On 30/10/2019 04:04, ratheesh kannoth wrote:
Hi,
1. what are these h0h4 ?
2. How are they generated ?
3. Could you help to locate code in openssl ?
typedef struct SHAstate_st {
SHA_LONG h0, h1, h2, h3, h4;
SHA_LONG Nl, Nh;
SHA_LONG data[SHA_LBLOCK];
unsigned int num;
Frederick Gotham
wrote in
news:XnsAAF8BACC24C3Bfgotham@195.159.176.226:
> Jochen Bern
> wrote:
>
>> SSH logins from remote that fail
>
>
> This is my exact problem right now. My device has booted up and I
> can't SSH into it.But this doesn't entirely make sense since it should
> be getting
Jochen Bern wrote:
> SSH logins from remote that fail
This is my exact problem right now. My device has booted up and I can't SSH
into it.But this doesn't entirely make sense since it should be getting
random numbers from the TPM2 chip anyway.
On 10/30/2019 04:19 PM, openssl-users-requ...@openssl.org digested:
> From: Frederick Gotham
> To: openssl-users@openssl.org
>
> I even tried deleting /dev/random and /dev/urandom
... don't do that. The Linux kernel is both a provider and a consumer of
entropy, e.g., to randomize the TCP
Dmitry Belyavsky wrote:
> You should do in your engine the following:
Just so you know, I'm not a developer of the TPM2 engine for OpenSSL.
Of course though I can still go in and edit the code here and there.
> Implement the TPM-provided RAND_METHOD in the engine
> call ENGINE_set_RAND for
On Wed, Oct 30, 2019 at 6:58 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote
> in
> news:cadqlbz+jctu_yqiw9w-fyo0o56mqua2nri6helr6pggxqdh...@mail.gmail.com:
>
> > On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham
> > wrote:
> >
> >> Dmitry Belyavsky
> >> wrote:
> >>
> >> >> You still have
Dmitry Belyavsky wrote
in
news:cadqlbz+jctu_yqiw9w-fyo0o56mqua2nri6helr6pggxqdh...@mail.gmail.com:
> On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham
> wrote:
>
>> Dmitry Belyavsky
>> wrote:
>>
>> >> You still have the OpenSSL built-in RNG.
>>
>>
>>
>> Is there a simple compiler flag to
On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
> >> You still have the OpenSSL built-in RNG.
>
>
>
> Is there a simple compiler flag to remove this?
>
> Or do I need to go into the source code and stick a "return -1;" somewhere?
>
> No. Openssl will not work
Dmitry Belyavsky wrote:
>> You still have the OpenSSL built-in RNG.
Is there a simple compiler flag to remove this?
Or do I need to go into the source code and stick a "return -1;" somewhere?
On Wed, Oct 30, 2019 at 6:20 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote
>
> >> /etc/ssl/openssl.cnf
> >
> > Yes, or any custom.
> > But the engine must provide the RAND_METHOD and set it as default.
> >
> >
>
>
>
> But if my TPM2 engine fails to load, then OpenSSL will just use the
>
Dmitry Belyavsky wrote
>> /etc/ssl/openssl.cnf
>
> Yes, or any custom.
> But the engine must provide the RAND_METHOD and set it as default.
>
>
But if my TPM2 engine fails to load, then OpenSSL will just use the
'rdrand' engine.
So my defense agains this is to rebuild OpenSSL with the
On Wed, Oct 30, 2019 at 6:08 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
>
> >> It can be done via the engine code and config.
>
>
> Do you mean
>
> /etc/ssl/openssl.cnf
>
> ?
>
Yes, or any custom.
But the engine must provide the RAND_METHOD and set it as default.
--
SY, Dmitry
Dmitry Belyavsky wrote:
>> It can be done via the engine code and config.
Do you mean
/etc/ssl/openssl.cnf
?
On Wed, Oct 30, 2019 at 6:00 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
> > Did you try to create your own RAND_METHOD and set it as default on
> > loading the engine?
>
>
> No, I didn't try that.
>
> Note that I'm only using the OpenSSL binary, I'm not interfacing with an
> API.
>
>
Dmitry Belyavsky wrote:
> Did you try to create your own RAND_METHOD and set it as default on
> loading the engine?
No, I didn't try that.
Note that I'm only using the OpenSSL binary, I'm not interfacing with an
API.
Did you try to create your own RAND_METHOD and set it as default on loading
the engine?
On Wed, Oct 30, 2019 at 5:40 PM Frederick Gotham
wrote:
>
> I'm working on Linux with a x86-64 CPU.
>
> I have a TPM2 chip, and so I want OpenSSL to do all of its encryption
> and random number generation
I'm working on Linux with a x86-64 CPU.
I have a TPM2 chip, and so I want OpenSSL to do all of its encryption
and random number generation through the TPM2 chip.
In the event that the chip fails, I do NOT want there to be a backup
system. I do NOT want any kind of software psuedorandom
On 29/10/2019 11:55, Nagalakshmi V J wrote:
> Hi Matt,
>
> Thank you so much for your response. Those mentioned APIs resolved my
> errors.
>
> For the below code,
>
> return SSL_get_session(pConnection) != NULL &&
> pConnection->session->session_id_length != 0;
>
> Any
Hi Matt,
Any inputs on the below query?
Thanks and regards,
Nagalakshmi
From: Nagalakshmi V J
Sent: Tuesday, October 29, 2019 5:25 PM
To: Matt Caswell ; Nagalakshmi V J
; openssl-users@openssl.org
Subject: Re: OpenSSL compilation errors in Windows
Hi Matt,
Thank you so much for your
19 matches
Mail list logo