[openssl-users] Call for FIPS 140-2 stakeholders

If you don't know or care about FIPS 140-2 then count yourself very lucky and move on. In the same spirit of collaboration that underlies all of the open source based OpenSSL FIPS Object Module validations, of which the #1747 validation is the latest, some of the stakeholders impacted by the

Re: [openssl-users] Suggested way to add option to both SSL_CTX* and SSL*?

On Mon, Jun 22, 2015, Salz, Rich wrote: I looked at how SSL_CTX_set_cipher_list and SSL_set_cipher_list operate, but they don't use SSL_{CTX}_ctrl. That API probably predates the ctrl. It's a trade-off; you lose type-safety but have less to document :) What is the suggested way to

Re: [openssl-users] Fast DH parameters generation

Of course, the second approach is a lot faster - however, can anyone explain the warning not from the documentation Be careful to avoid small subgroup attacks when using this. ? AFAIK, for such attacks to be effective, they require that the parameters are re-used multiple times. However, in

[openssl-users] RT was down today, please resend

Hi, due to a mysql screwup, whatever was sent to openssl-b...@openssl.org after 06:00 UTC today was lost (everything before that was safely backed up). If you did send something, I would like to kindly ask you to resend it. Sorry for the inconvenience. Cheers, Richard -- Richard Levitte

Re: [openssl-users] Provisional FIPS 140-2 casualty list

Hi Steve, Forgive my ignorance From the previous postings, I *thought* that the validation only applies to real iron, and [retroactively] was not conferred to the VMs. But it seems like this list includes real hardware, too: 12 Ubuntu 10.04 running on Intel Core i5 with AES-NI (32 bit)

Re: [openssl-users] Provisional FIPS 140-2 casualty list

On 06/22/2015 02:36 AM, Jeffrey Walton wrote: Hi Steve, Forgive my ignorance From the previous postings, I *thought* that the validation only applies to real iron, and [retroactively] was not conferred to the VMs. But it seems like this list includes real hardware, too: 12

[openssl-users] Has the support for SPARC architecture crypto extensions been Implemented?

Hello OpenSSL folks, We have a product which is an OpenSSL 1.0.1 application. One of my customers is running my product on his SunSparc Solaris 11 platform which has a Crypto Accelerator. Around the end of last year, he complained to me that OpenSSL doesn't utilize the accelerator at all. I then

Re: [openssl-users] Has the support for SPARC architecture crypto extensions been Implemented?

Found this, so the feature has been implemented. Aaron Changes between 1.0.1l and 1.0.2 [22 Jan 2015] ... *) Support for SPARC Architecture 2011 crypto extensions, first implemented in SPARC T4. This covers AES, DES, Camellia, SHA1, SHA256/512, MD5, GHASH and modular exponentiation.

Re: [openssl-users] beginner needs advice on data signature/verification

Response inline below, prefixed with MW. (Unfortunately Outlook is incapable of replying to HTML messages properly, so you'll have to excuse the formatting.) Michael Wojcik Technology Specialist, Micro Focus From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Marco

[openssl-users] How to provide KDF to ECDH key computation when using EVP API?

Hi, My goal is to implement ECDH in my own engine. The snippet below shows the struct that needs to be filled and set as the engine's ECDH method: struct ecdh_method { const char *name; int (*compute_key) (void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY