Ah! I had completely forgotten about this option.
Matt
On 03/11/2020 21:34, Dr Paul Dale wrote:
> Adding:
> | config_diagnostics = 1|
> At the same level as the openssl_conf line should produce more output.
>
> Pauli
> --
> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
On 03/11/2020 18:03, Tomas Mraz wrote:
> On Tue, 2020-11-03 at 15:13 +, Matt Caswell wrote:
>>
>> The reasons are a little complicated (see below) but the TL;DR
>> summary
>> is that there is an error in your config file. The ".include" line
>> should specify a config file relative to OPENSS
Adding:
config_diagnostics = 1
At the same level as the openssl_conf line should produce more output.
Pauli
--
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
Phone +61 7 3031 7217
Oracle Australia
> On 4 Nov 2020, at 4:41 am, Thomas Dwyer III wrote:
>
> On Tue, Nov
> Ah ha! This explanation makes sense to me and indeed pointed me at the real
> problem. I had recompiled OpenSSL but I forgot to update the hmac in fips.cnf
> via fipsinstall. So yes, the fips provider was failing to activate because of
> that. As soon I fixed the hmac RAND_status() started wor
On Tue, Nov 3, 2020 at 7:13 AM Matt Caswell wrote:
>
>
> On 03/11/2020 00:55, Thomas Dwyer III wrote:
> > I'm having trouble getting RAND_status() to return 1 when my openssl.cnf
> > has both the default provider and the fips provider configured at the
> > same time:
> >
> > openssl_conf
On Tue, 2020-11-03 at 15:13 +, Matt Caswell wrote:
>
> The reasons are a little complicated (see below) but the TL;DR
> summary
> is that there is an error in your config file. The ".include" line
> should specify a config file relative to OPENSSLDIR (or
> OPENSSL_CONF_INCLUDE if it is set). I
On 03/11/2020 15:13, Matt Caswell wrote:
> I've seen this error a few times now so I'm thinking that we should
> perhaps allow absolute paths. I'm not sure what the reason for
> disallowing them was.
I raised this issue about this:
https://github.com/openssl/openssl/issues/13302
> We really s
On 03/11/2020 00:55, Thomas Dwyer III wrote:
> I'm having trouble getting RAND_status() to return 1 when my openssl.cnf
> has both the default provider and the fips provider configured at the
> same time:
>
> openssl_conf = openssl_init
>
> [openssl_init]
> providers =
On embedded systems you must always consider where you can collect
'entropy' from. This is highly dependent on your hardware. Haven't
worked with vxWorks before, but given your description, the generic
rule for [embedded] systems applies here as well.
Feed OpenSSL 'sufficient' entropy using RAND_a
Hello,
> OpenSSL 0.9.8a Non-FIPs PRNG:
>
> I am trying to determine if the PRNG does a Continuous Random Number
> Generator Test (CRNGT). I looked in crypto/rand/md_rand.c but I do not see
> specifically a CRNGT?
No, but you may test PRNG with FIPS140-1 tests
with crypto/rand/randtest.c
Best reg
On Thu, Nov 14, 2002 at 08:01:49PM +, Manoj Kithany wrote:
> I am using IBM AIX System and DO NOT have /dev/random device.
> How do I set random pool to /dev/random? Also, on my IBM AIX box I have
> installed EGD /var/run/egd-pool
>
> Any related info?
Hmm. The FAQ!?
For the OpenSSL command
On Fri, 1 Nov 2002 [EMAIL PROTECTED] wrote:
> More better is package 112438-x from sunsolve.sun.com - it adds /dev/random
> Or ANDIrand package from www.sunfreeware.com (I think).- the same, better
> then SUN package I think.
Sure, but this was specified in the original post:
> > I am using IBM
Hi,
I would like to ask one more question in connection to this one.
How would you gather randomness or entryopy on a system that doesn't have
any /dev/egd-pool or /dev/urandom or /dev/random.
What cn be good sources of randomness and how do I know how much randomness is
required?
Regards
Sura
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: PRNG not seeded ERROR
Hi Mr. Erwann:
THANKS for your reply.
I checked the url before I posted my query to this List. I am bit
confused - should I need to install EGD or PRNG? I checked my IBM
Server and could'nt find /dev/rando
Thanks Erwann:
I checked my System and have installed PRNG. I checked it by using:
# ps -ef | grep prng
root 47354 6518 0 14:13:01 - 0:03 /opt/freeware/sbin/prngd
On Thu, 31 Oct 2002, Manoj Kithany wrote:
> THANKS for your reply.
> I checked the url before I posted my query to this List. I am bit
Sorry if I offended you. You didn't specify in your first post that you
checked the URL, and since this question is in the FAQ, that means it is
asked a *lot* of
Hi Mr. Erwann:
THANKS for your reply.
I checked the url before I posted my query to this List. I am bit
confused - should I need to install EGD or PRNG? I checked my IBM
Server and could'nt find /dev/random?
Can you/anyone please help?
THANKS!
Manoj G. Kithany
>>> [EMAIL PROTECTED] 10
On Thu, 31 Oct 2002, Manoj Kithany wrote:
> I installing OPENSSL and when running I get following ERROR - wonder
> why:
> --
> # ./openssl req -new -nodes -keyout private.key -out public.csr
> Using configuration from /usr/loc
>From: Boyle Owen
>After upgrading to openSSL-0.9.6g and reinstalling
>openssh_3.4p1, I can't get ssh or sshd to work. As soon as I
>try to start the sshd daemon or an ssh session, I immediately
>get the command line error "PRNG is not seeded".
Thanks Lutz, for helping out - your tips really
On Wed, Aug 14, 2002 at 02:24:15PM +0200, Boyle Owen wrote:
> So, it looks like the newly installed ssh is trying to get its entropy from
>/dev/urandom instead of prngd. That would explain the "not seeded" error.
>Incidentally, apache/mod_ssl is working fine with this prngd so, indeed, the probl
>From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
>> After upgrading to openSSL-0.9.6g and reinstalling
>openssh_3.4p1, I can't get ssh or sshd to work. As soon as I
>try to start the sshd daemon or an ssh session, I immediately
>get the command line error "PRNG is not seeded".
>I doubt that you
On Wed, Aug 14, 2002 at 11:42:51AM +0200, Boyle Owen wrote:
> Hi,
>
> After upgrading to openSSL-0.9.6g and reinstalling openssh_3.4p1, I can't get ssh or
>sshd to work. As soon as I try to start the sshd daemon or an ssh session, I
>immediately get the command line error "PRNG is not seeded".
To: [EMAIL PROTECTED]
Subject: Re: PRNG not seeded
[EMAIL PROTECTED] wrote:
>Dear Sir,
>
>I have installed OPENSSL on OSF1 V4.0 (Digital Unix) and I am trying to
>run the demos/bio programs saccept and sconnect.
>
>I run saccept localhost:8900 and all is fine.
>
>When I run scon
[EMAIL PROTECTED] wrote:
>Dear Sir,
>
>I have installed OPENSSL on OSF1 V4.0 (Digital Unix) and I am trying to
>run the demos/bio programs saccept and sconnect.
>
>I run saccept localhost:8900 and all is fine.
>
>When I run sconnect localhost:8900, I receive the following message:
>
>SSLEAY_RAND_
Get EGD or PRNGd from:
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
And call RAND_egd("/var/run/egd-pool");
before you try to use any crypt or ssl routines ...
Obviously /var/run/egd-pool may vary depending on where
you initialize the egd socket from egd or prngd
Pers
Title: RE: PRNG problems on Solaris 7 sparc
/dev/random ->found at: http://www.cosy.sbg.ac.at/~andi/
for solaris...
-Original Message-
From: Shea Janet B CRBE [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 30, 2001 9:39 AM
To: 'Michael S. Tan'; '[EMAIL PROTE
I finally got the RSA key generated! From there, I was finally able to create my PKI
certificate request, which was submitted this morning.
I have tried lots of variations in trying to get to this point. Among the things I
tried was using the openssl package from Sunfreeware.com, using differen
Title: RE: PRNG problems on Solaris 7 sparc
Creed Millman can no longer be reached at cmillman@chrysalis-its. Please remove Creed's name from the mailing list.
Thank you.
-Original Message-
From: Yozo TODA [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 27, 2001 3:46
> # openssl genrsa -des3 -out server.key 1024
> warning, not much extra random data, consider using the -rand option
how about adding -rand option? e.g.,
openssl genrsa -des3 -out server.key -rand /dev/random 1024
openssl rand(1) manpage may be informative for you.
-- yozo.
On Fri, Apr 06, 2001 at 11:34:48AM -0400, [EMAIL PROTECTED] wrote:
>
> Something like this may help you out:
>
> rand_buf = "0123456789ABCDEF0";
> RAND_seed(rand_buf, 17);
> /* One or the other will do */
> RAND_add(rand_buf, 17, 17);
First: fortunately it would not help out, si
> Something like this may help you out:
>
> rand_buf = "0123456789ABCDEF0";
> RAND_seed(rand_buf, 17);
> /* One or the other will do */
> RAND_add(rand_buf, 17, 17);
Seeding with a static stream is as worthless as no seeding at all.
Try using something *random* for your RAND_se
Something like this may help you out:
rand_buf = "0123456789ABCDEF0";
RAND_seed(rand_buf, 17);
/* One or the other will do */
RAND_add(rand_buf, 17, 17);
"De Closmadeuc, Etienne" <[EMAIL PROTECTED]> on 04/06/2001 03:48:28
AM
Please respond to [EMAIL PROTECTED]
To: opens
What about the error message "You need to read the OpenSSL FAQ,
http://www.openssl.org/support/faq.html " didn't you understand? The specified
FAQ includes a lengthy dissertation about what the problem is and what you can
do to fix the problem.
J. Edward Ellis
Battelle, Pacific Northwest Nation
SUNWski package is included in these patches, available at:
http://www.freeware4sun.com/patches/2.6/index.html
106754-01, 106755-01, 106756-01
Nils Lofstedt
Michael Sierchio wrote:
> Paul Allen wrote:
> > The SUNWski package works fine on Solaris 8. Really. It doesn't
> > complain at instal
Paul Allen wrote:
> The Sun Web Server patch that contains SUNWski is on the SunSolve web
> site. You need a current Sun software maintenance contract in order
> to get a SunSolve account. My favorite entry into SunSolve is:
>
> http://sunsolve.sun.com/private-cgi/search.pl?mode=advanced
>
Michael Sierchio wrote:
>
> Paul Allen wrote:
> > The SUNWski package works fine on Solaris 8. Really. It doesn't
> > complain at install time, and it works fine.
>
> Just for grins, could you post a definitive URL for the patch? The
> only pages I found listed it as a subscription-only patch
Paul Allen wrote:
> The SUNWski package works fine on Solaris 8. Really. It doesn't
> complain at install time, and it works fine.
Just for grins, could you post a definitive URL for the patch? The
only pages I found listed it as a subscription-only patch...
Thanks.
__
"Billigmeier, Chad" wrote:
>
> Sun doesn't seem to have any random number generator in /dev ??? Do I need
> to apply a patch?
>
> I did see the SUNWski patch but that seems to apply only to solaris < 2.6
>
> The PRNG not seeded message appears while attempting to make certificate for
> apache-s
On Thu, Mar 16, 2000 at 05:27:51PM +, Richard Hopkins wrote:
> Where I'm now having problems, though, is with stunnel (3.8). When I try to
> start it up, I get...
>
> dire# /usr/local/sbin/stunnel -f -D7 -d 636 -r 389
> LOG7[5786:1]: Service name to be used: 389
> LOG7[5786:1]: Generating 5
39 matches
Mail list logo
