Re: [openssl-users] FIPS 140-2 X9.31 RNG transition expenses

On 12/22/2015 09:32 AM, Imran Ali wrote: > Thanks Steve, > > I was more concerned on the news that openssl may not be FIPS > compliant because of: > > 'sunsetting' older FIPS validations and the reasoning behind the > change has to do with the Random Number Generators (RNG). As of > December

[openssl-users] FIPS_check_incore_fingerprint: fingerprint does not match

Hello, I'm getting this error when call the function FIPS_mode_set(1): error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match Does anybody know how to correct it? Any tip will be very helpful,Thanks.

Re: [openssl-users] FIPS_check_incore_fingerprint: fingerprint does not match

On 23/12/2015 01:26, Marcos Bontempo wrote: Hello, I'm getting this error when call the function FIPS_mode_set(1): error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match Does anybody know how to correct it? You forgot to run the special "FIPS" linker script

Re: [openssl-users] FIPS 140-2 X9.31 RNG transition expenses

On 12/14/2015 08:23 AM, Steve Marquess wrote: > On 12/02/2015 11:16 AM, Steve Marquess wrote: >> If you don't know or care what FIPS 140-2 is, be very glad this isn't >> your problem and turn your charitable attentions to some worthy cause. >> >> The CMVP has introduced a new policy that will

Re: [openssl-users] Checking if an EVP_PKEY* contains a private key

On Mon, Dec 21, 2015 at 09:29:03PM -0800, Stephen Kou wrote: > OpenSSL has the higher-level EVP_PKEY_* functions which work abstracts > the public key cryptography algorithms. However, sometimes a EVP_PKEY* > only has a public key. How could I check if a given EVP_PKEY* contains > a private

Re: [openssl-users] undefined reference to `FIPS_mode'

Thanks for the answers! I read that it could be a ld problem. So, I executed these commands: echo '/usr/local/ssl/lib/' > fips_openssl.confsudo mv fips_openssl.conf /etc/ld.so.conf.d/.sudo ldconfig Now I get this error: error::lib(0):func(0):reason(0) Does anybody know how can I correct

Re: [openssl-users] undefined reference to `FIPS_mode'

On Mon, Dec 21, 2015 at 7:28 PM, Marcos Bontempo wrote: > I'm cross-compiling to a ARMv4 processor, the same used in the BeagleBone. > Do you know if this platform is supported? Check the OpenSSL Security Policy at

Re: [openssl-users] FIPS 140-2 X9.31 RNG transition expenses

On 12/21/2015 09:32 PM, Salz, Rich wrote: > >> Just want to confirm on this item. Are we saying that to get >> openssl back to be FIPS compliance is just a paper shuffle. If so >> is there any expected eta on it as our team is using openssl >> version for a security project and we need a fips

Re: [openssl-users] Checking if an EVP_PKEY* contains a private key

On Tue, Dec 22, 2015, Viktor Dukhovni wrote: > On Mon, Dec 21, 2015 at 09:29:03PM -0800, Stephen Kou wrote: > > > OpenSSL has the higher-level EVP_PKEY_* functions which work abstracts > > the public key cryptography algorithms. However, sometimes a EVP_PKEY* > > only has a public key. How

Re: [openssl-users] FIPS 140-2 X9.31 RNG transition expenses

Thanks Steve, I was more concerned on the news that openssl may not be FIPS compliant because of: 'sunsetting' older FIPS validations and the reasoning behind the change has to do with the Random Number Generators (RNG). As of December 31, 2015, ANSI X9.31 and X9.62 RNG's will no longer be