Re: [openssl-users] FIPS 140-2 X9.31 RNG transition expenses

2015-12-21 Thread Imran Ali
Hi Steve, Just want to confirm on this item. Are we saying that to get openssl back to be FIPS compliance is just a paper shuffle. If so is there any expected eta on it as our team is using openssl version for a security project and we need a fips compliance library. Regards, Imran

Re: [openssl-users] undefined reference to `FIPS_mode'

2015-12-21 Thread Marcos Bontempo
I'm cross-compiling to a ARMv4 processor, the same used in the BeagleBone. Do you know if this platform is supported? > To: openssl-users@openssl.org > From: marqu...@openssl.com > Date: Mon, 21 Dec 2015 09:06:01 -0500 > Subject: Re: [openssl-users] undefined reference to `FIPS_mode' > > On

Re: [openssl-users] undefined reference to `FIPS_mode'

2015-12-21 Thread Marcos Bontempo
I did the tests in a Ubuntu 14.04. Is there a problem with this version? > To: openssl-users@openssl.org > From: marqu...@openssl.com > Date: Mon, 21 Dec 2015 08:20:47 -0500 > Subject: Re: [openssl-users] undefined reference to `FIPS_mode' > > On 12/21/2015 07:31 AM, Marcos Bontempo wrote: > >

Re: [openssl-users] undefined reference to `FIPS_mode'

2015-12-21 Thread Steve Marquess
On 12/21/2015 08:39 AM, Marcos Bontempo wrote: > I did the tests in a Ubuntu 14.04. Is there a problem with this version? You're cross compiling ... to what target platform I don't know. That target platform is what needs to be supported, and both the FIPS module and "FIPS enabled" OpenSSL need

Re: [openssl-users] Problem with not knowing how much data is available to read

2015-12-21 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of counterpoint > Sent: Saturday, December 19, 2015 10:00 > > This is a further question, related to my earlier question "Find size of > available data prior to ssl_read". The conclusion seemed to be that there > isn't

Re: [openssl-users] FIPS 140-2 X9.31 RNG transition expenses

2015-12-21 Thread Salz, Rich
> Just want to confirm on this item. Are we saying that to get openssl back to > be FIPS compliance is just a paper shuffle. If so is there any expected eta > on it as our team is using openssl version for a security project and we need > a fips compliance library. No. We have answered this

[openssl-users] Checking if an EVP_PKEY* contains a private key

2015-12-21 Thread Stephen Kou
OpenSSL has the higher-level EVP_PKEY_* functions which work abstracts the public key cryptography algorithms. However, sometimes a EVP_PKEY* only has a public key. How could I check if a given EVP_PKEY* contains a private key? I could use EVP_PKEY_decrypt_init and see if it returns an

Re: [openssl-users] Checking if an EVP_PKEY* contains a private key

2015-12-21 Thread Victor Wagner
On Mon, 21 Dec 2015 21:29:03 -0800 Stephen Kou wrote: > OpenSSL has the higher-level EVP_PKEY_* functions which work > abstracts the public key cryptography algorithms. However, sometimes > a EVP_PKEY* only has a public key. How could I check if a given > EVP_PKEY* contains

Re: [openssl-users] RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

2015-12-21 Thread Jakob Bohm
On 18/12/2015 19:58, Steve Marquess wrote: On 12/18/2015 12:58 PM, jonetsu wrote: Fair enough (in this context). But what about the code itself, is it ready to be RSA 186-4 compliant ? We think we know how to write the code that would be necessary, for FIPS 186-4 and all the other new

Re: [openssl-users] undefined reference to `FIPS_mode'

2015-12-21 Thread Marcos Bontempo
Hello, I resolved the error after compiling FIPS with ./config fips shared. I also needed to export LD_LIBRARY_PATH=/usr/local/ssl/lib:$LD_LIBRARY_PATH. Now I have a new problem. I executed this code to set the FIPS mode and no error is prompted: result =

Re: [openssl-users] undefined reference to `FIPS_mode'

2015-12-21 Thread Steve Marquess
On 12/21/2015 07:31 AM, Marcos Bontempo wrote: > Hello, > > I resolved the error after compiling FIPS with ./config fips shared. I > also needed to export LD_LIBRARY_PATH=/usr/local/ssl/lib:$LD_LIBRARY_PATH. > > Now I have a new problem. > > I executed this code to set the FIPS mode and no

Re: [openssl-users] RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

2015-12-21 Thread Steve Marquess
On 12/21/2015 07:06 AM, Jakob Bohm wrote: > On 18/12/2015 19:58, Steve Marquess wrote: >> On 12/18/2015 12:58 PM, jonetsu wrote: >>> Fair enough (in this context). But what about the code itself, is it >>> ready >>> to be RSA 186-4 compliant ? >> We think we know how to write the code that would

[openssl-users] Doubt about the CMS_sign() function (in file openssl/crypto/cms/cms_smime.c)

2015-12-21 Thread Luiz Laranjeira
Hi folks, My name is Luiz Laranjeira. I am an associate professor of software engineering with the University of Brasilia, Brazil. I have a group that is developing a signer and validator according to RFC 5652 (CMS/PKCS#7) and we are using OpenSSL. I would like to ask your help concerning a