ly applies to 1.0.2 builds currently.
FIPS is on the project plan for 1.1 but it isn't available at the moment. The
US government is forbidden to purchase any product that contains cryptographic
operations unless the product has a FIPS validation. No FIPS, no sale.
Pauli
--
Oracle
Dr
interface so it could provide
FIPS capability but I understand that other possibilities are again under
consideration.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
--
openssl-dev mailing list
To unsubsc
, the other to request entropy. The first can be
whitened or produced by a DRBG etc, the second also returns an estimate as to
the quality. Essentially the difference between RDRAND and RDSEED.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031
the bits you already have.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Cory asked:
> When you say “the linked article”, do you mean the PCWorld one?
My apologies I meant the one Ted referred to soon after.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
-Original Message-
Fro
ic
material is generated on first boot out of the factory. I've even seen some
cases where this was done during the factory test.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
--
openssl-dev mailing list
To unsubscribe: https:/
Ben wrote:
> On 06/27/2017 07:24 PM, Paul Dale wrote:
>> The hierarchy of RNGs will overcome some of the
>> performance concerns. Only the root needs to call getrandom().
>> I do agree that having a DRBG at the root level is a good idea though.
> Just to check my
The hierarchy of RNGs will overcome some of the performance concerns. Only the
root needs to call getrandom().
I do agree that having a DRBG at the root level is a good idea though.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031
to seed /dev/random a couple of times now. It isn't ideal but it is better
than nothing.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
From: Paul Dale
Sent: Thursday, 6 April 2017 3:40 PM
To: openssl-dev@openssl.org
Subject: [openssl-dev] Code Health Tuesday - test modernisation
Next week on the 11th of A
A quick reminder that tomorrow is _test update_ Code Health Tuesday.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
From: Paul Dale
Sent: Thursday, 6 April 2017 3:40 PM
To: openssl-dev@openssl.org
Subject: [openssl
provements to the infrastructure?
A: Sure thing, post them here too.
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
res as passes.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
algorithms but I haven't looked
too deeply.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
-Original Message-
From: Salz, Rich [mailto:rs...@akamai.com]
Sent: Wednesday, 28 September 2016 2:26 AM
To: openssl-dev@openssl
. There is still zero
actual entropy in the data. The tests have massively over estimated.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
-Original Message-
From: Kurt Roeckx [mailto:k...@roeckx.be]
Sent: Friday, 29 July
even ½ bit per byte. The
lower you go the more likely you are to be getting the entropy you want. The
trade-off is the time for the hardware to generate the data and for the
processor to hash it together.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryp
If one of the allocation calls succeeds and the other fails, the patched code
will leak memory.
It needs something along the lines of:
if (order != NULL) BN_clear_free(order);
if (d != NULL) BN_clear_free(d);
in the failure case code.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network
never reseeded -- those 32 bytes are all the entropy
it will ever get.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
___
openssl-dev mailing list
To unsubscribe: https://mta.
on the target platforms to see
the difference.
Thanks against for the insights,
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
On Wed, 9 Dec 2015 03:27:51 AM Nico Williams wrote:
> On Wed, Dec 09, 2015 at 02:33:46AM -060
gt; someone might start using it. That someone might be me. So that seems
> like a good question to ask: is OpenPA's license compatible with
> OpenSSL's? For inclusion into OpenSSL's tree, or for use by OpenSSL?
>
> Nico
>
--
Oracle
Dr Paul Dale
of course.
Pauli
On Tue, 8 Dec 2015 10:01:20 PM Nico Williams wrote:
> On Wed, Dec 09, 2015 at 09:27:16AM +1000, Paul Dale wrote:
> > It will be possible to support atomics in such a way that there is no
> > performance penalty for machines without them or for single threaded
> &g
\
+ CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+# endif
# endif
# else
# define CRYPTO_w_lock(a)
This should never be applied, it breaks things and is quick and ugly.
Regards,
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
per
reference count would likely save a an amount of blocking -- is this a suitable
use for dynamic locks?
I also submitted a bug report and fix recently [openssl.org #4135] to do with
threading, which will hopefully get included eventually.
Regards,
Pauli
--
Oracle
Dr Paul Dale
Thanks for the quick reply. That patch looks much improved on this front.
We'll wait for the changes and then retest performance.
Thanks again,
Pauli
On Mon, 23 Nov 2015 10:18:27 PM Matt Caswell wrote:
>
> On 23/11/15 21:56, Paul Dale wrote:
> > Somewhat tangenti
24 matches
Mail list logo