Re: [openssl-dev] Speck Cipher Integration with OpenSSL

ly applies to 1.0.2 builds currently. FIPS is on the project plan for 1.1 but it isn't available at the moment. The US government is forbidden to purchase any product that contains cryptographic operations unless the product has a FIPS validation. No FIPS, no sale. Pauli -- Oracle Dr

[openssl-dev] FIPS module for 1.1.x ?

interface so it could provide FIPS capability but I understand that other possibilities are again under consideration. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To unsubsc

Re: [openssl-dev] Plea for a new public OpenSSL RNG API

, the other to request entropy. The first can be whitened or produced by a DRBG etc, the second also returns an estimate as to the quality. Essentially the difference between RDRAND and RDSEED. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031

Re: [openssl-dev] Work on a new RNG for OpenSSL

the bits you already have. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Work on a new RNG for OpenSSL

Cory asked: > When you say “the linked article”, do you mean the PCWorld one? My apologies I meant the one Ted referred to soon after. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- Fro

Re: [openssl-dev] Work on a new RNG for OpenSSL

ic material is generated on first boot out of the factory. I've even seen some cases where this was done during the factory test. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To unsubscribe: https:/

Re: [openssl-dev] Work on a new RNG for OpenSSL

Ben wrote: > On 06/27/2017 07:24 PM, Paul Dale wrote: >> The hierarchy of RNGs will overcome some of the >> performance concerns. Only the root needs to call getrandom(). >> I do agree that having a DRBG at the root level is a good idea though. > Just to check my

Re: [openssl-dev] Work on a new RNG for OpenSSL

The hierarchy of RNGs will overcome some of the performance concerns.  Only the root needs to call getrandom(). I do agree that having a DRBG at the root level is a good idea though.   Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031

Re: [openssl-dev] Work on a new RNG for OpenSSL

to seed /dev/random a couple of times now. It isn't ideal but it is better than nothing. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Code Health Tuesday - summary

-- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Paul Dale Sent: Thursday, 6 April 2017 3:40 PM To: openssl-dev@openssl.org Subject: [openssl-dev] Code Health Tuesday - test modernisation Next week on the 11th of A

Re: [openssl-dev] Code Health Tuesday - test modernisation

A quick reminder that tomorrow is _test update_ Code Health Tuesday. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Paul Dale Sent: Thursday, 6 April 2017 3:40 PM To: openssl-dev@openssl.org Subject: [openssl

[openssl-dev] Code Health Tuesday - test modernisation

provements to the infrastructure? A: Sure thing, post them here too. -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Test framework improvements

res as passes. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] About Chinese crypto-algorithms

algorithms but I haven't looked too deeply. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Salz, Rich [mailto:rs...@akamai.com] Sent: Wednesday, 28 September 2016 2:26 AM To: openssl-dev@openssl

Re: [openssl-dev] DRBG entropy

. There is still zero actual entropy in the data. The tests have massively over estimated. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Kurt Roeckx [mailto:k...@roeckx.be] Sent: Friday, 29 July

Re: [openssl-dev] DRBG entropy

even ½ bit per byte. The lower you go the more likely you are to be getting the entropy you want. The trade-off is the time for the hardware to generate the data and for the processor to hash it together. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryp

Re: [openssl-dev] [openssl.org #4386] [PATCH] Add sanity checks for BN_new() in OpenSSL-1.0.2g

If one of the allocation calls succeeds and the other fails, the patched code will leak memory. It needs something along the lines of: if (order != NULL) BN_clear_free(order); if (d != NULL) BN_clear_free(d); in the failure case code. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network

Re: [openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

never reseeded -- those 32 bytes are all the entropy it will ever get. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia ___ openssl-dev mailing list To unsubscribe: https://mta.

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

on the target platforms to see the difference. Thanks against for the insights, Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia On Wed, 9 Dec 2015 03:27:51 AM Nico Williams wrote: > On Wed, Dec 09, 2015 at 02:33:46AM -060

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

gt; someone might start using it. That someone might be me. So that seems > like a good question to ask: is OpenPA's license compatible with > OpenSSL's? For inclusion into OpenSSL's tree, or for use by OpenSSL? > > Nico > -- Oracle Dr Paul Dale

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

of course. Pauli On Tue, 8 Dec 2015 10:01:20 PM Nico Williams wrote: > On Wed, Dec 09, 2015 at 09:27:16AM +1000, Paul Dale wrote: > > It will be possible to support atomics in such a way that there is no > > performance penalty for machines without them or for single threaded > &g

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

\ + CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) +# endif # endif # else # define CRYPTO_w_lock(a) This should never be applied, it breaks things and is quick and ugly. Regards, Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

per reference count would likely save a an amount of blocking -- is this a suitable use for dynamic locks? I also submitted a bug report and fix recently [openssl.org #4135] to do with threading, which will hopefully get included eventually. Regards, Pauli -- Oracle Dr Paul Dale

Re: [openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread

Thanks for the quick reply. That patch looks much improved on this front. We'll wait for the changes and then retest performance. Thanks again, Pauli On Mon, 23 Nov 2015 10:18:27 PM Matt Caswell wrote: > > On 23/11/15 21:56, Paul Dale wrote: > > Somewhat tangenti