sing
> applications.
>
> On 08/02/2017 00:31, Mike Mohr wrote:
>
>> Have you considered using GMP as a big integer backed for openssl? It
>> has support for several arm variants using handwritten assembly code
>> and the developers go to great lengths to find optimize r
P in OpenSSL would cause problems for many OpenSSL using
> applications.
>
> On 08/02/2017 00:31, Mike Mohr wrote:
>
>> Have you considered using GMP as a big integer backed for openssl? It
>> has support for several arm variants using handwritten assembly code
>&g
Have you considered using GMP as a big integer backed for openssl? It has
support for several arm variants using handwritten assembly code and the
developers go to great lengths to find optimize runtime on all supported
platforms.
On Feb 7, 2017 2:26 PM, "Vijay Chander"
During the linking process, parts of fipscanister.o are removed (discarded)
by the linker. Also, jumps and call instructions have their operands
changed (addresses are filled in or relocation information is added) and
the machine code is fundamentally altered.
Imagine the linking process as
During the final linking stage, when the shared object is built, the
compiler is free to insert functions from compiled object files anywhere it
sees fit in the final shared object's code segment. The object file is
fundamentally transformed by this process; information which was present in
the
You'll need to rebuild your application and openssl with debugging symbols
and no optimization, then run it inside gdb to produce a more useful stack
trace. Since you don't include any context or source code snippets it isn't
really possible to help. Can you produce a reduced test case with source
Once you've written the random data to secondary storage you've permanently
compromised the integrity of any cryptographic secrets generated from it.
Depending on your threat model, underlying storage media, filesystem, and
other factors the data files may be recoverable indefinitely (especially
On Tue, Jul 21, 2015 at 9:46 PM, Salz, Rich rs...@akamai.com wrote:
Actually that isn't quite right. A properly configured and
tuned RBAC policy, when combined with PaX, can very effectively limit all
userspace activity (including root access!).
How do you know that the module is
Actually that isn't quite right. A properly configured and tuned RBAC
https://en.wikipedia.org/wiki/Grsecurity#Role-based_access_control policy,
when combined with PaX https://en.wikipedia.org/wiki/Grsecurity#PaX, can
very effectively limit all userspace activity (including root access!). It
Securing a system against this kind of attack can be done in several ways,
depending on the level of assurance you desire. You might start out with
Tripwire:
https://en.wikipedia.org/wiki/Open_Source_Tripwire
http://www.tripwire.org/
You could also implement mandatory access control and ACLs
, Mike Mohr akih...@gmail.com wrote:
The task of implementing AES should not be undertaken by a novice
programmer. Please save the world another heartbleed and pick something
more in line with your skill level.
On May 10, 2015 11:48 AM, konstantinos Alexiou
konstantinako...@gmail.com wrote
The task of implementing AES should not be undertaken by a novice
programmer. Please save the world another heartbleed and pick something
more in line with your skill level.
On May 10, 2015 11:48 AM, konstantinos Alexiou konstantinako...@gmail.com
wrote:
Dear Sirs,
I am new to C programming
Openssl does not directly support Android AFAIR. You can try some manual
changes to e.g. CC or write your own make file.
On Jun 23, 2014 11:18 AM, Abhishek Gupta abhis...@meddiff.com wrote:
Hello Users,
I am at task to compile OpenSSL 1.0.1h for android platform and link it
with an
Perhaps some on this list are better qualified than me to answer this
question, but this is my $0.02.
Generally speaking, higher-bit key lengths (than 2048) become much slower
when used on embedded hardware (even high-end smartphones). In some cases
it may be impossible to support keys longer
Please have a look at the NDK documentation. You need to extract the
toolchain using a provided script which targets the appropriate API level.
The codesourcery toolchain does not target the correct libc.
On Jun 16, 2011 9:43 AM, Nahid Alam sha...@gmail.com wrote:
Hi,
I am using OpenSSL 0.9.8k
, 2011 at 7:25 PM, Mike Mohr akih...@gmail.com wrote:
You might take a look at RFC 3526:
http://tools.ietf.org/html/rfc3526
It is my understanding that the DH exponent can be significantly
shorter than the modulus without compromising security. RFC 3526 is
from 2003, but I haven't found
IMHO openssl is unsuitable for this purpose. Openssl is really good
at what it does, don't get me wrong, but using it in a boot loader
probably isn't the easiest/smartest idea. What you really want is a
subset of PKCS#1 - that is, EMSA-PSS encoding and verification plus
RSASP1/RSAVP1. I'm
Ikuzar,
I'm not sure what software you're writing. Please understand that I'm
not trying to be mean spirited when I say this, but if you don't
already know the difference between symmetric vs public-key crypto
then you should not be writing this type of code. Stop doing it until
you have a firm
You might take a look at RFC 3526:
http://tools.ietf.org/html/rfc3526
It is my understanding that the DH exponent can be significantly
shorter than the modulus without compromising security. RFC 3526 is
from 2003, but I haven't found anything published since then that
would make me think its
ikuzar,
You cannot send the public key to a peer as-is. The DH structure
contains bignums which must be serialized prior to transmission. Do
you understand that DH is subject to a MITM attack unless the messages
are signed or encrypted somehow?
If you insist on using the low-level objects, I'd
Try checking the bit count of the structure members. The private and public
keys should be similar in size to p.
On Mar 23, 2011 10:27 AM, ikuzar razuk...@gmail.com wrote:
Hello,
I 'd like to know how to verify that DH private and public key have been
generated ?
In my DH struct, p and g had
is not NULL
I 'm wondering what happens... could you tell me more about bit counting ? I
do not understand The private and public keys should be similar in size to
p.
Thanks for your help.
2011/3/23 Mike Mohr akih...@gmail.com
Try checking the bit count of the structure members. The private
Although the generator g can be any number, it is typically 2 or 5.
In fact, this is all that OpenSSL supports (values 2 or 5 for g). The
typical situation is this:
(1) Alice and Bob generate random secret values a and b. If a or b
happen to be prime, that is fine - but they need not be.
(2)
Good afternoon,
When generating an RSA key, several components are described in the
output file. Per the RSA specification on wikipedia, I can identify
the following values:
prime1: p
prime2: q
modulus: N = p * q
publicExponent: e
privateExponent: d
What I'm not clear about is what function
, Mounir IDRASSI
mounir.idra...@idrix.net wrote:
Take a look at :
http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm
exponent1 = dp
exponent2 = dq
coefficient = qInv
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/23/2010 9:48 PM, Mike Mohr wrote:
Good afternoon
I believe you can sort of get around that requirement using a
wildcard SSL certificate (e.g. for *.domain.tld). But that only helps
you if you're running multiple subdomains for the same TLD. I think I
heard something about a change to the SSL protocol which would allow
sending of the hostname
Good afternoon,
I'm trying to understand the data format that OpenSSL writes out its
DH parameters in. I am aware that the actual data is encoded using
ASN.1 DER and have a way to parse the container. My question really
amounts to byte ordering when DH parameters are generated like this:
-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mike Mohr
Sent: Tuesday, December 14, 2010 3:42 PM
To: openssl-users@openssl.org
Subject: Using DH parameters from OpenSSL
Good afternoon,
I'm trying to understand the data format that OpenSSL writes
28 matches
Mail list logo