Re: [openssl-users] possible Bug in OpenSSL - rfc 3161 - TSA service

Hi everybody, I do not know if this is the best place to discuss it, but I would like to have your opinions on the best place to include Time Attribute Certificate (TAC) into TST. By defult, the Thales timestamp system puts the hash of TAC in the field signing certificate as discussed here. Here

[openssl-users] Integrating OpenSSL FIPS modules with languages like Python and PHP

Hi All: We will be using OpenSSL FIPS modules on our Linux appliances and we have some Python and PHP applications which need to invoke crypto related functionalities provided by OpenSSL. I was wondering has anyone integrated Python and PHP with OpenSSL FIPS modules? Since for each application

Re: [openssl-users] How to access some simple conversion functions - asn1_time_to_tm

That actually worked reasonably smoothly, the only thing that I have to fix now is that it's obviously taking the time zone into account - is there a way of telling it to do everything in UTC? And I still don't see any programmatic way of accessing whether a key usage is "critical" or not.

[openssl-users] Digest MD5 forbidden in FIPS mode

Hello, I wrote a C code which enter in FIPS mode with fips_mod_set(1). But, when I call MD5 functions after setting FIPS mode, I get this error: md5_dgst.c(75): OpenSSL internal error, assertion failed: Low level API call to digest MD5 forbidden in FIPS mode! Aborted. Does anybody know what is

Re: [openssl-users] Digest MD5 forbidden in FIPS mode

MD5 is not considered a safe function to use hence it is forbidden in FIPS mode. Can you use a different hash function ( such as SHA-something ) for your use case? On Mon, Jan 18, 2016 at 4:43 PM, Marcos Bontempo wrote: > Hello, > > I wrote a C code which enter in

Re: [openssl-users] Digest MD5 forbidden in FIPS mode

> I wrote a C code which enter in FIPS mode with fips_mod_set(1). > > But, when I call MD5 functions after setting FIPS mode, I get this error: > > md5_dgst.c(75): OpenSSL internal error, assertion failed: Low level API call > to digest MD5 forbidden in FIPS mode! Aborted. > > Does anybody know

Re: [openssl-users] How to access some simple conversion functions - asn1_time_to_tm

On Tue, Jan 19, 2016, Nounou Dadoun wrote: > That actually worked reasonably smoothly, the only thing that I have to fix > now is that it's obviously taking the time zone into account - is there a way > of telling it to do everything in UTC? > The routines don't take any account of local

Re: [openssl-users] Digest MD5 forbidden in FIPS mode

On Mon, Jan 18, 2016, Marcos Bontempo wrote: > Hello, > I wrote a C code which enter in FIPS mode with fips_mod_set(1). > But, when I call MD5 functions after setting FIPS mode, I get this error: > md5_dgst.c(75): OpenSSL internal error, assertion failed: Low level API call > to digest MD5

[openssl-users] How to access some simple conversion functions - asn1_time_to_tm

Hi folks, I'm trying to do some simple conversions (I need to push some certificate data across a soap interface). I'm trying to do an ASN1 time conversion to tm (and eventually time_t but tm would be fine). Earlier mailing list entries said that this was not available but I've now found:

Re: [openssl-users] How to access some simple conversion functions - asn1_time_to_tm

Upon further investigation I've discovered that they're declared in asn1_locl.h but marked as: /* Internal ASN1 structures and functions: not for application use */ They seem to be generally useful and making them available would keep people's hands out of opaque data structures, any reason

Re: [openssl-users] How to access some simple conversion functions - asn1_time_to_tm

On Mon, Jan 18, 2016, Nounou Dadoun wrote: > Hi folks, > > I'm trying to do some simple conversions (I need to push some certificate > data across a soap interface). > > I'm trying to do an ASN1 time conversion to tm (and eventually time_t but tm > would be fine). > The equivalent of time_t