Compiling openssl 1.0.1c with fips 2.0.1

2012-08-09 Thread Ruiyuan Jiang
Hi, I am trying to compile openssl 1.0.1c with fips 2.0.1 enabled on Redhat RHEL 6.3 64bit server. I first compiled fips 2.0.1 in the source tree directory: # config # make # make install I then tried to compile openssl 1.0.1c in the source tree directory per FIPS user guide: # ./config

Missing entries in index.txt database - Generating CRL

2012-08-09 Thread int0x80
Hi, I have a index.txt database where all the R (revoked) and E (expired) lines were removed, only the V (valid) entries are left. When I generate a new CRL it doesn't contain any certificates since this process parses the database and can't find any revoked certificates. The problem now is,

Re: Missing entries in index.txt database - Generating CRL

2012-08-09 Thread Peter Sylvester
On 08/09/2012 12:57 PM, int0...@safe-mail.net wrote: Hi ... After that I generated a CRL (I own the CA) which then contained the certificate with the serial 0x06. My question now is, would that be a proper workaround or is there a better solution? Since the CRL only contains the serial

p2q RSA key augmentation

2012-08-09 Thread David Madden
Hi, I have an RSA key { D, E, N } generated by another library. I can use OpenSSL to encrypt decrypt interoperably, but I would like to extend the key with the other factors OpenSSL uses to work faster (factors P, Q, DMP1, DMQ1, IQMP). Is there a library function that computes these other

RE: p2q RSA key augmentation

2012-08-09 Thread Erik Tkal
I don't believe OpenSSL has any mechanism to directly calculate P and Q; this requires an iterative process. Once you have those, however, calculating the rest are simple calculations using the BN library. Erik Tkal Juniper OAC/UAC/Pulse Development

Meanings of various return codes with non-blocking I/O?

2012-08-09 Thread James Marshall
I'm trying to write a secure embedded HTTP server using OpenSSL. I'm using non-blocking I/O, and the main functions I'm using are SSL_accept(), SSL_read(), SSL_write(), and SSL_shutdown(). After each one, I want to handle all possible return codes, but I can't find docs that describe the

RE: Meanings of various return codes with non-blocking I/O?

2012-08-09 Thread Dave Thompson
From: owner-openssl-us...@openssl.org On Behalf Of James Marshall Sent: Thursday, 09 August, 2012 19:41 I'm trying to write a secure embedded HTTP server using OpenSSL. I'm using non-blocking I/O, and the main functions I'm using are SSL_accept(), SSL_read(), SSL_write(), and SSL_shutdown().

Re: p2q RSA key augmentation

2012-08-09 Thread David Madden
On 8/9/2012 14:54, Erik Tkal wrote: I don't believe OpenSSL has any mechanism to directly calculate P and Q; this requires an iterative process. Once you have those, however, calculating the rest are simple calculations using the BN library. Thanks, Erik. I wrote the following code to