Re: OpenSSL FIPS certificate #4282

A good question. In a nut shell: the 3.0.0 FIPS provider is designed to work with all 3.0.x releases.  We actively test this as part of our CI loops and it's the way to claim FIPS compliance when using OpenSSL 3.0.7.  You need to build 3.0.7 (with or without FIPS support) and the 3.0.0 FIPS

Re: Quantum-Resistant Cryptographic Algorithms

The project will once they are formally standardised. In the meantime, the Open Quantum Safe project has a provider that implements all of the candidate algorithms (https://github.com/open-quantum-safe/oqs-provider). Pauli On 1/11/22 15:14, ad...@redtile.com wrote: Will OpenSSL

Re: Forthcoming OpenSSL Bug Fix Release

1.1.1 is not susceptible to the CVE that is being fixed in 3.0: /the forthcoming release of OpenSSL version 1.1.1s that is a *bug fix* release/. (highlight added). Dr Paul Dale On 26/10/22 22:17, Matan Giladi wrote: Does 1.1.1s is going to include any security fix? Can you please

Re: Using des-cbc in 3.0

Sam, it looks like you figured it out. You don't need the "provider=legacy" in the EVP_CIPHER_fetch call, it will be found without this. Pauli On 24/5/22 08:38, Sam Varshavchik wrote: I'm looking for an example of using des-cbc in openssl 3.0, I think I figured it out, but I'm not certain.

Re: RSA and DES encryption and decryption with C++ on Windows

s-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_content=webmail> On Sun, Apr 10, 2022 at 5:52 PM Dr Paul Dale wrote: Have a look in the demos/encrypt folder: https://github.openssl.org/openssl/openssl/tree/master/d

Re: RSA and DES encryption and decryption with C++ on Windows

Have a look in the demos/encrypt folder: https://github.openssl.org/openssl/openssl/tree/master/demos/encrypt There has been an amount of effort put into updating these for 3.0 & later.  There is more to do. Pauli On 10/4/22 23:50, Kenneth Goldman wrote: Anyway, I'm trying to

Re: EVP_KDF-SSHKDF man page error?

The UTF8 type is a string and if its length is known, it doesn't need to be '\0' terminated.  So passing the address of a char works (it's a char * after all). Thanks for the other fix. Pauli On 26/3/22 10:43 am, Kory Hamzeh wrote: Thanks, Paul. I noticed the type values matched the RFC, but

Re: TLS KDF and SSH KDF in openssl 1.0.2 (FIPS 140-3)

Good luck, the 2.0.16 FOM is nowhere near being 140-3 ready. The Oracle version is much closer but still not quite there: https://github.com/oracle/solaris-openssl-fips Pauli On 17/3/22 19:19, Dhananjay kumar wrote: Hi All, We are looking to go through FIPS 140-3 certification for one of

Re: [EXTERNAL] Re: Not able to perform FIPS self-tests

Shane Lontis suggested this: /Don't return 0 during the Corruption phase unless you are trying to deliberately make it fail./ // /OSSL_PROVIDER_self_test() can be used to run the self tests on demand./ // Dr Paul Dale On 11/2/22 17:23, Gahlot, Ashish Kumar wrote: Hi, Thanks

Re: OpenSSL 3.0 FIPS module configuration file

? Thanks for all the effort it must take in answering all these questions every day. On 2/14/2022 5:31 PM, Dr Paul Dale wrote: Yes, this has to do with the FIPS standards.  I forget which standard it is but the self tests are mandated to be run on each device independently. The fipsinstall

Re: OpenSSL 3.0 FIPS module configuration file

/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf (see IG 9.11 beginning on page 179). I searched briefly for similar text in FIPS 140-3 IG but didn't see anything relevant. Tom.III On Mon, Feb 14, 2022 at 3:31 PM Dr Paul Dale wrote: Yes, this has to do

Re: OpenSSL 3.0 FIPS module configuration file

Yes, this has to do with the FIPS standards.  I forget which standard it is but the self tests are mandated to be run on each device independently. The fipsinstall process runs the self tests before generating the configuration file.  If the self tests fail, the module doesn't install. 

Re: Not able to perform FIPS self-tests

Have you considered using the provided for this: OSSL_PROVIDER_self_test()? https://www.openssl.org/docs/man3.0/man3/OSSL_PROVIDER.html Pauli On 8/2/22 17:41, Gahlot, Ashish Kumar wrote: Hello All, I’m trying to execute self-tests that FIPS runs after installation manually by calling the

Re: Coverity failures on github

The CIs are trying to run on your fork of the main repository and you've not got a Coverity token set up. To disable the run: 1. Go to your fork of the repository (https://github.com/pprindeville/openssl) 2. Click onto the "Actions" tab along the top 3. Click the "Static Analysis" workflow

Re: OpenSSL provider replacement for ENGINE_load_private_key

I'm not aware of a PKCS#11 provider being available at this point. Pauli On 13/1/22 5:02 am, Graham Leggett via openssl-users wrote: On 13 Dec 2021, at 12:15, Tomas Mraz wrote: One option would be for a provider to provide provider-storemgmt implementation to load a key from its special

Re: EVP_PKEY_get_int_param is not getting degree from EC key

Better might be just adding a note to the parameters unlikely to fit into a machine integer rather than confounding things with an additional type which isn't really a separate type. Pauli "unsigned BIGNUM" instead of "unsigned integer" would be short and much clearer in the description and

Re: EVP_PKEY_get_int_param is not getting degree from EC key

Also it's bit weird that responder *may* choose to return error if data_size is not suitable. What else it might do? Is it valid (from responder's point of view) to just truncate the value to that it would fit into unsigned int (that would obviously be useless behavior, I'm just curious if it

Re: Question About OpenSSL 3.0, FIPS and Solaris Support

The "unadopted" category is not the same as "unsupported".  We'll make an effort but if access to a physical machine is required, we will have to stop.  Whoever reports a problem will like have to assist with fixing it.  Be that by doing builds or writing code. The platform policy page

Re: Need Replacement for Deprecated function.

They are documented in provider-mac(7) and EVP_MAC-HMAC(7) respectively. The key is the MAC key -- a string of bytes. The digest is the name of the digest that is to be

Re: OpenSSL 1.1 on OSX

An alternative would be to statically link libssl and libcrypto.  No more dependencies. Pauli On 20/11/21 3:48 pm, Viktor Dukhovni wrote: On Sat, Nov 20, 2021 at 01:38:39PM +1100, Grahame Grieve wrote: I agree it's sure not a core openSSL issue. But surely lots of people want to use

Re: useless search box on openssl.org

It would be nice if the search engines checked for URL validity and cleaned their caches from time to time. Apart from keeping dross around from old unsupported versions, I don't think there is much the project can do about this unfortunately. Pauli On 19/11/21 7:48 am, Michael Richardson

Re: OpenSSL 3: FIPS DRBG Tests

On 12/11/21 4:02 am, Kory Hamzeh wrote: I am writing the FIPS DRBG AVS per NIST SP800-90A. I have some questions. 1. Is the TEST-RAND ok for nist test? I am planning to basically follow the steps in test/acvp_test.c:drbg_test(), but the data is read in from a file rather than an in memory

Re: Is it possible to use a global lock in the OpenSSL engine on each mod_ssl call?

OpenSSL doesn't have a global lock. You could implement a single lock in the engine.  Grab it immediately on entry and release just before exit. Pauli On 11/11/21 8:24 am, Shariful Alam wrote: Hello, I understand this is a weird question. I have an OpenSSL engine only for RSA. And I have

Re: OpenSSL-3.+ how to configure [random]?

I'm pretty sure the underlying problem is that there is a call to RAND_set_rand_method() or RAND_set_rand_engine() occurring (likely the latter). These completely replace the built in RNG infrastructure with the RAND_METHOD/engine.  If the engine then fails to produce output for any reason,

Re: OpenSSL-3.+ how to configure [random]?

There is documentation: https://www.openssl.org/docs/man3.0/man5/config.html I don't think the rdrand engine takes any extras. Pauli On 10/11/21 1:38 pm, Blumenthal, Uri - 0553 - MITLL wrote: On 11/9/21, 22:23, "Dr Paul Dale" wrote: Currently I've no idea and can't reprodu

Re: OpenSSL-3.+ how to configure [random]?

viously no deficiencies. The other is to make it so complex there are no obvious deficiencies. - C. A. R. Hoare On 11/9/21, 21:49, "openssl-users on beha

Re: OpenSSL-3.+ how to configure [random]?

Currently there is exactly one seed source that is usable in OpenSSL 3.0: "SEED-SRC".  It is documented in EVP_RAND-SEED-SRC.  The reason the seed source can be set is to allow you to use a third party provider than includes one. If you want to force RDRAND as the only seeding source, this

Re: OpenSSL 3.0 FIPS questions

d be doing it if I use the first method as well. Regards, Jason *From:* openssl-users on behalf of Dr Paul Dale *Sent:* Sunday, October 24, 2021 11:12 PM *To:* openssl-users@openssl.org *Subject:* Re: OpenSSL 3.0 FIPS

Re: OpenSSL 3.0 FIPS questions

*From:* openssl-users on behalf of Dr Paul Dale *Sent:* Sunday, October 24, 2021 12:28 AM *To:* openssl-users@openssl.org *Subject:* Re: OpenSSL 3.0 FIPS questions Oops, the second time this occurs "defp = OSSL_PROVIDER_load(non_fips_libctx, &qu

Re: OpenSSL 3.0 FIPS questions

Oops, the second time this occurs "defp = OSSL_PROVIDER_load(non_fips_libctx, "default");" it should be "defp = OSSL_PROVIDER_load(NULL, "default");" Pauli On 24/10/21 10:06 am, Dr Paul Dale wrote: defp = OSSL_PROVIDER_load(non_fips_libctx, "default");

Re: OpenSSL 3.0 FIPS questions

There are several approaches you could take.  With two library contexts: fips_libctx = OSSL_LIB_CTX_new(); non_fips_libctx = OSSL_LIB_CTX_new(); fipsp = OSSL_PROVIDER_load(fips_libctx, "fips"); basep = OSSL_PROVIDER_load(fips_libctx,"base");  /* can't load keys without this */

Re: OpenSSL 3.0.0 FIPS compatible ECDH-KAS

eed source? The whole purpose of this exercise was to create a NIST SP-800-90B compliant entropy source for FIPS. Thanks, Kory On Sep 22, 2021, at 3:51 PM, Dr Paul Dale wrote: If you are only using functions that are deprecated, you'll get away without for the moment. Pauli On 23/9/21 8:45 am, Kory Ha

Re: fips 140-2 module conditions and compilation target app

I think you've got the fist of the restriction.  You cannot make any changes to the source code, build files or the commands you use to build the FOM.  None are acceptable if you want a FIPS validate outcome.  I.e. you will lose the FIPS 140-2 validation state if you change anything. Pauli

Re: tpm2-openssl, a TPM 2.0 provider for OpenSSL 3.0 released

Great work! Pauli On 30/9/21 4:13 am, Petr Gotthard wrote: Hello, I just released a first version of the tpm2-openssl provider. TPM is a hardware crypto-processor, which can generate, store, and use cryptographic keys. The tpm2-openssl is a provider for integration of TPM 2.0 to OpenSSL

Re: RSA provider use example

On 24/9/21 9:15 pm, Angus Robertson - Magenta Systems Ltd wrote: I've been wondering if this is more efficient than getting the parameters one at a time using multiple EVP_PKEY_get_xx_param which also calls EVP_PKEY_get_params. I'd be surprised if there was a lot of difference. If I had to

Re: RSA provider use example

What about: apps/rsa.c, apps/rsautl.c and apps/genrsa.c 3.0 doesn't use the RSA structure in the non-deprecated public API. You probably want the EVP_PKEY_fromdata call. Pauli On 24/9/21 8:55 pm, Antonio Santagiuliana wrote: Hello Is there any app or command in the current Openssl master

Re: OpenSSL 3.0.0 FIPS compatible ECDH-KAS

Adding that should be enough to force only FIPS validated algorithms are used. Just doing that isn't enough, there is more you are going to need to do.  E.g. you will need to load the FIPS and base providers either via config or explicitly. It's possible to set the default properties via

Re: Openssl aes-256 ctr drbg

The number you asked for typically. Pauli On 21/9/21 4:49 pm, Nagarjun J wrote: Hi, What is the Number of Bytes Returned by aes-256 ctr drbg ? Thanks, Nagarjun

Re: openssl 3.0.0 equivalent to RSA_get0_key

No. The deprecated functions are not going away any time soon but there is no direct replacement. Pauli On 21/9/21 6:46 am, Ken Goldman wrote: ... and RSA_get0_factors. I know about EVP_PKEY_get_bn_param().  However, that allocates new bignums.  Therefore, the caller has to say, if

Re: Reducing the footprint of a simple application

15/9/21 11:34 pm, Jakob Bohm via openssl-users wrote: On 2021-09-14 12:14, Dr Paul Dale wrote: > ...low security RNGs and other antifeatures. Huh  Where?  Why plural? The only **one** I'm aware of is the one I added to stochastically flush the property cache where it

Re: Openssl 3.0.0. EVP_PKEY RSA is NULL

On 15/9/21 9:19 am, Ken Goldman wrote: irc = EVP_PKEY_fromdata_init(ctx); irc = EVP_PKEY_fromdata(ctx, (EVP_PKEY **)rsa_pub_key, /* freed by caller */     EVP_PKEY_PUBLIC_KEY, params); Do you mean :     irc = EVP_PKEY_fromdata(ctx, _pub_key, EVP_PKEY_PUBLIC_KEY,

Re: Reducing the footprint of a simple application

> ...low security RNGs and other antifeatures. Huh  Where?  Why plural? The only **one** I'm aware of is the one I added to stochastically flush the property cache where it doesn't need to be cryptographically secure. Pauli

Re: OpenSSL 3.0.0 custom entropy source

Try working from providers/implementations/rands/seed_src.c  You'll need to reimplement seed_src_generate() to use your RNG. To use your custom seed source, you can either use the OpenSSL configuration file to set a "random" section that includes a "seed" setting or you can call

Re: OpenSSL 3.0.0 two tests fail on Solaris 10 SPARC64 ( Oracle/Fujitsu )

What Ben suggests is a great start. Note that none of the core developers have Solaris access, so that debugging could be problematic. Pauli On 12/9/21 1:39 pm, Benjamin Kaduk via openssl-users wrote: On Sat, Sep 11, 2021 at 10:29:07PM -0400, Dennis Clarke via openssl-users wrote: This

Re: EVP_MAC_init - specify the hash algorithm

, but are they documented? Case sensitive?  Which is preferred? You use EVP_MAC_new, which is undocumented.  The doc sample uses EVP_MAC_fetch.  Which is preferred? On 7/13/2021 7:06 PM, Dr Paul Dale wrote: Your code should look more like:     OSSL_PARAMS params[2];     EVP_MAC *mac = EVP_MAC_new(NULL

Re: Congratulations! Missing 3.0.0 tag?

With the change to (almost) semantic versioning, we also decided to make the tags easier to type. Pauli On 9/9/21 9:03 am, Steffen Nurpmeso wrote: Benjamin Kaduk wrote in <2021090848.gx19...@akamai.com>: |On Thu, Sep 09, 2021 at 12:15:44AM +0200, Steffen Nurpmeso wrote: |> |>

Re: Help Needed for deprecated functions and macros like "CRYPTO_num_locks()" , "CRYPTO_LOCK" ......etc

Locking in OpenSSL 1.1.1 and later is completely different.  You no longer need to and should not try to register the locking callbacks. Pauli On 17/8/21 11:59 pm, Kumar Mishra, Sanjeev wrote: Hi All, I am upgrading the code from OpenSSL 1.0.1 to OpenSSL 3.0. I am getting compilation errors

Re: Replacement for AES_set_encrypt_key and AES_encrypt to support 3.0

You don't want to use these and there is no direct replacement.  You want to use the EVP calls instead:  EVP_CipherInit_ex2, EVP_CipherUpdate, EVP_CipherFinal_ex and friends. See this manual page:     https://www.openssl.org/docs/manmaster/man3/EVP_EncryptInit.html Pauli On 17/8/21 5:11 pm,

Re: One iOS App - 2 OpenSSL libraries.

There shouldn't be a limitation.  Although if two different versions of OpenSSL are being used, it is possible that they could interact together in odd ways. OpenSSL will automatically use assembly implementations of algorithms unless: * the "no-asm" option is specified at configuration

Re: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance.

I suggest working out why they failed and getting them working again.  You've broken something with your modifications, you need to understand what's broken and why before continuing. Paul Dale On 14/8/21 9:56 am, Ma Zhenhua wrote: Hi team, I modified openssl code and make test failed.

Re: openssl 3.0 genpkey

Ken, I've created issue #16238 for these.  Any chance you could add version information or other useful tidbits? Thanks, Pauli On 6/8/21 7:59 am, Ken Goldman wrote: Should these be posted here or as github issues?  (May be user error) 1

Re: openssl 3.0 genpkey

GitHub issues would be better.  They are harder to missing accidentally. Pauli On 6/8/21 7:59 am, Ken Goldman wrote: Should these be posted here or as github issues?  (May be user error) 1 openssl genpkey -algorithm rsa -outform der -out key.der -quiet returns: genpkey: Option -quiet

Re: OpenSSL beta testing on Solaris and z/OS

Dennis, Thanks for the information.  Solaris and z/OS are not tested by the project, so it's good to know they aren't too far from working out of the box. We would definitely be interested in a pull request with your fixes at some stage -- post 3.0 since it's almost certainly too late now.

Re: OpenSSL Beta 2, report of successful migration

Thanks! The OpenSSL team has wondered how many people were trying out 3.0 during the beta period without any way of knowing for sure.  That you've had what seems like a fairly smooth transition is wonderful. Pauli On 2/8/21 8:10 pm, Olivier Mascia via openssl-users wrote: Hello, Just

Re: Accessing bignums of a RSA key with OpenSSL 3.0?

Try: include/openssl/core_names.h The names are "n", "e" and "d" in this case. Pauli On 30/7/21 10:57 pm, Olivier Mascia via openssl-users wrote: Dear all, Testing migration to OpenSSL 3.0. Got to update some code building a JWK (in relation to ACME LetsEncrypt protocols). Having an

Re: OpenSSL 3.0.0 beta1 link issues on Solaris 10

None of the core developers have access to Solaris machines, thus we rely on the community for reports and fixes for this kind of thing. We're happy to assist and can sometimes identify and fix the problem but we still require help testing. This would best be raised as an issue on GitHub

Re: EVP_MAC_init - specify the hash algorithm

Please don't do it the PKEY way :) Your code should look more like: OSSL_PARAMS params[2]; EVP_MAC *mac = EVP_MAC_new(NULL, "HMAC", NULL); EVP_MAC_CTX *mac_ctx = EVP_MAC_CTX_new(mac); EVP_MAC_free(mac); /* Now or later is all good and depends on the app reusing it or not */

Re: OpenSSL version 3.0.0-beta1 published

However, I was wondering if anyone has ported/refactored the pkcs11 engine stuff for OpenSSL 3.0 already?  is this on the TODO list for the OpenSC/pkcs11 team?  If I wanted to try to refactor the opensc-pkcs11 module, how would I start? PKCS #11 support is one (of many) possible items

Re: Switch hangs for significant amount of time when using RAND_write_file API with openssl version 1.1.1h and above.

My guess would be that OpenSSL is waiting for the system randomness source to properly seed.  This was an intentional change.  Without it security will likely be lost. Paul Dale On 6/5/21 8:34 pm, Sravani Maddukuri via openssl-users wrote: Hi, I have updated the openssl version running on

Re: Load and unload of engines at runtime

Why would you believe that ENGINE_register / ENGINE_unregister are the calls to load/unload an engine?  These calls are for _after_ the engine has been loaded: /*- Manage registration of ENGINEs per "table". For each type, there are 3  * functions;  *   ENGINE_register_***(e) -

Re: OpenSSL 3.0 - providing entropy to EVP_RAND ?

ctors 0 acvp_test.c 1341 const struct drbg_st *tst = _data[id]; 1 acvp_test.c 1468 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data)); Try: grep drbg_data test/* Thanks Bala On Wednesday, 14 April, 2021, 05:02:22 pm IST, Dr Paul Dale wrote: For setting up a parent for a DRBG, look at /provi

Re: Sp800 56a rev3

These are all questions for your FIPS lab. Pauli On 15/4/21 4:19 am, Nagarjun J wrote: Hi, Suppose if any one submitted for FIPS 140-2 certification in Nov 2020 , what is the deadline to meet sp800 56 a rev3 revision requirement to avoid certificate going into historical list. And if we

Re: OpenSSL 3.0 - providing entropy to EVP_RAND ?

3.0? Thank you for your help in this. Thanks Bala On Wednesday, 24 March, 2021, 11:56:18 am IST, Dr Paul Dale wrote: RAND_add() forces a reseed to the DRBGs and uses the passed material (not as entropy but as additional input). EVP_RAND_reseed() is a more direct interface but remember tha

Re: EVP_MAC_init() in 3.0 alpha 13

Did you attempt to pass NULL for the key and zero for it's length to the EVP_MAC_init() call? Pauli On 5/4/21 10:51 pm, Hal Murray wrote: It used to take just a ctx. Now it also wants a key+length and a params. I have some simple/hack code to time 2 cases. The first gives it the key each

Re: error: redefinition of ‘struct rsa_meth_st’

You shouldn't be accessing the internal of a private structure. That structure was made private for a reason and duplicating it in your engine will break when we change the structure's contents. Your engine should be using the EVP_PKEY_meth_set_* function to do what you want (for 1.1.1).  For

Re: EVP_MAC_init() in 3.0 alpha 13

Does EVP_MAC_CTX_dup() after the MAC context has been initialised do what you want? Pauli On 5/4/21 10:51 pm, Hal Murray wrote: It used to take just a ctx. Now it also wants a key+length and a params. I have some simple/hack code to time 2 cases. The first gives it the key each time. The

Re: openssl-users Digest, Vol 77, Issue 6

of openssl-users digest..." Today's Topics:    1. Re: openssl-users Digest, Vol 77, Issue 4 (Dr Paul Dale) -- Message: 1 Date: Sat, 3 Apr 2021 18:48:48 +1000 From: Dr Paul Dale To: openssl-users@openssl.org Subject: Re: openssl

Re: openssl-users Digest, Vol 77, Issue 4

openssl-users-requ...@openssl.org You can reach the person managing the list at     openssl-users-ow...@openssl.org When replying, please edit your Subject line so it is more specific than "Re: Contents of openssl-users digest..." Today's Topics:    1. Re: Regarding RAND_set_rand_method (Dr Pa

Re: Regarding RAND_set_rand_method

There isn't an easy a way to do what you want in 1.1.1. RAND_set_rand_method replaces the RNG for all of OpenSSL.  In theory your RAND_METHOD could detect which thread it is running in and do different things for each.  I'm not sure this is a good idea however. Why aren't the random number

Re: Why does OpenSSL report google's certificate is "self-signed"?

Perhaps ask Qualys to answer your concerns directly?  They must have a reason for including this warning. Pauli On 1/4/21 5:43 pm, Jan Just Keijser wrote: On 31/03/21 19:43, Michael Wojcik wrote: From: openssl-users On Behalf Of Viktor Dukhovni Sent: Wednesday, 31 March, 2021 10:31

Re: Unable to load the FIPs config file OpenSSL 3.0

Our general suggestion is to keep the FIPS configuration in it's own file and include that -- this helps when updating. Does a full path to the providers directory help? Could you try a build with debugging symbols so it's possible to see what's going on better? Set a breakpoint on

Re: FIPs algorithm code vs default implementation

1> Can you please help to understand the differences in the FIPs algorithm implementation code vs default? Are there additional validations performed in FIPs code? There are some additional validations, there are other differences. Grep the source code for FIPS_MODULE to find all the

Re: OpenSSL 3.0 - providing entropy to EVP_RAND ?

RAND_add() forces a reseed to the DRBGs and uses the passed material (not as entropy but as additional input). EVP_RAND_reseed() is a more direct interface but remember that the built in DRBGs are free to ignore what the user claims is /entropy/. History has shown us time and again that

Re: How to store openSSL EVP_MD and EVP_MD_CTX in local buffers

Structures are opaque after OpenSSL 1.0.  There is no way to do what you want. The recommended path is to call EVP_MD_CTX_dup() to create a copy of the context and use that the second time around. Pauli On 24/3/21 2:03 pm, Vuthur Pavankumar wrote: Hi All, I was implementing SHA3

Re: Openssl-3.0.0 POST

Have a look at the openssl-fipsinstall manual page. The self tests are run when the FIPS provider is installed. You can run the install manually using: openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips I think that a verify command will also run them: openssl

Re: PKCS12 APIs with fips 3.0

quot;default" provider remains available? Remember that in other software systems, such as OpenSSL 1.0.x and MS CryptoAPI, FIPS mode causes all non-validated algorithms to fail hard, so all higher level operations are guaranteed to use only FIPS- validated crypto. On 2021-01-27 0

Re: PKCS12 APIs with fips 3.0

ward that would allow reading and writing to a key store while only using the fips provider? Thanks, Zeke Evans Micro Focus -Original Message----- From: openssl-users On Behalf Of Dr Paul Dale Sent: Tuesday, January 26, 2021 5:22 PM To: openssl-users@openssl.org Subject: Re: PKCS12 A

Re: PKCS12 APIs with fips 3.0

I'm not even sure that NIST can validate the PKCS#12 KDF. If it can't be validated, it doesn't belong in the FIPS provider. Pauli On 26/1/21 10:48 pm, Tomas Mraz wrote: On Tue, 2021-01-26 at 11:45 +, Matt Caswell wrote: On 26/01/2021 11:05, Jakob Bohm via openssl-users wrote: On

Re: OpenSSL 1.1.1g Windows build slow rsa tests

On 21/1/21 10:37 am, Michael Wojcik wrote: From: openssl-users On Behalf Of Dr Paul Dale Sent: Wednesday, 20 January, 2021 16:19 Try building without the no-asm configuration option. That was my first thought, but according to Dan's message, the firedaemon version is also built with no-asm

Re: OpenSSL 1.1.1g Windows build slow rsa tests

Try building without the no-asm configuration option. Pauli On 21/1/21 6:18 am, Dan Heinz wrote: Hello, I’m building openssl 1.1.1g  on multiple platforms and I found that the rsa speed tests are significantly slower in my build than on the other OS platforms (Linux and macOS). I

Re: Question related to default RAND usage and update with engine RAND

Have you tried RAND_set_rand_method()? This should replace the RNG with yours. In 3.0, there will be a different scheme and an engine isn’t the ideal way to go. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 1

Re: HMAC is deprecated in 3.0 getting error 'HMAC' was not declared in this scope

There is no direct replacement for the MHAC call at this point, EVP_MAC needs to be used. I’d suggest reading the EVP_MAC(3) man page. There is an example down the bottom. Does SSL_set_mtu() do what you require? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations

Re: PRNG not available when multiple providers are configured?

Adding: config_diagnostics = 1 At the same level as the openssl_conf line should produce more output. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 4 Nov 2020, at 4:41 am, Thomas Dwyer III wrote: > > On

Re: PRNG not available when multiple providers are configured?

us() started working for me. So > THANKS for that! :-) Not producing any diagnostic output for a failed checksum seems like a bug. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Integration of new algorithms

the ground up to support what you want. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 27 Aug 2020, at 2:21 am, Kris Kwiatkowski wrote: > > Hello, > > I'm working on development of OpenSSL ENGINE

Re: New NID for acmeIdentifier

This would require a line in crypto/objects/objects.txt and a "make update”. A pull request would be the way to get this in. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 26 Aug 2020, at 11:41 pm, Angus R

Re: openssl fipsinstall

e next planning meeting. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 28 Jul 2020, at 9:51 am, Thomas Dwyer III wrote: > > On Mon, Jul 27, 2020 at 3:39 PM Dr Paul Dale <mailto:paul.d...@

Re: openssl fipsinstall

on a pull request that allowed either or both options. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 28 Jul 2020, at 6:19 am, Thomas Dwyer III wrote: > > Hi all, > > I'm replacing OpenSSL 1.0.2 w

Re: OpenSSL user guide for 1.1.1g

There is not and never will be FIPS support for OpenSSL 1.1.1. You’ll have to wait for the upcoming 3.0 release for FIPS support. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 25 Jul 2020, at 12:32 am, Faraj Ra

Re: OpenSSL shared library in FIPS mode

are not and never have been FIPS compliant. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 7 Jul 2020, at 3:36 pm, Shirisha Dasari via openssl-users > wrote: > > Hi All, > > We have been trying to in

Re: PKEY CMAC timings

I honestly believe that the various contexts should be reusable. Without this, the recent provider additions will impose a significant overhead. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 18 Jun 2020, at 4:27

Re: PKEY CMAC timings

How does it look for large input? As in many kilobytes or megabytes? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 18 Jun 2020, at 1:18 pm, Hal Murray wrote: > > Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz &

Re: Asymetric crypto and OpenSSL 3.0 deprecated functions

I’ll note that encryption is _not_ an integrity check. Depending on how the AES encryption is done, this could be a significant hole. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 25 May 2020, at 10:12 pm, To

Re: Extracting the public modulus from an RSA public key?

Might I suggest reading the documentation? RSA_get0_n() is the function you are wanting. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 6 May 2020, at 2:20 pm, Thomas Dwyer III wrote: > > I'm porting

Re: liblegacy.a does not work unless compiled with -static

I’ve been wondering if an option to build the legacy provider into libcrypto (like the null and default providers) is worthwhile. Given this conservation, it seems it might be. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: New inlcudes needed for OpenSSL V1.1.1 sockets

All of the include files mentioned are standard ones which have always been used. You are building 1.1.1 differently to 1.0.2. Debug your build environment first. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On

Re: OpenSSL 3.0

You should be able to set the environment variable OPENSSL_CONF to test/fips.cnf which will then load a FIPS only configuration. Teething problems are expected. Not everything has been activated in the FIPS module but enough has to do some TLS. Pauli -- Dr Paul Dale | Distinguished

Re: CRYPTO_secure_malloc_init() fails without error message

Do this instead: CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE, 16); Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 21 Feb 2020, at 8:33 pm, Clay Shields wrote: > > Unfortunately that didn’t seem to be it. Upda

Re: Are RAND_bytes and RAND_priv_bytes thread safe?

Yes. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 11 Feb 2020, at 9:56 am, Hal Murray wrote: > > I didn't find any mention of threads in their man pages. > > > -- > These are my opinions. I hate spam. > > >

Re: openssl-fips-2.0.16 : RSA key generation !!

FOM will not be revalidated. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 2 Jan 2020, at 3:11 pm, Hareesh D wrote: > > Hi, > > In the openssl-fips-2.0.16 version, I see that some validati

  1   2   >