Hi All,
I am trying to cross compile OpenSSL FIPS module for linux-mips architecture
(there is no direct support for the same).
On building my test application using fipsld,
$CC fips_mode.c -o fips_mode.exe -L ../openssl-1.0.1e -ldl -lcrypto
where CC = ../fips/bin/fipsld
I get the error : ELF6
Hi All,
I am trying to cross compile OpenSSL FIPS module for linux-mips architecture
(there is no direct support for the same).
On building my test application using fipsld,
$CC fips_mode.c -o fips_mode.exe -L ../openssl-1.0.1e -ldl -lcrypto
where CC = ../fips/bin/fipsld
I get the error :
Hi All,
During linking my application with the OpenSSL FIPs, fipsld is invoked to embed
the digest and during runtime it is calculated and verified during
FIPS_mode_set.
Can you help me to understand if digest is calculated only for fipscanister
module or the entire application code?
My obser
We do the below for this operation:
1>How we convert public part of 'EVP_PKEY' structure to 'unsigned char*
//Extract a public key from a PKEY struct.
ec_copy_public(EVP_PKEY *pKey, uint8_t *keybuf)
EC_KEY*pEcKey;
uint8_t encoded_key[MAX_KEYLEN_X962];
uint8_t
Hi,
If we check the DRBG specifications -
http://csrc.nist.gov/groups/STM/cavp/documents/drbg/DRBGVS.pdf
For cases with prediction resistance enabled, each trial consists of the
following functions called in sequence:
(1) instantiate drbg
(2) generate ReturnedBitsLen random bits, do not print
Hi,
If we check the DRBG specifications -
http://csrc.nist.gov/groups/STM/cavp/documents/drbg/DRBGVS.pdf
For cases with prediction
resistance enabled, each trial consists of the following
functions called in sequence:
(1) instantiate drbg
(2)
generate ReturnedBitsLen random bits,
Hi All,
I am trying to test the FIPS ECDH support present in OpenSSL i.e trying to run
the fips_ecdhvs.c test.
The test vectors " ECC CDH Primitive Test Vectors" from NIST website have been
downloaded - http://csrc.nist.gov/groups/STM/cavp/#09 and given as the input.
The test passes for the ve
Hi All,
What is the reason that the DRBG random generation function- fips_drbg_bytes
does not consider prediction resistance as input?
Inside fips_drbg_bytes
rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen); //prediction
resistance disabled
And as a result the entropy generation ca
Hi All,
For our solution to be compliant to RFC 5280:
a> What are options to be specified to OpenSSL "req" command during the
creation of CSR?
b> What are options to be specified to OpenSSL "verify" command to validate a
certificate?
Does OpenSSL claim to be compliant to RFC 5280?
thanks,
Ba
Hi All,
In OpenSSL 1.1.1 version, we were using RAND_DRBG for random number generation.
Using "RAND_DRBG_set_callbacks", we were able to call into our custom API for
entropy and nonce generation.
How can this be achieved with EVP_RAND implementation i.e. does it allow
entropy to be provided?
Hi All,
We build the "crypto" code in OpenSSL to generate "libcrypto.a" for MIPs
platform.
Our application links statically with "libcrypto.a" and uses the OpenSSL crypto
API's accordingly.
With this compilation model, will it be feasible to integrate with the FIPs
object module in OpenSSL 3.
Hi All,
This is a basic question regarding FIPs algorithm code in OpenSSL 3.0, can you
kindly let me know:
1> Can you please help to understand the differences in the FIPs algorithm
implementation code vs default?
Are there additional validations performed in FIPs code?
Can you po
Hi All,
Can you kindly help me with this error while running the below program that
tries to load the configuration which has the FIPs provider?
The program is built on build machine and to be run on linux MIPS platform and
below error is seen:
#include
main () {
OSSL_LIB_CTX *libctx
nment/config variables.
Pauli
On 24/3/21 4:14 pm, Bala Duvvuri via openssl-users wrote:
Hi All,In OpenSSL 1.1.1 version, we were using RAND_DRBG for random number
generation.Using "RAND_DRBG_set_callbacks", we were able to call into our
custom API for entropy and nonce gene
Thank you for all the help, got this working.
Thanks
Bala
On Thursday, 15 April, 2021, 04:02:10 am IST, Dr Paul Dale
wrote:
Comments inline.
Pauli
On 15/4/21 12:09 am, Bala Duvvuri wrote:
HI Paul,
Thanks a lot for your response, thank you for pointing to
/providers
Hi All,
We are using OpenSSl version 1.1.1d in our program and crash is being seen in
"OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification
API. Since crash is not seen always, trying to understand from OpenSSL code,
when can this occur?
Below is the bt of the crash
#0
Hi All,
We are using OpenSSl version 1.1.1d in our program and crash is being seen in
"OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification
API. Since crash is not seen always, trying to understand from OpenSSL code,
when can this occur?
Below is the bt of the crash
#0
wrote:
> On 16 Aug 2021, at 5:58 am, Bala Duvvuri via openssl-users
> wrote:
>
> We are using OpenSSl version 1.1.1d in our program and crash is being seen in
> "OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification
> API. Since crash
Hi All,
Can you please help to understand the use of the callback function that can be
set during key generation?
1> For ex: In the OpenSSL 3.0 code, the callback "genrsa_cb" is defined in the
file "apps/genrsa.c" :
What exactly is being done in this callback function? What does
EVP_PKE
19 matches
Mail list logo
