Hi All,
For doing ntp authentication, I have used ntp-keygen command to create the
keys. But this is failing in fips enabled system with
RSA_BUILTIN_KEYGEN:bad e value error.
# ntp-keygen -S RSA -m 2048 -p serverpassword -c RSA-SHA1 -C aes-128-cbc
Using OpenSSL version *OpenSSL 1.0.1e-fips* 11
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Jerry OELoo
Sent: Tuesday, January 20, 2015 00:34
To: openssl-users@openssl.org
Subject: [openssl-users] Read cer file failed
I am reading cer file into X509 object,
On 01/19/2015 12:42 PM, Nou Dadoun wrote:
The scenario that we're contemplating is having FIPS based on 0.9.8??
coexist with 1.0.1?? so the remapping at runtime would have to
account for api differences within the two. This was really the
upshot of my question.
The 1.2 FIPS module (FIPS
I find that the EVP_aes_256_gcm for decrypt requires the Tag to be set
before the first call of EVP_DecryptUpdate(), and EVP_DecryptFinal_ex()
with then return 0 if the Tag is found to be incorrect.
I was hoping to be able to get the Tag, by EVP_CTRL_GET_TAG, but the
documentation say that only
Thanks for the clarification, a couple of short questions -
We already have a shim to index into the function table that gets loaded
after run-time selecting from the 0.9.8 FIPS vs non-FIPS dll to use. I
imagined that we might have to thicken the shim to accommodate selection
between
I want to use code like the following while in FIPS mode
const EVP_MD *md
md = EVP_md5();
so I can call HMAC()
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
const unsigned char *d, size_t n,
unsigned char *md,
On Jan 20, 2015, at 3:00 PM, Nou Dadoun ndad...@teradici.com wrote:
Thanks for the clarification, a couple of short questions -
We already have a shim to index into the function table that gets loaded
after run-time selecting from the 0.9.8 FIPS vs non-FIPS dll to use. I
imagined
Not possible; MD5 is not a legal FIPS digest.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
From: openssl-users On Behalf Of Jerry OELoo
Sent: Tuesday, January 20, 2015 00:34
I am reading cer file into X509 object,
http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
cert = d2i_X509_fp(fp, NULL);
it will return fail, as below
Error: error:0D07207B:asn1 encoding
Thanks Michael's information.
I am on Ubuntu OS, And I found that If I fopen file with rb, it will work fine.
On Tue, Jan 20, 2015 at 9:57 PM, Michael Wojcik
michael.woj...@microfocus.com wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Jerry OELoo
Sent:
10 matches
Mail list logo