I'm having trouble duplicating the decryption in Crypto++. I suspect
the problem is with the Key and IV dervied in EVP_KeyToBytes.
Found it... I was overwriting the existing IV with the IV produced in
EVP_KeyToBytes.
For those interested, the call of interest is in PEM_ASN1_write_bio
(from
Hi,
Is there any official information (weather its conformed, if yes then
avilable patches..etc) avilable on this vulnarability.
Qustion based on refrences below.
http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15401.html
may helps below,
https://www.mail-archive.com/openssl-users@openssl.org/msg31570.html
Depends what you want to achive with openssl, good to start with its
online documents.
-
Saurabh Pandya
On 7/14/14, Kay Shamsa kay.sha...@jci.com wrote:
Hi;
Can anybody please specify how I can use Open SSL
On Wed, Jul 16, 2014 at 4:36 AM, Saurabh Pandya
er.saurabhpan...@gmail.com wrote:
Hi,
Is there any official information (weather its conformed, if yes then
avilable patches..etc) avilable on this vulnarability.
https://www.openssl.org/news/vulnerabilities.html
On 07/15/2014 09:38 AM, Sadhana wrote:
Hello All,
I have a requirement to make Openssh FIPS compliant. It would be really
helpful, if you could answer the
below question and correct me if I am wrong.
I also understand there is a module called as fipscanister.o is introduced
in Openssl.
On 15/07/14 15:05, Dr. Stephen Henson wrote:
On Mon, Jul 14, 2014, Martin Basti wrote:
Hi list,
I have RSA encrypted private key as byte sequence, and I need to
export it as ASN.1 type EncryptedPrivateKeyInfo (RFC5958 section 3.)
Currently I use the following code (shortened):
unsigned char
According to this wiki page:
http://wiki.openssl.org/index.php/FIPS_mode_and_TLS
When in FIPS mode, SHA1 signatures can not be used when
using the TLS 1.2 protocol:
If that wasn't enough there's another complication. For TLS v1.2 you have to
restrict the supported signature algorithms to
Thanks Steve.
Is there a standard documentation, which says these are FIPS compliant
ciphers / macs / kex algorithms.
Meaning I would need to know, if aes128-cbc is FIPS compliant/ aes128-ctr
is FIPS compliant.
Similarly for macs, kex algorithms as well.
On Wed, Jul 16, 2014 at 4:47 PM, Steve
Another follow up question. The Wiki page refers to FIPS 186-4. Are these
restrictions only for FIPS 186-4, or FIPS 140-2 as well?
From: jetso...@hotmail.com
To: openssl-users@openssl.org
Subject: SHA1 signatures in FIPS mode w/ TLS 1.2
Date: Wed, 16 Jul 2014 13:31:35 +
According to this
On Wed, Jul 16, 2014, Jason Schultz wrote:
According to this wiki page:
http://wiki.openssl.org/index.php/FIPS_mode_and_TLS
When in FIPS mode, SHA1 signatures can not be used when using the TLS 1.2
protocol: If that wasn't enough there's another complication. For TLS v1.2
you have to
Along, with this, I am also curious to know, how the call FIPS_mode_set
make an application FIPS compliant.
I have gone through the below link,
http://wiki.openssl.org/index.php/FIPS_mode_set()
But I am seeking a little more information regarding this.
On Wed, Jul 16, 2014 at 7:11 PM, Sadhana
I was going through ssl23_client_hello function in ss23_clnt.c
Does anyone know when OPENSSL_NO_SSL3 is defined?
Regards,
Sanju.
You might want to start by reading the OpenSSL FIPS Users Guide. Then go read
FIPS 140-2, and then read the user’s guide again. In this case “FIPS” is short
for “Federal Information Processing Standard Publication 140-2”, and that
standard is the controlling document (for now, 140-3 should be
When you configure the build with no-ssl3.
From: Sanju Gurung [mailto:sanju.gur...@gmail.com]
Sent: Wednesday, July 16, 2014 11:03 AM
I was going through ssl23_client_hello function in ss23_clnt.c
Does anyone know when OPENSSL_NO_SSL3 is defined?
Regards,
Sanju.
You asked:
Is there a standard documentation, which says these are FIPS compliant
ciphers / macs / kex algorithms.
I haven't found such a quick reference, and I really wouldn't trust such
without doing the research myself.
So, go back to the original source material. Start with NIST's CSRC
15 matches
Mail list logo