Hi all,
My question is basically, how many CA certificates is allowed to be send
during the server certificate stage of the SSL protocol negotiations and
do I control it (if at all)?
My clients (a mono application), is able to connect to my SSL server if
I only have 6 CA certificates in the CA
to the client and the connection succeeds everytime - nice.
Thanks for all your help
Leon
--
Leon Brits
ljbr...@fastmail.fm
On Friday, September 30, 2011 10:26 AM, Leon Brits
ljbr...@fastmail.fm wrote:
Hi all,
My question is basically, how many CA certificates is allowed to be send
I am trying to add AES-GCM mode to my code which has been working for most
other modes for quite a while now. The mode is given as a parameter and I use
it for GCM mode to switch and do special stuff such as to set the AAD and
get/set the tag for AES-GCM mode.
In the encipherment function I
Hi List,
In the FIPS security policy it states that OpenSSL supports the following modes
for AES:
128/ 192/256 ECB, CBC, OFB, CFB 1, CFB 8,
CFB 128, CTR, XTS; CCM; GCM; CMAC
generate and verify (page 12).
My library is required to support of these modes in FIPS and non-FIPS mode.
Most of them
, just like with GCM, I
did not set the IV length or the AAD, so ...
1. Should I set them for CCM to work?
2. What should the tag length be?
Regards
Leon Brits
__
OpenSSL Project http
Just want to add that I do set the data sizes before EncryptUpdate and
DecryptUpdate and mentioned in the CCM section of the OpenSSL support page.
This page does answer both my questions (appologies), but I still fail to
decrypt.
Regards,
Leon Brits
Senior Design Engineer
Parsec
Work +27 12
,
Leon Brits
Senior Design Engineer
Parsec
Work +27 12 678 9740 Cell +27 (84) 250 2855 Email le...@parsec.co.za
www.parsec.co.za/disclaimer
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Dr. Stephen Henson
Sent: 05 March 2013 08:37
interested in the solution, here it is (working with most of what I explained
in original message):
:
cc = env['CC']
env.Replace(CC = FIPSLD_CC= + cc + /usr/local/ssl/fips-2.0/bin/fipsld)
:
Thanks again for all the help and emails
Leon Brits
-Original Message-
From: owner-openssl
the EVP_SignInit/Update/Final() and
EVP_DigestSignInit/Update/Final() calls?
Info: I've noticed that one should not free the key context (EVP_PKEY_CTX)
returned from EVP_DigestSignInit() since it is deleted in the digest context
(EVP_MD_CTX). This sould be noted somewhere.
Leon Brits
Senior
of example code?
I am required to perform ECDSA and was hoping I could use EVP which is now
working for DSA and RSA (sans the padding problem).
Regards
Leon Brits
It now works, thanks for your guidance!
Leon Brits
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Dr. Stephen Henson
Sent: 15 March 2013 12:42 AM
To: openssl-dev@openssl.org
Subject: Re: RSA sign and verify
On Thu, Mar 14
? And if so what is the
'r' for then in the NIST prime and NIST binary numbers? And finally, why is
there not a NID_sect256r1, but rather a NID_X9_62_prime256v1?
Thanks again for a great mailing list
Leon Brits
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf
curve keys.
Regards,
Leon Brits
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Matt Caswell
Sent: 19 March 2013 11:48 PM
To: openssl-dev@openssl.org
Subject: Re: EVP and Elliptic curve
On 19 March 2013 10:22, Leon Brits le
is there
no secp256_r1 as well as the ANSI standard curve. In other words, why does the
ANSI curve replace it instead of being an additional curve?
Again my gratitude to the you and the list
Leon Brits
__
OpenSSL Project
, which I can add
to my code for when the client audits the code?
Regards,
Leon Brits
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Leon Brits
Sent: 20 March 2013 09:27 AM
To: openssl-dev@openssl.org
Subject: RE: EVP
is appreciated
Leon Brits
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Matt Caswell
Sent: 20 March 2013 11:11 PM
To: openssl-dev@openssl.org
Subject: Re: EVP and Elliptic curve
On 20 March 2013 07:14, Leon Brits le...@parsec.co.za
3B8KZNEjHHUrTqYBWgYRuoZta9TEINsEOaG7lt4We5/iRQcpuq8vXr8qOMssuWYa
VYvegaty02SSXB2m1wM/
-END PRIVATE KEY-
Thanks again
Leon Brits
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Matt Caswell
Sent: 22 March 2013 01:06 AM
To: openssl
the signature need to be package (no data enveloping) I think simple
PKCS7 should be sufficient - correct?
Thanks for your time
Regards,
Leon Brits
that I only pass
digests to this function?
Thanks
Leon Brits
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Leon Brits
Sent: 15 March 2013 09:18 AM
To: openssl-dev@openssl.org
Subject: RE: RSA sign and verify
It now
.
So my questions are:
1. How does the application now access the randomness (normal RAND_*
commands)?
2. In my case, what is the purpose of FIPS_drbg_reseed() and
FIPS_drbg_generate()? Should I provide a customer interface to them? Will they
need it?
Thanks for your time
Regards
Leon
to those two files or should the application rather
compile against the headers files found under the 'fips-2.0/include/openssl'
directory?
Sorry if this is trivial question, but I just do not want to compromise the
FIPSness of my setup.
Regards,
Leon Brits
-Original Message-
From: owner
strong? It still fails.
Any suggestions? (FIPS is enabled successfully)
Leon Brits
Senior Design Engineer
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Leon Brits
Sent: 14 May 2013 11:26 AM
To: openssl-dev@openssl.org
That's it! I've set the personalization size to match the value of
entropy_blocklen passed when setting up the callbacks.
Thanks
Leon Brits
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: 14 May
Hi all,
I want/need to create a PKCS12 file which contains more than one key pair and
some CA certs. As far as I understand from the spec this is possible, but the
OpenSSL API does not seem to support this, since only the CAs can be passed as
a list:
PKCS12 *PKCS12_create(char *pass, char
Hi all,
I've been (re)implementing all the ciphers we use to make use of EVP
structures. On the wiki
(http://wiki.openssl.org/index.php/EVP_Key_and_Parameter_Generation) there is
an example to use EVP_PKEY for CMAC.
I am a bit confused on the intention of this: Basically, how do I use this
can help.
Leon Brits
Senior Design Engineer
[cid:image001.jpg@01CEA24B.21A82E40]
Work +27 12 678 9740 Fax +27 12 678 9741
Cell +27 (84) 250 2855 Email le...@parsec.co.za
mailto:le...@parsec.co.zaBuilding 10, Manhattan Office Park, 16 Pieter
Street, Centurion
Disclaimer http://www.parsec.co.za
-openssl-...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: 26 August 2013 01:26 PM
To: openssl-dev@openssl.org
Subject: Re: AES-XTS problem in non-FIPS mode
On Mon, Aug 26, 2013, Leon Brits wrote:
Hi all,
I've noticed in my unit tests that, for the same code path, when I
encrypt
@openssl.org
Subject: Re: AES-XTS problem in non-FIPS mode
On Mon, Aug 26, 2013, Leon Brits wrote:
I am using a FIPS compiled OpenSSL and I switch between FIPS and non-
FIPS mode with the FIPS_mode_set() API call. The selection is made by the
application linked to my library based on its
LJB
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Leon Brits
Sent: 27 August 2013 12:08 PM
To: openssl-dev@openssl.org
Subject: RE: AES-XTS problem in non-FIPS mode
Ok, some weirdness happening here...
I've selected
]
On Behalf Of Leon Brits
Sent: 27 August 2013 02:48 PM
To: openssl-dev@openssl.org
Subject: RE: AES-XTS problem in non-FIPS mode
OK, sorry this stupid error has been resolved. There was some openssl init
code which got disabled when I disabled lines of source for FIPS mode.
The problem
Hi,
I need to perform some Known-Answer-Tests with every start-up of my system. For
this I use the NIST KAT files. However for AES-XTS, one of the files uses the
tweak value input of data unit sequence number. Can anybody help me to
understand howto use that value from the commandline. The
I also need to test CCM and GCM mode and realized that I cannot use the CLI for
that. So, I started writing a program to do the tests (wanted to avoid this).
The XTS works with the data from the one file, but I still do not understand
how to make use of the data unit sequence number - anybody!?
.
Regards
Leon Brits
Hi all,
I've used the FIPS Object Module v2.0.2 in a product which need to be FIPS
140-2 certified. One of the steps in this process is to certify the module
algorithms on our platform since it is not one of the platforms which are
covered by certificate #1747. I have all these questionnaires
Steve,
We are talking past each other - sorry for that but that is the way people like
me get to understand these things.
First of we have not changed any code of the FIPS Object Module. We simply do
not use all of the algorithms based on requirements. The application linking
the
Hi all,
I generate my DSA key pairs using the EVP API. The older API call
DSA_generate_parameters() allowed me to set the seed value.
With the EVP API this is automatically generated (it seems). Windows however
require this seed value when it exports the Public key.
So how can I get this seed
Hi all,
I've been trying to test my working code for the corner case when data arrives
which is smaller than the key size, and I am having problems. I must be making
a simple mistake, but would like some help please.
My test code simply takes an encrypted buffer and sends it piece by piece to
Hi all,
In a test I have three DH key pairs generated from the IKE groups 14,15 and 16
paramters.
When I want to derive a secret and I use the 2048 bit private key then the
derivation fails if I use the 3072 or 4096 bit public key.
But if I derive using the 3072 bit private key then I can
Thanks for your reply.
Can you provide the source for the problem that you're running into?
I cannot give the source code as it is now, but I will create a new test case
using only the OpenSSL calls I make in this situation. I will post it or report
back if I find an error.
Regards,
LJB
Thanks for your reply.
Are you, by chance, trying to derive secret from keypairs generated with
*different* parameters? This cannot possibly work, of course. Both sides
keypairs must be generated for same DH parameters.
OK, I guess the larger prime numbers of each group makes there parameters
Hi,
I have a problem with Thunderbird which works via the cryptoki to our device
which makes use of OpenSSL.
Thunderbird passes ciphertext which falls exactly on the blocksize boundary. I
translate the cryptoki DecryptUpdate() call to the OpenSSL DecryptUpdate().
OpenSSL retains the last
Steve,
As usual I do not know what I would do without you on this list.
The code had a logic error for when to en-/disable the padding depending on the
mechanism.
Thanks a mil.
LJB
__
OpenSSL Project
Hi all,
We use the OpenSSL FIPS Object Module v.2.0, but are not allowed anymore (as of
the start of this year) to submit new product for validation because the RSA
implementation is only FIPS 186-2 compliant. Based on extensive review and
research it seems to be possible to patch the RSA key
JDM,
Leon Brits wrote
I am in no way capable of writing such a patch and was hoping that
someone is willing to share.
To be more specific I need a patch that will change the key generation
from:
d = e-1 mod((p-1)(q-1))
to this:
d = e-1 mod(LCM(p-1, q-1))
We’re also pursuing
Hi all,
For a security policy, based on SP800-132 (page 8) one must state how DH
derived keys are used. Currently the secret derived between our FIPS module
(level 3) and the Computer is used as is and I state in table 5 of the security
profile option 1a of SP800-132. Looking at the latest
Hi all,
I have a PC which acts like a USB smartcard on which I have OpenSSLv1.0.1e to
simulate the smartcards crypto operations.
I use it to sign/verify/encrypt/decrypt etc. and had no problem using Windows
to login and sign/verify emails for instance. Recently I tried bitlocker and
got the
John,
Thanks for your reply.
The SP800-90B test has different types of test but the test with the lowest
output is used as the maximum entropy capability of the chip. That is how I
understand it from the FIPS lab.
For the FIPS validation, using a NDRNG, that source must feed the DRBG directly
k function?
Regards,
Leon Brits
System Engineer
Parsec
Work +27 12 678 9740 Cell +27 84 250 2855 Email le...@parsec.co.za
www.parsec.co.za/disclaimer
> -Original Message-
> From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
> Paul Dale
> Sent:
Paul,
> I probably should have mentioned this in my earlier message, but the
> exponential example is valid for the NSIT SP800-90B non-IID tests too:
> 5.74889 bits per byte of assessed entropy. Again about as good a result
> as the tests will ever produce given the ceiling of six on the output.
John,
> Let's play a guessing game. I provide a hardware-based random number
> generator of my choosing. It produces a stream of bytes. It has an
> entropy density greater than 2.35 bits per byte. This claim is consistent
> with all the usual tests, but it is also more than that; it is not
Kurt,
> -Original Message-
> From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
> Kurt Roeckx
> Sent: 30 July 2016 12:19 AM
> To: openssl-dev@openssl.org
> Subject: Re: [openssl-dev] DRBG entropy
> Have you tried running NIST's software
>
Hi all,
I have a chip (FDK RPG100) that generates randomness, but the SP800-90B python
test suite indicated that the chip only provides 2.35 bits/byte of entropy.
According to FIPS test lab the lowest value from all the tests are used as the
entropy and 2 is too low. I must however make use of
r time
LJB
> -Original Message-
> From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
> Steve Marquess
> Sent: 05 September 2016 01:33 PM
> To: openssl-dev@openssl.org
> Subject: Re: [openssl-dev] FIPS validation
>
> On 09/05/2016 02:09 AM, Leon Br
The FIPS validation company says:
"The tests I am most interested in are the failure cases, where you induce an
error in each of the power-on self-tests and conditional tests (i.e, continuous
RNG test, pairwise consistency test)."
Can anybody tell me how I can induce these errors?
I do run
Hi all,
I am task to update two machines from v0.9.8z to v1.0.2 (since it is LTS).
With the minimal changes, I've been able to get the application on the machines
to compile with the newer version and generate RSA 4096 key pairs. The
applications are able to successfully use their respective
I now have Racoon2 working. Steve's comment made me think about the digests
used in Racoon2 and I went searching for any commands using SHA1. I found two
hardcoded as string "SHA1". I changed it to SHA256 and bobs-your-uncle.
I guess this is due to the phasing-out of the SHA1 hash which was not
"
So this bring me to the next question: Is there any changes I need to make in
the OpenSSL Engine for my upgrade (0.9.8 -> 1.0.2) to be complete?
Regards,
Leon Brits
System Engineer
Mobile: +27 84 250 2855
[cid:image001.png@01D31FD4.CD5D06B0]
76 Regency Drive Route 21 Corporate Park Irene 015
07F0]
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Leon
Brits
Sent: 28 August 2017 08:08 AM
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] Upgrading OpenSSL
Thanks for the help.
I've come to learn that my problem is the HSM. It removes the RSA values p,q
and
Hi all,
I need to correct my WTF comment - RTFM RSA_size return bytes. Sorry
LJB
> evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL); #ifdef TEST RSA *rsa =
> EVP_PKEY_get1_RSA(evp); printf("\nRSA modulus: %d\n\n", RSA_size(rsa));
> #endif
>
> The output is: "RSA modulus: 512" (WTF!)
--
Hi Steve,
> Have you recompiled the application? Some structures have changed between
> OpenSSL 0.9.8 and 1.0.2 so you'll get problems with applications (or an
> ENGINE) compiled against the wrong headers.
In a build VM, both the TLS application and Racoon2 is compiled against freshly
compiled
Hi all,
I've was able to get the private key from the HSM (added below). Testing it
from the commandline shows:
% openssl rsa -noout -check -in /etc/racoon2/Local/refB.pem
RSA key ok
Next I started from the default Racoon2 source code (20100526a) with NO
patches. It now reads the private key
61 matches
Mail list logo