I ran into the same issue on my FIPS journey a few years ago. I'm assuming
you are building for windows in which case setting the /FIXED flag is the
right thing to do, however you cannot be guaranteed to get the address you
specify - it may already be occupied in which case the dll will be re-based
On Wed, Jun 11, 2014, Bala Duvvuri wrote:
> Hi All,
>
> During linking my application with the OpenSSL FIPs, fipsld is invoked to
> embed the digest and during runtime it is calculated and verified during
> FIPS_mode_set.
>
> Can you help me to understand if digest is calculated only for fipscan
Eventually I solved this problem. Here is the set of commands I need to use to
generate the shared fips-capable openssl libraries:
su
cd fips // wherever that may be
./config
make
make install
// this installs fipscanister.o and adjacent files into /usr/local/ssl/fips-2.0/
cd openssl // still as
On Fri, Jul 27, 2012, Cassie Helms wrote:
> Dr. Stephen Henson writes:
>
> > > Integrity test started
> > > ERROR:2D06B06F:lib=45,func=107,reason=111:file=fips.c:line=229
> > > Integrity test Failed Incorrectly!!
> >
> > Well that error indicates the fingerprint error. The
Dr. Stephen Henson writes:
> > Integrity test started
> > ERROR:2D06B06F:lib=45,func=107,reason=111:file=fips.c:line=229
> > Integrity test Failed Incorrectly!!
>
> Well that error indicates the fingerprint error. The question is what is
> different about the two build
On Fri, Jul 27, 2012, Cassie Helms wrote:
> Cassie Helms writes:
>
> > Built fips_algvs on build system and scp'd to target system as suggested.
>
> Hmm. I incorporated building fips_algvs into my build system and ran it from
> the
> rpm install on the target machine. I get different results
Cassie Helms writes:
> Built fips_algvs on build system and scp'd to target system as suggested.
Hmm. I incorporated building fips_algvs into my build system and ran it from
the
rpm install on the target machine. I get different results now -- can anyone
point to what this might indicate, co
Apologies, this thread is a duplicate of the one Dr. Henson is already
responding to. The authentication system made it unclear whether or
not my original question would post yesterday. Please do not respond
to this thread.
Cassie
___
> What platform is the target system?
cat /etc/*-release: RHEL Server 5.5 (Tikanga)
uname -mrs: Linux 2.6.18-194.el5 x86_64
Build system specs are the same as these.
> After you build the validated module do this:
>
> make build_algvs
>
> This should build an fips_algvs binary in the test direct
On Wed, Jul 25, 2012, Cassie Helms wrote:
> Hi folks,
> I have dynamically linked a FIPS capable OpenSSL library (libcrypto.so and
> libssl.so) into my product's build, but still get a "fingerprint does not
> match"
> error when I call FIPS_mode_set(1). This is using a validated copy of FIPS
>
Double check your fipsld link line when generating the executable . I
suspect an issue with fingerprint which gets generated/embeds by using
the fipsld tool.
HTH
Jatheen Anand
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Justin A
Sent: Thursday, October 30, 2008 4:01 P
> > > >What would be the way to obtain the fingerprint of the peer to which my
> > > >program connects? I looked in the sources of fetchmail but there a
> > > >call-back is used and I would like to implement it without a callback
> > > >function.
> > > X509 * SSL_get_peer_certificate(const SSL *s)
On Sun, Jan 01, 2006, Folkert van Heusden wrote:
> Hi,
>
> Thanks for replying.
>
> > >What would be the way to obtain the fingerprint of the peer to which my
> > >program connects? I looked in the sources of fetchmail but there a
> > >call-back is used and I would like to implement it without a
Hi,
Thanks for replying.
> >What would be the way to obtain the fingerprint of the peer to which my
> >program connects? I looked in the sources of fetchmail but there a
> >call-back is used and I would like to implement it without a callback
> >function.
> X509 * SSL_get_peer_certificate(const
Folkert van Heusden wrote:
What would be the way to obtain the fingerprint of the peer to which my
program connects? I looked in the sources of fetchmail but there a
call-back is used and I would like to implement it without a callback
function.
X509 * SSL_get_peer_certificate(const SSL *s);
o
>
> It was done as
>
> X509_PUBKEY *pk;
> ASN1_OCTET_STRING *oc;
> oc = ASN1_item_pack(pk, ASN1_ITEM_rptr(X509_PUBKEY), NULL);
>
Ok, I resolved in another way using a lot of code from openssh package.
Thanks to EveryBody.
Davide D'Amico
___
Sorry for my ignorance,
I try with this:
int main()
{
EVP_PKEY* pkey = EVP_PKEY_new();
char* fingerprint;
ASN1_OCTET_STRING *oc;
X509_PUBKEY *xpkey;
EVP_PKEY_set1_RSA(pkey, load_public_key("rsa.prova.pub"));
if (pkey) {
On Sat, Jun 29, 2002 at 10:41:34PM +0200, davide wrote:
> On Fri, 28 Jun 2002 09:15:40 +0300
> Vadim Fedukovich <[EMAIL PROTECTED]> wrote:
>
> > On Thu, Jun 27, 2002 at 11:14:09PM +0200, davide wrote:
> > > Hi,
> > > How could I get a fingerprint from a RSA key?
> >
> > DER-encode RSA public key
On Fri, 28 Jun 2002 09:15:40 +0300
Vadim Fedukovich <[EMAIL PROTECTED]> wrote:
> On Thu, Jun 27, 2002 at 11:14:09PM +0200, davide wrote:
> > Hi,
> > How could I get a fingerprint from a RSA key?
>
> DER-encode RSA public key and apply SHA1 on it,
> output that 20 bytes as "%02x".
OK for apply S
19 matches
Mail list logo
