FIPS compatible openssl test fails on MACOSx

2014-03-14 Thread ajay.sonawane
I'm trying to build openssl on 64-bit Mac v10.6.8. I've built FIPS 2.0 successfully and ran test with no issues. but while building openssl, some fingerprint tests failed. Here is the procedure that I followed : ./Configure darwin64-x86_64-cc fips

Need understanding on certutil output.

2014-03-14 Thread Mithun Kumar
What is the difference between these two formats Below is the ASN output using certuil tool. *Cert1:-* 0618:30 0d ; SEQUENCE (d Bytes) 061a:| 06 09 ; OBJECT_ID (9 Bytes) 061c:| | 2a 86 48 86 f7 0d 01 01 05 | | ; 1.2.840.113549.1.1.5 sha1RSA 0625:| 05 00 ;

RE: Need understanding on certutil output.

2014-03-14 Thread Carl Young
From what I remember offhand, the former: 03 81 81 00 is 03 Bit string 81 Length of contents = 1 byte; the top-bit is set to signify that there are more than 127 octets of content 81 the bit string uses 0x81 octets - 129 - corresponds to a 1024 bit key extended to 129 octets to stop number

Re: Need understanding on certutil output.

2014-03-14 Thread Viktor Dukhovni
On Fri, Mar 14, 2014 at 06:18:49PM +0530, Mithun Kumar wrote: What is the difference between these two formats The first contains a 1024 bit RSA-SHA1 public key, the second a 2048-bit key. Below is the ASN output using certuil tool. *Cert1:-* 0618:30 0d ; SEQUENCE (d Bytes) 061a:

Re: Need understanding on certutil output.

2014-03-14 Thread Mithun Kumar
Hello Viktor, Thanks for the reply. Is there any limitations with Key Size? When cert 2 is received by the client from the server. I get a incorrect tag length error ? Currently i am using Openssl Version 0.9.8. Same cert(Cert2) works correctly for v1.0.0.d -Thanks mithun On Fri, Mar 14,

0.9.8 RSA 2048, was Re: Need understanding on certutil output.

2014-03-14 Thread Dave Thompson
OpenSSL has long limited RSA key moduli to 16384 bits, far more than 2048. It also has limits on other kinds of keys; if you meant to ask about them, be specific. Do you really mean 0.9.8 with no suffix? Vanilla or patched? The oldest and newest 0.9.8 versions I have installed (g and x)