Re: [openssl-users] Openssl FIPS 186-4 Patch

2017-10-10 Thread murugesh pitchaiah
Hi, That Redhat/Fedora patch is based on openssl library alone. But I am using the fips canister approach where i use both openssl and openssl-fips-ecp libraries. Though the redhat/fedora patch is OK, it is not straight forward portable to the canister model. Any idea of patches available for

Re: [openssl-users] Openssl FIPS 186-4 Patch

2017-10-10 Thread Marcus Meissner
Hi, On Mon, Oct 09, 2017 at 05:24:17PM +0530, murugesh pitchaiah wrote: > Hi, > > Thanks for the comment. > > I know that openSSL is not 186-4 compliant. That is why I am looking > for anybody have the patch for the same. > > I see there are some works in Fedora: >

Re: [openssl-users] Openssl FIPS 186-4 Patch

2017-10-09 Thread murugesh pitchaiah
Hi, Thanks for the comment. I know that openSSL is not 186-4 compliant. That is why I am looking for anybody have the patch for the same. I see there are some works in Fedora: http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/tree/openssl-1.1.0-fips.patch Thanks, Murugesh P. On 10/6/17,

Re: [openssl-users] Openssl FIPS 186-4 Patch

2017-10-06 Thread Salz, Rich via openssl-users
➢ This FIPS186-4 is not just about SHA. It basically about the key generation parameters. Especially I am looking for RSA key generation parameters wrt FIPS 186-4. I do not know how you got the opinion that OpenSSL has 186-4 support. It does not. Perhaps other people have written

Re: [openssl-users] Openssl FIPS 186-4 Patch

2017-10-05 Thread murugesh pitchaiah
Hi Jacob, Thanks for looking into this. This FIPS186-4 is not just about SHA. It basically about the key generation parameters. Especially I am looking for RSA key generation parameters wrt FIPS 186-4. Thanks, Murugesh P. On 10/5/17, Jakob Bohm wrote: > On 05/10/2017

Re: [openssl-users] Openssl FIPS 186-4 Patch

2017-10-05 Thread Jakob Bohm
On 05/10/2017 13:51, murugesh pitchaiah wrote: Hi All, I am looking for the FIPS 186-4 patch. I see it is not yet implemented in openssl FIPS 2.0 I assume FIPS 186-4 is the updated SHA standard that adds the SHA-3 specification. In that case, that would be something that OpenSSL would first

[openssl-users] Openssl FIPS 186-4 Patch

2017-10-05 Thread murugesh pitchaiah
Hi All, I am looking for the FIPS 186-4 patch. I see it is not yet implemented in openssl FIPS 2.0 I see many vendors have implemented their own fix for FIPS 186-4 compliance. I am looking for the patch which i can reuse. Looks like redhat too has its own patch. Kindly share any pointers for