e same "FIPS OpenSSL 3.0" thread because I'm not 100% sure
it's unrelated.
What am I missing here?
Thanks,
Jason
From: Matt Caswell
Sent: Thursday, October 28, 2021 6:03 PM
To: Jason Schultz ; Dr Paul Dale ;
openssl-users@openssl.org
Subject: Re: O
ks,
Jason
*From:* Matt Caswell
*Sent:* Thursday, October 28, 2021 2:00 PM
*To:* Jason Schultz ; Dr Paul Dale
; openssl-users@openssl.org
*Subject:* Re: OpenSSL 3.0 FIPS questions
On 28/10/2021 14:49, Jason Schultz wrote:
A call to OSSL_PROVIDER_availa
rypto.so.3
Thanks,
Jason
From: Matt Caswell
Sent: Thursday, October 28, 2021 2:00 PM
To: Jason Schultz ; Dr Paul Dale ;
openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
On 28/10/2021 14:49, Jason Schultz wrote:
> A call to OSSL_PROVIDER_ava
for their help with this, things are starting to make
more sense now.
*From:* Matt Caswell
*Sent:* Thursday, October 28, 2021 7:39 AM
*To:* Jason Schultz ; Dr Paul Dale
; openssl-users@openssl.org
*Subject:* Re: OpenSSL 3
_
From: Matt Caswell
Sent: Thursday, October 28, 2021 7:39 AM
To: Jason Schultz ; Dr Paul Dale ;
openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
On 27/10/2021 17:28, Jason Schultz wrote:
> With these config files and the code above, the
> OSSL_PROVIDER_load(fips_libctx,
On 27/10/2021 17:28, Jason Schultz wrote:
With these config files and the code above, the
OSSL_PROVIDER_load(fips_libctx, "fips") call fails. Here are the
messages from the ERR_print_errors_fp() call:
2097C692B57F:error:1C8000D5:Provider routines:(unknown
function):missing config
't have any environment variables set up? I'm not sure what the default
search path is.
Jason
From: Matt Caswell
Sent: Wednesday, October 27, 2021 10:34 AM
To: Jason Schultz ; Dr Paul Dale ;
openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
On 26/10/2021 20:17, Jason Schultz wrote:
Thanks for all of the help so far. Unfortunately, I'm still struggling
with this. There could be a number of issues, starting with the
installation of OpenSSL. I basically followed the documentation and did
the following:
./Configure enable-fips
Ah, OK. Yes, I am running on the same machine. Thanks for clarifying.
From: Kory Hamzeh
Sent: Tuesday, October 26, 2021 9:15 PM
To: Jason Schultz
Cc: Dr Paul Dale ; openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
Actually, if you
_libctx is successful, but later calling X509_get_pubkey() returns
> NULL, implying maybe something is wrong with the non_fips_libctx as well.
>
> I've tried other combinations, but at this point I'm just guessing. Is there
> anything obvious I could be missing and I should be checking?
e you saying I still needed to do "openssl fipsinstall" after the 4 steps I
already did?
Thanks,
Jason
From: Kory Hamzeh
Sent: Tuesday, October 26, 2021 8:13 PM
To: Jason Schultz
Cc: Dr Paul Dale ; openssl-users@openssl.org
Subject: Re: OpenSSL 3.0
be something is wrong with the non_fips_libctx as well.
>
> I've tried other combinations, but at this point I'm just guessing. Is there
> anything obvious I could be missing and I should be checking?
>
> Thanks,
>
> Jason
>
>
> From: Dr Paul Dale
> Sent: Monday
nks,
Jason
From: Dr Paul Dale
Sent: Monday, October 25, 2021 9:37 PM
To: Jason Schultz ; openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
It was meant for the second method only. The first method is using different
library contexts to dis
d be doing it if I use the first method as well.
Regards,
Jason
*From:* openssl-users on behalf of
Dr Paul Dale
*Sent:* Sunday, October 24, 2021 11:12 PM
*To:* openssl-users@openssl.org
*Subject:* Re: OpenSSL 3.0 FIPS
e I should be doing
it if I use the first method as well.
Regards,
Jason
From: openssl-users on behalf of Dr Paul
Dale
Sent: Sunday, October 24, 2021 11:12 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
The configuration shouldn't
*From:* openssl-users on behalf of
Dr Paul Dale
*Sent:* Sunday, October 24, 2021 12:28 AM
*To:* openssl-users@openssl.org
*Subject:* Re: OpenSSL 3.0 FIPS questions
Oops, the second time this occurs "defp =
OSSL_PROVIDER_load(non_fips_libctx, &qu
for fips, base, default,
etc?
Regards,
Jason
From: openssl-users on behalf of Dr Paul
Dale
Sent: Sunday, October 24, 2021 12:28 AM
To: openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
Oops, the second time this occurs "defp = OSSL_PROVIDER
Oops, the second time this occurs "defp =
OSSL_PROVIDER_load(non_fips_libctx, "default");" it should be "defp =
OSSL_PROVIDER_load(NULL, "default");"
Pauli
On 24/10/21 10:06 am, Dr Paul Dale wrote:
defp = OSSL_PROVIDER_load(non_fips_libctx, "default");
There are several approaches you could take. With two library contexts:
fips_libctx = OSSL_LIB_CTX_new();
non_fips_libctx = OSSL_LIB_CTX_new();
fipsp = OSSL_PROVIDER_load(fips_libctx, "fips");
basep = OSSL_PROVIDER_load(fips_libctx,"base"); /* can't load keys
without this */
One way to do what you want is with two config file, and and in the first line
of your main() function, add:
putenv(“OPENSSL_CONF=/path/to/your/conf”)
depending on whether you want to run in FIPS mode or not. Of course, this only
works if FIPS is needed application wide, not on a per
Quick aside: I know the 3.0 FIPS module is not "approved" yet, I'm just trying
to get my application updates done in advance.
I’m porting an application from OpenSSL 1.1.1, which was originally written for
OpenSSL 1.0.2, to OpenSSL 3.0. Going to 3.0, I need to incorporate FIPS usage.
My Linux
21 matches
Mail list logo
