Re: EVP_verify APIs

2014-11-11 Thread Gayathri Manoj
Hi Steve, Conclusion of previous thread : For making FIPS compliance we have to replace RSA_public_decrypt() with EVP_verify*() APIs. It requires hash of the the entire message and not the hash of the 'signed message'. Currently I am getting only hash of the signed message from my phone and i

Re: OpenSSL 1.0.0-fips 29 Mar 2010

2014-11-11 Thread Dr. Stephen Henson
On Tue, Nov 11, 2014, A sunil kumar wrote: > I am looking for the tarball OpenSSL 1.0.0-fips 29 Mar 2010. But in > http://www.openssl.org/source/ i dont see this version. Rather i see Mar 29 > 15:24:59 2010 openssl-1.0.0.tar.gz (MD5) (SHA1) (PGP sign). > > Can someone please confirm whether thes

RE: OpenSSL 1.0.0-fips 29 Mar 2010

2014-11-11 Thread Porter, Andrew
The version "1.0.0-fips" indicates a build of OpenSSL that used both the 1.0.0 source and one (can't tell which) of the openssl-fips source packages. If you're seeing that version number printed out by the "openssl" command on your system you probably need to get the source from the operating sy

OpenSSL 1.0.0-fips 29 Mar 2010

2014-11-11 Thread A sunil kumar
I am looking for the tarball OpenSSL 1.0.0-fips 29 Mar 2010. But in http://www.openssl.org/source/ i dont see this version. Rather i see Mar 29 15:24:59 2010 openssl-1.0.0.tar.gz (MD5) (SHA1) (PGP sign). Can someone please confirm whether these 2 versions are same, else if is there any other link

Re: error:1200AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group.

2014-11-11 Thread Matt Caswell
On 11/11/14 09:35, Koehne Kai wrote: >> -Original Message- >> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- >> [...] >> I have been able to reproduce this. >> >> Using a standard openssl configured *without* including no-ec2m, start an >> s_server: >> >> openssl s_server -n

RE: error:1200AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group.

2014-11-11 Thread Koehne Kai
> -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > [...] > I have been able to reproduce this. > > Using a standard openssl configured *without* including no-ec2m, start an > s_server: > > openssl s_server -named_curve sect239k1 > > Then, using an opens

Re: How to get matched root CA in X509_verify_cert()

2014-11-11 Thread Dr. Stephen Henson
On Tue, Nov 11, 2014, Jerry OELoo wrote: > Hi > I have put some(100+) root CA certificate files in a folder, and Use > x509_store_load_locations() to set to store load location. > > Then Use X509_STORE_CTX_init(), X509_verify_cert() to verify a certificate, > > When X509_verify_cert() return 1,