ys 365
I kept this on the same "FIPS OpenSSL 3.0" thread because I'm not 100% sure
it's unrelated.
What am I missing here?
Thanks,
Jason
From: Matt Caswell
Sent: Thursday, October 28, 2021 6:03 PM
To: Jason Schultz ; Dr Paul Dale ;
openss
so.3
Thanks,
Jason
*From:* Matt Caswell
*Sent:* Thursday, October 28, 2021 2:00 PM
*To:* Jason Schultz ; Dr Paul Dale
; openssl-users@openssl.org
*Subject:* Re: OpenSSL 3.0 FIPS questions
On 28/10/2021 14:49, Jason Schultz wrote:
A call to OSSL_PROVIDER_
/libcrypto.so.3
Thanks,
Jason
From: Matt Caswell
Sent: Thursday, October 28, 2021 2:00 PM
To: Jason Schultz ; Dr Paul Dale ;
openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
On 28/10/2021 14:49, Jason Schultz wrote:
> A call to OSSL_PROVIDER_av
nks to everyone for their help with this, things are starting to make
more sense now.
*From:* Matt Caswell
*Sent:* Thursday, October 28, 2021 7:39 AM
*To:* Jason Schultz ; Dr Paul Dale
; openssl-users@openssl.org
*Subject:
_________
From: Matt Caswell
Sent: Thursday, October 28, 2021 7:39 AM
To: Jason Schultz ; Dr Paul Dale ;
openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
On 27/10/2021 17:28, Jason Schultz wrote:
> With these config files and the code above, the
> OSSL_PROVID
On 27/10/2021 17:28, Jason Schultz wrote:
With these config files and the code above, the
OSSL_PROVIDER_load(fips_libctx, "fips") call fails. Here are the
messages from the ERR_print_errors_fp() call:
2097C692B57F:error:1C8000D5:Provider routines:(unknown
function):missing config data:
. I'm wondering if that's needed since I
don't have any environment variables set up? I'm not sure what the default
search path is.
Jason
From: Matt Caswell
Sent: Wednesday, October 27, 2021 10:34 AM
To: Jason Schultz ; Dr Paul Dale ;
opens
On 26/10/2021 20:17, Jason Schultz wrote:
Thanks for all of the help so far. Unfortunately, I'm still struggling
with this. There could be a number of issues, starting with the
installation of OpenSSL. I basically followed the documentation and did
the following:
./Configure enable-fips
m
Ah, OK. Yes, I am running on the same machine. Thanks for clarifying.
From: Kory Hamzeh
Sent: Tuesday, October 26, 2021 9:15 PM
To: Jason Schultz
Cc: Dr Paul Dale ; openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
Actually, if you are
ith the
> non_fips_libctx is successful, but later calling X509_get_pubkey() returns
> NULL, implying maybe something is wrong with the non_fips_libctx as well.
>
> I've tried other combinations, but at this point I'm just guessing. Is there
> anything obvious I could be m
ules/.
Are you saying I still needed to do "openssl fipsinstall" after the 4 steps I
already did?
Thanks,
Jason
From: Kory Hamzeh
Sent: Tuesday, October 26, 2021 8:13 PM
To: Jason Schultz
Cc: Dr Paul Dale ; openssl-users@openssl.org
Subject: Re: Op
> NULL, implying maybe something is wrong with the non_fips_libctx as well.
>
> I've tried other combinations, but at this point I'm just guessing. Is there
> anything obvious I could be missing and I should be checking?
>
> Thanks,
>
> Jason
>
>
> Fr
sing and I should be checking?
Thanks,
Jason
From: Dr Paul Dale
Sent: Monday, October 25, 2021 9:37 PM
To: Jason Schultz ; openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
It was meant for the second method only. The first method is using di
hould be doing it if I use the first method as well.
Regards,
Jason
*From:* openssl-users on behalf of
Dr Paul Dale
*Sent:* Sunday, October 24, 2021 11:12 PM
*To:* openssl-users@openssl.org
*Subject:* Re: OpenSSL 3.
ems like I should be doing
it if I use the first method as well.
Regards,
Jason
From: openssl-users on behalf of Dr Paul
Dale
Sent: Sunday, October 24, 2021 11:12 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
The configuration
ds,
Jason
*From:* openssl-users on behalf of
Dr Paul Dale
*Sent:* Sunday, October 24, 2021 12:28 AM
*To:* openssl-users@openssl.org
*Subject:* Re: OpenSSL 3.0 FIPS questions
Oops, the second time this occurs "defp =
OSSL_PROVIDER_load(non_fips_l
fips, base, default,
etc?
Regards,
Jason
From: openssl-users on behalf of Dr Paul
Dale
Sent: Sunday, October 24, 2021 12:28 AM
To: openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
Oops, the second time this occurs "defp = OSSL_PROVIDER
Oops, the second time this occurs "defp =
OSSL_PROVIDER_load(non_fips_libctx, "default");" it should be "defp =
OSSL_PROVIDER_load(NULL, "default");"
Pauli
On 24/10/21 10:06 am, Dr Paul Dale wrote:
defp = OSSL_PROVIDER_load(non_fips_libctx, "default");
There are several approaches you could take. With two library contexts:
fips_libctx = OSSL_LIB_CTX_new();
non_fips_libctx = OSSL_LIB_CTX_new();
fipsp = OSSL_PROVIDER_load(fips_libctx, "fips");
basep = OSSL_PROVIDER_load(fips_libctx,"base"); /* can't load keys
without this */
One way to do what you want is with two config file, and and in the first line
of your main() function, add:
putenv(“OPENSSL_CONF=/path/to/your/conf”)
depending on whether you want to run in FIPS mode or not. Of course, this only
works if FIPS is needed application wide, not on a per connection
20 matches
Mail list logo
