Re: [openssl-users] Openssl FIPS 186-4 Patch

Hi Jacob, Thanks for looking into this. This FIPS186-4 is not just about SHA. It basically about the key generation parameters. Especially I am looking for RSA key generation parameters wrt FIPS 186-4. Thanks, Murugesh P. On 10/5/17, Jakob Bohm wrote: > On 05/10/2017

Re: [openssl-users] DH_generate_key Hangs

>> You should avoid calls to RAND_poll altogether on Windows. Do so by >> explicitly seeding the random number generator yourself. > > As a starting point, try something like this: > > - > static ENGINE *rdrand; > > void init_prng(void) { > /* Try to seed the PRNG with the Intel RDRAND

Re: [openssl-users] DH_generate_key Hangs

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jeffrey Walton > Sent: Thursday, October 05, 2017 13:33 > To: Jason Qian; OpenSSL Users > Subject: Re: [openssl-users] DH_generate_key Hangs > > > You should avoid calls to RAND_poll altogether on Windows. Do so by >

[openssl-users] [ANN] M2Crypto 0.27.0

M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, EC, HMACs, message digests, symmetric ciphers; SSL functionality to implement clients and servers; HTTPS extensions to Python’s httplib, urllib, and xmlrpclib; unforgeable HMAC’ing AuthCookies for web session

Re: [openssl-users] DH_generate_key Hangs

More : The call stacks are from 1.0.1c when calling DH_generate_key. Is any fix in the latest version for this ? Thanks Jason On Thu, Oct 5, 2017 at 3:53 PM, Jason Qian wrote: > We call DH_generate_key(DH *dh) and the RAND_poll() is called > ssleay_rand_bytes > > >

Re: [openssl-users] DH_generate_key Hangs

We call DH_generate_key(DH *dh) and the RAND_poll() is called ssleay_rand_bytes libeay32d.dll!RAND_poll() Line 572 C libeay32d.dll!ssleay_rand_bytes(unsigned char * buf=0x03318fe0, int num=128, int pseudo=0) Line 395 C libeay32d.dll!ssleay_rand_nopseudo_bytes(unsigned char *

Re: [openssl-users] DH_generate_key Hangs

On Thu, Oct 5, 2017 at 3:27 PM, Jason Qian via openssl-users wrote: > Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no > change I believe it was fixed earlier than that. Also see https://rt.openssl.org/Ticket/Display.html?id=2100=guest=guest As

Re: [openssl-users] DH_generate_key Hangs

On Thu, Oct 5, 2017 at 2:55 PM, Jason Qian via openssl-users wrote: > Thanks Michael, > > I saw a lot of discussion for this issue on, > >https://mta.openssl.org/pipermail/openssl-dev/2015-July/002210.html > > Not sure if openSSL has a workaround or

Re: [openssl-users] DH_generate_key Hangs

* Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no change Sorry, then try 1.1.0 The HEAPWALK bug/issue is fixed there. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] DH_generate_key Hangs

Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no change Thanks On Thu, Oct 5, 2017 at 2:59 PM, Salz, Rich wrote: > You could try to backport the win_rand file from a more recent release. > > > > Far better, as Michael first said, to move to 1.0.2 or

Re: [openssl-users] DH_generate_key Hangs

You could try to backport the win_rand file from a more recent release. Far better, as Michael first said, to move to 1.0.2 or later. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] DH_generate_key Hangs

Thanks Michael, I saw a lot of discussion for this issue on, https://mta.openssl.org/pipermail/openssl-dev/2015-July/002210.html Not sure if openSSL has a workaround or a patch ? It hangs on : *libeay32.dll!RAND_poll() Line 523 * if (*heap_first*(,

Re: [openssl-users] DH_generate_key Hangs

As I speculated, it appears you're hanging in random-number generation, probably due to a blocking CPRNG that can't get the entropy it needs. This is an operating-system issue, and needs to be referred to your OS administrator. Michael Wojcik Distinguished Engineer, Micro Focus From: Jason

Re: [openssl-users] Openssl FIPS 186-4 Patch

On 05/10/2017 13:51, murugesh pitchaiah wrote: Hi All, I am looking for the FIPS 186-4 patch. I see it is not yet implemented in openssl FIPS 2.0 I assume FIPS 186-4 is the updated SHA standard that adds the SHA-3 specification. In that case, that would be something that OpenSSL would first

Re: [openssl-users] DH_generate_key Hangs

Here is the stack trace : libeay32.dll!RAND_poll Normal [External Code] libeay32.dll!RAND_poll() Line 523 libeay32.dll!ssleay_rand_bytes(unsigned char * buf, int num, int pseudo) Line 395 libeay32.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf, int num) Line 536 Thanks Jason On

[openssl-users] Openssl FIPS 186-4 Patch

Hi All, I am looking for the FIPS 186-4 patch. I see it is not yet implemented in openssl FIPS 2.0 I see many vendors have implemented their own fix for FIPS 186-4 compliance. I am looking for the patch which i can reuse. Looks like redhat too has its own patch. Kindly share any pointers for

[openssl-users] Graceful shutdown of TLS connection for blocking sockets

Hi All, I have query regarding the SSL_read on blocking socket. How to come out of blocking SSL_read when we have to close the connection ? As per the documentation SSL_read will only return if there is any data or an error occurred. "If the underlying BIO is *blocking*, SSL_read() will only