[openssl-users] ntp-kegen fails in OpenSSL 1.0.1e-FIPs

Hi All, For doing ntp authentication, I have used ntp-keygen command to create the keys. But this is failing in fips enabled system with RSA_BUILTIN_KEYGEN:bad e value error. # ntp-keygen -S RSA -m 2048 -p serverpassword -c RSA-SHA1 -C aes-128-cbc Using OpenSSL version *OpenSSL 1.0.1e-fips* 11

Re: [openssl-users] Read cer file failed

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jerry OELoo Sent: Tuesday, January 20, 2015 00:34 To: openssl-users@openssl.org Subject: [openssl-users] Read cer file failed I am reading cer file into X509 object,

Re: [openssl-users] OpenSSL FIPS (0.9.8) coexisting with non-FIPS (1.0.1)

On 01/19/2015 12:42 PM, Nou Dadoun wrote: The scenario that we're contemplating is having FIPS based on 0.9.8?? coexist with 1.0.1?? so the remapping at runtime would have to account for api differences within the two. This was really the upshot of my question. The 1.2 FIPS module (FIPS

[openssl-users] EVP_aes_256_gcm -- receiving of tag

I find that the EVP_aes_256_gcm for decrypt requires the Tag to be set before the first call of EVP_DecryptUpdate(), and EVP_DecryptFinal_ex() with then return 0 if the Tag is found to be incorrect. I was hoping to be able to get the Tag, by EVP_CTRL_GET_TAG, but the documentation say that only

Re: [openssl-users] OpenSSL FIPS (0.9.8) coexisting with non-FIPS (1.0.1)

Thanks for the clarification, a couple of short questions - We already have a shim to index into the function table that gets loaded after run-time selecting from the 0.9.8 FIPS vs non-FIPS dll to use. I imagined that we might have to thicken the shim to accommodate selection between

[openssl-users] HMAC-MD5 OpenSSL 1.0.1e and FIPS 2.0.7

I want to use code like the following while in FIPS mode const EVP_MD *md md = EVP_md5(); so I can call HMAC() unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, size_t n, unsigned char *md,

Re: [openssl-users] OpenSSL FIPS (0.9.8) coexisting with non-FIPS (1.0.1)

On Jan 20, 2015, at 3:00 PM, Nou Dadoun ndad...@teradici.com wrote: Thanks for the clarification, a couple of short questions - We already have a shim to index into the function table that gets loaded after run-time selecting from the 0.9.8 FIPS vs non-FIPS dll to use. I imagined

Re: [openssl-users] HMAC-MD5 OpenSSL 1.0.1e and FIPS 2.0.7

Not possible; MD5 is not a legal FIPS digest. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Read cer file failed

From: openssl-users On Behalf Of Jerry OELoo Sent: Tuesday, January 20, 2015 00:34 I am reading cer file into X509 object, http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer cert = d2i_X509_fp(fp, NULL); it will return fail, as below Error: error:0D07207B:asn1 encoding

Re: [openssl-users] Read cer file failed

Thanks Michael's information. I am on Ubuntu OS, And I found that If I fopen file with rb, it will work fine. On Tue, Jan 20, 2015 at 9:57 PM, Michael Wojcik michael.woj...@microfocus.com wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jerry OELoo Sent: