On 11/9/21, 23:07, "Dr Paul Dale" wrote:
>There is documentation:
> https://www.openssl.org/docs/man3.0/man5/config.html
Yes, I know. Alas, it's not helpful at all. RDRAND is an *engine*, but it does
not seem to have a "separate" physical presence, like a shared library. For
other
There is documentation: https://www.openssl.org/docs/man3.0/man5/config.html
I don't think the rdrand engine takes any extras.
Pauli
On 10/11/21 1:38 pm, Blumenthal, Uri - 0553 - MITLL wrote:
On 11/9/21, 22:23, "Dr Paul Dale" wrote:
Currently I've no idea and can't reproduce locally
On 11/9/21, 22:23, "Dr Paul Dale" wrote:
>Currently I've no idea and can't reproduce locally :(
Maybe you'd know how to force the "-engine rdrand" path through "openssl.cnf"?
>A rogue configuration file could cause the DRBGs/seeds to fail. Do you
>have seed=rdrand line in the
Currently I've no idea and can't reproduce locally :(
A rogue configuration file could cause the DRBGs/seeds to fail. Do you
have seed=rdrand line in the random section? That will cause the
seeding source to fail to load at all.
Pauli
On 10/11/21 1:10 pm, Blumenthal, Uri - 0553 - MITLL
Thank you!
I'm trying to:
a. understand why something like "openssl-3 rand -hex 4" does not work (returns
empty string), but "openssl-3 rand -engine rdrand -hex 4" works fine, and gives
me my random bytes - here's an illustration
$ openssl3 version
OpenSSL 3.1.0-dev (Library: OpenSSL
Currently there is exactly one seed source that is usable in OpenSSL
3.0: "SEED-SRC". It is documented in EVP_RAND-SEED-SRC. The reason the
seed source can be set is to allow you to use a third party provider
than includes one.
If you want to force RDRAND as the only seeding source, this
"man config" for OpenSSL-3.0 and newer says that there can be "[random]"
section in "openssl.cnf", where I can specify type of RNG, other things, and
*seed*, and seed *properties*.
Unfortunately, it did not bother to even list the possible/allowed values, let
alone explain what they'd mean:
ED
>
> I need to get the FIPS module to install without needing the default
provider. It seems like the FIPS module is trying to install and getting
stuck in a bad state, but I could use some help debugging this.
>
> Thanks for any help you can provide.
> Susan
---
Hi Susan,
How did you run Configure? Are you cross compiling?
Be default, OpenSSL 3.0.0 builds for /usr/local. Your MUST install it there or
use a Configure option if you want to install it somewhere else.
Kory
> On Nov 9, 2021, at 2:21 PM, Susan Tremel wrote:
>
> I’ve successfully built
I've successfully built and installed openssl 3.0 and the fips.so module in
my yocto build environment. My goal is to make the FIPs module the default
provider for all applications so I modified my openssl.cnf file to match
the docs like the following.
config_diagnostics = 1
Adding -D_ALL_SOURCE in makefile CFLAG helped to resolve issues
--
Thanks a lot for suggesting
Thiagu Mohan
11 matches
Mail list logo