Does anyone know if the DH implementation of OpenSSL meets the
SP800-56a requirements?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Thanks for the help. I was able to determine the list of ciphers
allowed (SSL_CTX_get_cipher_list), the one of those used
(SSL_get_current_cipher) and to set specific ciphers
(SSL_CTX_set_cipher_list). I was only able to get information for the
client. The server doesn't seem to use the SSL_CTX obj
I figured out how to get the list of ciphers being used, but I can't
figure out how they were set or chosen. How are the ciphers set? Is
there a way to modify that list?
__
OpenSSL Project http://www
Is there a way to print/display the list of ciphers being used?
On Fri, Jul 31, 2009 at 9:47 PM, Dave
Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Michael Kurecka
>> Sent: Friday, 31 July, 2009 09:05
>
>> I'm using OpenSSL 0.9.8k
I'm using OpenSSL 0.9.8k and am trying to find the implementation of
the tlsv1_method. Below are the only references I found. I'm trying to
determine the cipher suites used by OpenSSL's TLSv1 method so I would
appreciate any help in locating the code, Thanks.
File openssl-0.9.8k\ssl\s23_meth.c
7
That seemed to work using
export LD_LIBRARY_PATH=/usr/local/ssl/fips/lib
I'm not getting the assertion failure but I am now getting a
segmentation fault "in memcpy () from /lib/libc.so.6" which I need to
look into. Back to my previous question of -- Is my script wrong or am
I doing something wrong
I tried
export LD_LIBRARY_PATH=/usr/local/ssl/fips
and
export LD_LIBRARY_PATH=/usr/local/ssl/fips/bin
and
export LD_LIBRARY_PATH=/usr/local/ssl/fips-1.0
and all three failed to avert the assertion failure. How can I be
assured that the FIPS library is being run? Self-tests seem to run and
pass wh
I did not see anything which I assume means I am using the standard
libssl. How do I correct this?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
I finally succeeded in adding debug to openssl, but it doesn't seem to
be working completely. I was able to set the breakpoint at the point
you mentioned Dr. Henson but I'm not sure how that will tell me what
is being called. I am not able to break on ssl3_init_finished_mac,
ssl3_connect or SSL_con
Dr. Henson,
I tried the change for MD5 you mentioned of using the EVP interface,
but it isn't working as I am getting the forbidden algorithm error. Below
is the new code. The init is passing but it is failing on the update. I
noticed that the flag is cleared after the init so I set the
EVP_
Failed again with a different error:
make[1]: Entering directory `/usr/src/openssl/crypto'
( echo "#ifndef MK1MF_BUILD"; \
echo ' /* auto-generated by crypto/Makefile for
crypto/cversion.c */'; \
echo ' #define CFLAGS "gcc -fPIC -DOPENSSL_PIC
-DOPENSSL_THREADS -D_REENTRANT -DDSO_
Jouni,
I have no problem what I have so far. It is a stripped down version with
openssl FIPS. Where shall I send it?
Dr. Henson:
I did the ./Configure debug-linux-elf-noefence fipscanisterbuild as you
mentioned and that worked OK but I got the following error when I ran make.
#make
if [ -n "l
Just to be clear
my current config is:
./config fipscanisterbuild no-asm (in the FIPS 1.2 directory)
make
./config fips (in the 0.9.8k directory)
make
I attempted:
./config -d fipscanisterbuild no-asm (in the FIPS 1.2 directory)
make
./config -d fips (in the 0.9.8k directory)
make
but it said th
Dr Henson wrote:
>No that wont bypass the MD5 check. You can use EVP and set the flag
>EVP_MD_CTX_NON_FIPS_ALLOW if you really want to do that...
I do need to bypass MD5 because MD5 for RADIUS is FIPS compliant, but I
can't find the EVP_MD_CTX_NON_FIPS_ALLOW flag anywhere. Where is the flag
and h
David Schwartz wrote:
>Most likely, you're getting a connection from a non-FIPS endpoint that's
>forcing you to use a protocol that's not FIPS compliant. I'm not sure why
>you're seeing what you're seeing though -- it should just have reported
that
>it was unable to negotiate compatible protocols
>
> > What determines which SSL version is used? Is it the CTX object,
> > a configuration setting, etc.? I've tried tracing the code on
> > the OpenSSL side but it has me baffled even with a stack trace
> > I'm having trouble understanding its path. I would appreciate
> > any help you can give on
10:03 PM, David Schwartz wrote:
>
> Michael Kurecka:
>
> > How do I disable SSLv3 so that I can use FIPS?
>
> Sorry to be blunt, but you don't. A FIPS wpa_supplicant is a significant
> task, you
How do I disable SSLv3 so that I can use FIPS?
On Fri, Jul 17, 2009 at 4:22 PM, David Schwartz wrote:
>
> Michael Kurecka:
>
> > I am trying to run wpa_supplicant in FIPS mode.
>
> Why?
>
> > I don't think the MD5 function is even called
>
> MD
I am trying to run wpa_supplicant in FIPS mode. The stack trace of the
failure is below. I'm assuming that an algorithm not supported by FIPS
is being used but I'm not sure which one since I thought I removed
them all. I replaced SHA-1 with
EVP_MD_CTX ctx;
size_t i;
unsigned int mac_len;
Does the method DES_ecb_encrypt encrypt as Triple or Single DES
I'm currently receiving this error and was hoping someone could help me
resolve it. When I call the AES_wrap_key or AES_unwrap_key functions I get
the following error:
hostapd: symbol lookup error: hostapd: undefined symbol: AES_wrap_key
I don't have any problems with the EVP_DigestInit, EVP_Dig
My apologies for wasting anyone's time, but the changes did work. I did the
make without the make install. Thank you for your help.
May 28, 2009, Victor Duchovni wrote:
>
> > On Thu, May 28, 2009 at 09:54:00AM -0500, Michael Kurecka wrote:
> >
> > > success1 = MD5_Init(&ctx);
> >
> > Where is the indirection through the EVP digest interface? I would expect
> > direct calls to raw cr
Thanks for the quick response. I will look into how to implement using
EVP_Digest.
On Thu, May 28, 2009 at 10:01 AM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:
> On Thu, May 28, 2009 at 09:54:00AM -0500, Michael Kurecka wrote:
>
> > success1 = MD5_Init(&
I'm hoping someone can help me understand the fact that I enabled FIPS but
the MD5 hash functionality is still working.
I built the FIPS object module using openssl-fips-1.2 on a linux system
./config fipscanisterbuild no-asm
make
make install
then built the FIPS capable O
25 matches
Mail list logo
