Hi All,
What is the reason that the DRBG random generation function- fips_drbg_bytes
does not consider prediction resistance as input?
Inside fips_drbg_bytes
rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen); //prediction
resistance disabled
And as a result the entropy generation
As in the subject is it possible to generate signature with given random
number? According to the documentation of ECDSA uses RNG so it would be
difficult to find out private key from signature but i want just to test
my data to check if signature is being generated properly and i have'nt
found
Hello,
We have an OpenSSL application in which the client calls SSL_connect() to
connect to the server.
We upgraded the OpenSSL used inour application from 1.0.1l to 1.0.2a
recently.
When OpenSSL 1.0.1l was used, the ciphersuite the client got was
ECDHE_RSA_WITH_AES_256_CBC_SHA. When OpenSSL
Not sure.
Are you using blocking or non-blocking IO?
Have you tried SSL_MODE_AUTO_RETRY?
Do you notice a different return value from SSL_read() after a zero byte
read compared to other errors?
On 05/06/2015 07:12 PM, Bryan Call wrote:
Do you know if there is a way from preventing a call to
On Tue, 2015-05-05 at 09:21 +0100, Matt Caswell wrote:
I am considering removing Kerberos support from OpenSSL 1.1.0. There
are
a number of problems with the functionality as it stands, and it
seems
to me to be a very rarely used feature. I'm interested in hearing any
opinions on this
On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote:
There have been some conversations behind Red Hat doors about
improving the state of Kerberos/TLS in both standards and
implementations. Could we maybe have a broader conversation about how
to fix this situation?
To be
On 5/7/2015 8:40 PM, Viktor Dukhovni wrote:
On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote:
There have been some conversations behind Red Hat doors about
improving the state of Kerberos/TLS in both standards and
implementations. Could we maybe have a broader conversation
On Thu, May 07, 2015 at 08:49:21AM +0300, Yoav Nir wrote:
I think there was also discussion on this list at some point suggesting
changing that MAY for omitting the root CA cert to a SHOULD or a
MUST. (I think the argument for the latter was to reduce wasted bandwidth)
Sorry, this is
Hi Piotr,
As you have found out, choosing the per message random number in ECDSA
signature is crucial for the security of private key.
Leaving this responsibility on users is dangerous. This is the reason you
won't find any crypto API to feed the random number for ECDSA signature.
If you want
On Thu, May 07, 2015 at 10:28:49AM +0200, Piotr ?obacz wrote:
According to the documentation of ECDSA uses RNG so it would be
difficult to find out private key from signature but i want just to test
my data to check if signature is being generated properly and I have'nt
found any possible
Do you know if there is a way from preventing a call to SSL_get_error() after
getting a 0 byte read from SSL_read()? This is the main issue I am facing with
the OpenSSL error locking right now.
-Bryan
On May 1, 2015, at 6:49 AM, Salz, Rich rs...@akamai.com wrote:
Lock #1 is
11 matches
Mail list logo
