTS"
$ which gcc
/usr/bin/gcc
$ f
Hello,
Is it possible to build the latest FIPS-capable OpenSSL as a universal
binary on Mac OS X similar to the following?
$ sw_vers
ProductName:Mac OS X
ProductVersion: 10.5.8
BuildVersion: 9L30
$ file /usr/lib/libcrypto.dylib
/usr/lib/libcrypto.dylib: Mach-O universal binary with 4 a
910:fips.c:238:0:error:
2D06906E:lib(45):func(105):reason(110)
FIPS_mode_set(1) failed
$ ./cmd
FIPS mode is enabled.
Thanks,
Bill
On Oct 13, 2010, at 1:12 PM, Bill Durant wrote:
On Oct 13, 2010, at 11:30 AM, Michael S. Zick wrote:
On Wed October 13 2010, Bill wrote:
Hello Mike,
On Oct 13, 2010, at 11:27 AM, Dr. Stephen Henson wrote:
On Wed, Oct 13, 2010, Bill wrote:
Hi Steve,
Thank you for the suggestion but It did not help:
$ make
gcc -c foo.cpp -fPIC -Wall -I./openssl-0.9.8o-fips/include -I.
rm -f libfoo.so
FIPSLD_CC=gcc ./openssl-0.9.8o-fips/bin/fipsld -shared
-W
32 matches
Mail list logo
