Hi,
I'm using the fips approved OpenSSL to do AES encryption in ISDN, therefore,
I need to use the fips_128_AES_OFB function.
If I understand correctly this function works on a 128bit (16 byte) block,
so if I want to use it on larger blocks I need to call it in a loop.
This is different from the
Could you some one explain me the steps for dynamic linking of openssl
fips libraries into my application?
I have generated following openssl and fips modules
ssleay32.dll
libeay32.dll
ssleay32.lib
libeay32.lib
fipscanister.lib
I am trying to execute my application with openssl
Hi,
I've been able to build and install the FIPS object Module from the
source. However, when trying to build the OpenSSl distribution
(openssl-0.9.8i) with the FIPS object mobile with the following command
(according to the user guide):
perl Configure VC-WIN32 fips
OpenSSL 0.9.8i does not have the fips code in it. Currently, one must
download one of the snapshots from ftp://ftp.openssl.org/snapshot/
(one of the openssl-0.9.8-stable-SNAP-*.tar.gz files) to build a
library that can use the FIPS canister.
The last word from Dr. Henson is that 0.9.8j is
Hi All,
I am using Microst Live Communication server 2005 as server for Mutual TLS
authentication with a SIP phone.(Polycom SoundPoint IP 650 as client)
I installed client certificates(generated using Microsot LCS CA) on my
client .
During Mutual TLS authentication, immediately after the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [07-Jan-2009]
Incorrect checks for malformed signatures
- ---
Several functions inside OpenSSL incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8j released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8j of our open source
I have the same problem with my client Openssl application. The server
side is MS IIS. And all other parties use Microsoft based clients and
have no such problems.
It seems that a client side is a source of trouble not a server side.
Suggestions from anyone are welcome.
Hi,
I have an SSL
Dear all:
I have just implemented an RSA signature using openssl. What I observe
is that signing the same data (a SHA-256 hash) multiple times with the
same RSA key always yields the same signature. I thought the data to
be signed would be padded with random bits to avoid this. My search on
the
On January 6, 2009 12:20:47 pm Richard Lichvar wrote:
A newbieto OpenSSL here. (Mainly used to using 3rd party authorities.)
Not very good at command line stuff either.
1. Cert request generated from IIS 6 but it is against the default
website with .txt extension. Can a cert be
Hi,
RSA_sign only supports PKCS# 1 v1.5 padding which always gives the same
output for the same input data.
If you want to perfom a digital signature with PSS padding, you have to
pad the data yourself by calling RSA_padding_add_PKCS1_PSS and then call
RSA_private_encrypt on the padded output
On Wed, Jan 07, 2009 at 02:17:09PM +0100, Dr. Stephen Henson wrote:
Several functions inside OpenSSL incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing a malformed signature
to be treated as a good signature rather than as an error. This issue
affected the
On Wed, Jan 07, 2009, Victor Duchovni wrote:
This is not very clear to me. Which signatures are poorly verified:
1. The server's signature on SSL/TLS protocol messages that must
be signed under the server's private key (corresponding to the
private key in its certificate)?
Hello,
I've recently come across a problem with openssl versions over 0.9.7a. I
have a network of approximately 100 servers using curl to access
different websites. Some of the servers are using openssl 0.9.7a and
some are using 0.9.8b. We recently encountered a problem accessing some
sites
Don't know about FIPS, but this one should do it:
snipped from code / header file aes.h:
/* The input and output encrypted as though 128bit ofb mode is being
* used. The extra state information to record how much of the
* 128bit block we have used is contained in *num;
*/
void
a 'grep MODULE_PATH' produces zero results (0.9.9 CVS head), which
leads to the thought this one will be unused throughout OPENSSL. To
load a particular engine, its path is specified using -pre
SO_PATH:path-to-engine.so.
So first test would be to see if you still have a working system
without
On Wed, Jan 07, 2009, a_l t wrote:
Hi,
I'm using the fips approved OpenSSL to do AES encryption in ISDN, therefore,
I need to use the fips_128_AES_OFB function.
If I understand correctly this function works on a 128bit (16 byte) block,
so if I want to use it on larger blocks I need to call
Does the release of 0.9.8j also include the FIPS module support?
(i.e., is this a bug-fix only release, or does this include what you
have been working on for the past few months as well?)
-Kyle H
On Wed, Jan 7, 2009 at 4:10 AM, Dr. Stephen Henson st...@openssl.org wrote:
-BEGIN PGP SIGNED
Does the release of 0.9.8j also include the FIPS module support?
do you mean anything other than this?
http://www.mail-archive.com/openssl-users@openssl.org/msg55535.html
This is the first full release of OpenSSL that can link against the
validated FIPS module version 1.2
This actually addresses both the questions. In the distant past some
applications encoded certificate requests incorrectly and/or required an
incorrect encoding. That is there to tolerate and/or generate such stuff.
thanks.
_
I got the notice of the release several hours after the security
advisory. Not sure what happened, but I've since received it.
Thank you, Dr Henson and everyone who works on OpenSSL!
-Kyle H
On Wed, Jan 7, 2009 at 5:23 PM, Giang Nguyen cau...@hotmail.com wrote:
Does the release of 0.9.8j
Specifically, what versions of the MS operating system are you running
on the servers?
-Kyle H
On Wed, Jan 7, 2009 at 4:44 AM, Andrey Koltsov kolt...@cyberplat.com wrote:
I have the same problem with my client Openssl application. The server side
is MS IIS. And all other parties use Microsoft
Kyle Hamilton wrote:
I got the notice of the release several hours after the security
advisory. Not sure what happened, but I've since received it.
Thank you, Dr Henson and everyone who works on OpenSSL!
-Kyle H
On Wed, Jan 7, 2009 at 5:23 PM, Giang Nguyen cau...@hotmail.com wrote:
Does the
On Wed, Jan 07, 2009 at 07:46:59PM -0700, Thomas J. Hruska wrote:
I forgot to ask earlier today, but does the security vulnerability
affect 0.9.7m?
Yes, but only in the unlikely case that you operate clients that establish
authenticated sessions with servers that use DSA certificates. This
Does any one have an idea of how to reduce the size of openSSL package.
As the package contain lot of things which r not used in my project.
please reply
--
View this message in context:
http://www.nabble.com/reducing-the-size-of-openssl-package-tp21330938p21330938.html
Sent from the OpenSSL
I am trying to enable fips mode through OPENSSL_config and it is
failing. Could you any one throw more light on this? I am running on
windows 32 bit and using VC++ SP6.
Openssl.conf file
FIPS_conf = FIPS_options
[ FIPS_options ]
fips_mode = yes
Program
int main(){
I'm building fips 1.2 on OSX,
uname -a
Darwin pb.local 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24
17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh
Config,
cd /usr/local/src/openssl-fips-1.2
./config fipscanisterbuild
completes without an apparent hitch.
Does the release of 0.9.8j also include the FIPS module support?
(i.e., is this a bug-fix only release, or does this include what you
have been working on for the past few months as well?)
The actual 0.9.8j release announcement stated:
This is the first full release of OpenSSL that can link
I have an application that calls SSL_CTX_load_verify_locations on a single
file that contains multiple CA certificates. It then calls
SSL_load_client_CA_file on this file to extract the CA subject names.
Finally, it calls SSL_CTX_set_client_CA_list to set the list of CA subject
names that
Hello all:
I want to build a client process to connect the Tomcat (Web server) with
the SSL connection.
Now, I can find the sample () ,which describe the single direction
authentication in OpenSSL demo. But, I want to implement the bidirectional
authentication ,that is not only the client
I just want to know how to implement the bidirectional handshake process.
Thank you
Lampa
--
View this message in context:
http://www.nabble.com/SSL-authentication-sample-tp21346740p21346755.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
31 matches
Mail list logo