hanks,
Murugesh
On Fri, May 24, 2024 at 9:27 PM murugesh pitchaiah <
murugesh.pitcha...@gmail.com> wrote:
> Thanks Matt for looking into this.
>
> Here is the output:
>
> # openssl list --providers -provider fips -provider base
>
> Providers:
>
> base
>
>
the provider via the "openssl list" command,
> i.e. what is the output from:
>
> $ openssl list --providers -provider fips -provider base
>
>
> Matt
>
> On 24/05/2024 15:48, murugesh pitchaiah wrote:
> > Thanks Neil for your response. Please find more detail
or
> install-mac is incorrect in your config
> 'Neil
>
> On Fri, May 24, 2024 at 2:05 AM murugesh pitchaiah <
> murugesh.pitcha...@gmail.com> wrote:
>
>> Hi,
>>
>> Need your help on using openssl fips provider programmatically with
>> open
Hi,
Need your help on using openssl fips provider programmatically with openssl
3.0.9.
Error seen:
*80D1CD65667F:error:1C8000D4:Provider routines:SELF_TEST_post:invalid
state:../openssl-3.0.9/providers/fips/self_test.c:262:*
*80D1CD65667F:error:1C8000D8:Provider
routines:OSSL_provider_in
Hi,
I am looking for testing the Trusted OCSP responder model.
Here is the certificate hierarchy:
1) rootca-->subca-->leaf
2) responderca (another root ca)
subChain : Contains both subca and rootca
index.txt - contains the entries for subca and leaf
OCSP Request is raised in the sequence: 1) lea
anyone please share the steps to generate user certificates of
type: x509v3-ssh-rsa and x509v3-rsa2048-sha256 ?
Thanks & Regards,
Murugesh P.
On 8/24/21, Dirk-Willem van Gulik wrote:
> On 24 Aug 2021, at 09:47, murugesh pitchaiah
> wrote:
>>
>> Hi,
>>
>> I a
Hi,
I am working on generating the x509v3 certificates for ssh user. I see
with the default_md as 'sha256', in openssl.cnf file, the
key/certificate is generated with algorithm type as 'x509v3-sign-rsa'.
I see its signature algorithm is :
Signature Algorithm: sha256WithRSAEncryption
Hi,
Yes. You have to use openssl provided build files.
Thanks,
Murugesh P.
On 7/7/20, Shirisha Dasari via openssl-users wrote:
> Hi All,
>
> We have been trying to integrate FOM 2.0.13 with OpenSSL 1.0.2u for FIPS
> compliance. Post integration, we have been able to run in FIPS mode, with
> all
Hi,
You may list down what ciphers configured : "openssl ciphers"
Choose CBC ciphers and add them to the list of 'ssl_ciphers' with "!"
prefix appended to current ssl_ciphers.
> ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH:!AAA_CBC_BBB:
Ref:
https://serverfault.com/questions/692119/meaning-of-ss
Hi All,
I came across a term "Full PKI Authentication".
Please someone clarify, what the name "Full" suggests here ? Is there
any specific "Full PKI" version available ? Anay specific RFC
available for "Full" PKI other than the following ?
https://tools.ietf.org/html/rfc5280.html
I could see s
Hi,
The command you used is the correct one to generate a cert from CSR.
Still certificate not generated means there may be some config issue.
You did not see any errors after the following line ?
using configuration from
> path/to/config/folder/openssl.cnf".
Also check if the file/path permissi
Hi,
SSL_CTX_set1_client_sigalgs_list - is the correct method for this purpose.
Just try for checking return value of this function. On failure it returns 0.
Also try SSL_CTX_set1_client_sigalgs_list (ctx, "RSA+SHA256");
Thanks,
Murugesh P.
On 6/19/18, Devang Kubavat wrote:
> Hi,
>
> I want to
Hi,
On invoking FIPS_mode_set(1), the self test would be run internally
first. The test would be run for all modules like dsa, rsa, rng, etc.
This error indicates a failure in any of these self test run.
Try to view the "FIPSerr" which could show you which module's test
actually failed; so you ca
Hi Pratyush,
Whenever you set a certificate to CTX, the reference count will get incremented:
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
In addition, inside your application any usage of a certificate may
cause this reference count to be incremented.
As you can seen in man page - one call
Hi All,
Need your inputs on below issue:
When I try to set the FIPS mode, seeing below error and failure intermittently:
Error: FIPS_mode_set(1) failed. Reason: error:24064064:random number
generator:SSLEAY_RAND_BYTES:PRNG not seeded
I am using following versions:
openssl-1.0.2k
openssl-fips-ec
Dear All,
I am working on doing CAVS algorithm testing for RSA, FIPS 186-4.
Able to make up the 186-4 patches for RSA key generation from Fedora,
SuSe patches.
The new API to generate RSA key based on 186-4 is "fips_rsa_builtin_keygen".
But I suspect if this has CAVS support as well. In the fips_
this kind of fips canister usage ?
Thanks,
Murugesh P.
On 10/10/17, Marcus Meissner wrote:
> Hi,
>
> On Mon, Oct 09, 2017 at 05:24:17PM +0530, murugesh pitchaiah wrote:
>> Hi,
>>
>> Thanks for the comment.
>>
>> I know that openSSL is not 186-4 compliant.
Hi,
Thanks for the comment.
I know that openSSL is not 186-4 compliant. That is why I am looking
for anybody have the patch for the same.
I see there are some works in Fedora:
http://pkgs.fedoraproject.org/cgit/rpms/openssl.git/tree/openssl-1.1.0-fips.patch
Thanks,
Murugesh P.
On 10/6/17, Salz
Hi Jacob,
Thanks for looking into this.
This FIPS186-4 is not just about SHA. It basically about the key
generation parameters. Especially I am looking for RSA key generation
parameters wrt FIPS 186-4.
Thanks,
Murugesh P.
On 10/5/17, Jakob Bohm wrote:
> On 05/10/2017 13:51, murugesh pitcha
Hi All,
I am looking for the FIPS 186-4 patch. I see it is not yet implemented
in openssl FIPS 2.0
I see many vendors have implemented their own fix for FIPS 186-4
compliance. I am looking for the patch which i can reuse. Looks like
redhat too has its own patch.
Kindly share any pointers for the
Hi,
To find CA or not, "X509_check_ca" may be used.
Thanks,
Murugesh P.
On 3/29/17, Richard Stanek wrote:
> static bool IsCACertificate(X509* cert)
> {
> // (U) Initialize to false.
> bool bRetVal = false;
>
> BASIC_CONSTRAINTS* bsCA =
> (BASIC_CONSTRAINTS
Thank you Rich.
I was using 1.0.2.h earlier. It was using Makefile.org and then
Configure script was run to generate the Makefile. The template
available in Makefile.org was used to prepare the Makefile.
Can you please share if any thread, details on new build system, how
to use that?
Thanks,
Mu
Team,
I downloaded the openSSL 1.1.0d now and was trying to use that.
Previously I was using openSSL 1.0.2.h.
I do not see the 'Makefile.org' in the new 1.1.0d. In my application I
was using this file. Now as it is not present in 1.1.0d, could not
complete the upgrade.
Can someone explain why 'M
Hi,
I am implementing the OCSP for my application. Have a doubt on the
'certs' argument for the API "OCSP_basic_verify":
int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
Here the second argument 'certs'. I unde
24 matches
Mail list logo
