,
Gayathri
On Wed, Nov 7, 2012 at 1:28 AM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Gayathri Manoj
Sent: Saturday, 03 November, 2012 06:48
Is any configure option available to enable SHA256 by default
in OpenSSL 0.9.8l.
The *algorithm
Hi Aaron,
If your openssl version supports sha256 and its version is less than
0.9.8l, then you should add OpenSSL_add_all_algorithms() in your code to
enable the same. Otherwise it will throw errors while doing any
digest operation with sha256.
By default sha256 is enabled on Openssl-0.9.8l
Hi All,
I want to parse the X509 pem certificate to read the principal name
under X509v3 Subject Alternative Name- othername. For this I read the pem
certificate using PEM_read_bio_X509_AUX() and X509_print_ex() API. But it
is showing
X509v3 Subject Alternative Name:
Hi,
I am new to this Mailing list.
I want to upgrade the openssl version from 0-9.8g to openssl -0.9.8h.
DES_xwhite_in2out() function is removed in the New version ( By putting #if
0).
How can I confirm that it will not effect my exiisting applications which is
used by this API?
Please reply to
Hi all,
I got an error while execuiting the test program of openssl using make test
command.
SSL2_SET_CERTIFICATE:certificate verify failed:s2_clnt.c:1049
Is any need to give the certificate by the user.
Thanks,
Gayathri
Hi All,
Regarding openssl self test failure:
I have executed the test available in the test folder. Some tests failed.
Why these test failing. Is any need to include any files related to
certificate.?
*Sample output:*
server authentication
Initial proxy rights = A
depth=2
Hi All,
Please let me know if there is an API that will resume the session without
going through the handshake process again ( the session might have broken
down due to unplugging of LAN cable etc)
Thanks,
Gayathri
Hi All,
I am trying to add tls resumption code in my currently existing application
which uses openssl-0.9.8l. Its already includes 4507 patch. Please let me
know is it contains any vulnerability or shall I use the TLS SessionTickets
extension patch which supports RFC 5077.
Thanks in Advance
Hi All,
What is the difference between CVE-2009-3555 and CVE-2011-1473. Both are
related to SSL renegotiation issue.
Please let me know is there any patch to fix this problem. Is there any
openssl version with fixes for the above two vulnerabilities.
Thanks,
Gayathri
Hi All,
What is the difference between CVE-2009-3555 and CVE-2011-1473. Both are
related to SSL renegotiation issue.
Please let me know is there any patch to fix this problem. Is there any
openssl version with fixes for the above two vulnerabilities.
Thanks,
Gayathri
Hi All,
I have fixed the CVE-2009-3555 bug by making my application RFC 5746
compliant.
Is this will cause the DoS attack ( CVE-2011-1473). Now I am facing Dos
attack on one of the port.
Please let me know is there any patch to fix this problem.
Thanks,
Gayathri
Hi All,
Please let me know is this vulnerability will effect the products which are
using openssl version less than openssl 1.0.1
Thanks,
Gayathri
users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
1.0.2 will be fixed in 1.0.2-beta2.
2014-04-14 3:21 GMT-03:00 Gayathri Manoj gayathri.an...@gmail.com:
Hi All,
Please let me know
Hi All,
I am planning to upgrade my tls connection from 1.0 to 1.2. I have made
changes from the client side and am able to see the client hello with tls
version 1.2. The server supports only 1.0 and the client is not falling
back to 1.0 and giving me a fatal that Protocol version alert.
Please
Hi All,
I am planning to upgrade my openssl from old version to openssl-0_9_8za.
But from website I came to know that this release is not FIPS complaint.
Please let me know when openssl-0.9.8zb will release. or is there any patch
to avoid this issue in za version.
Thanks,
Gayathri
Hi All,
I have recently upgraded my openssl version from 0.9.8l to 0.9.8za. But
after this I am not able to do ssh to my box which is in fips mode. No
issues with non fips mode.
Before upgrade it was worked fine in fips mode too.
Current version : OpenSSH_5.1p1, OpenSSL 0.9.8za-fips 5 Jun 2014
Hi All,
I have installed openssl-0.9.8za with -no-ec option. But after this i am
not able to generate ecdsa keys .
# ssh-keygen -t ecdsa -b 1024
unknown key type ecdsa
#
Earlier I am able to do the same with openssl-0.9.8y version.
Please let me know how can I solve this issue.
Thanks,
Hi All,
Please let me know how to compile openssl with -bindist option.
Thanks,
Gayathri
this info - compile openssl witn -bindist.
Please let me is any other way to get ecdsa key
]# ssh-keygen -t ecdsa -b 1024
unknown key type ecdsa
#
Thanks,
Gayathri
On Wed, Aug 6, 2014 at 4:57 PM, Matt Caswell m...@openssl.org wrote:
On 6 August 2014 11:27, Gayathri Manoj gayathri.an...@gmail.com
is to compile with no-ec: the EC algorithms are
not FIPS approved in OpenSSL 0.9.8 anyway.
Thanks,
Gayathri
Thanks,
Gayathri
On Wed, Aug 6, 2014 at 6:56 PM, Matt Caswell m...@openssl.org wrote:
On 6 August 2014 14:12, Gayathri Manoj gayathri.an...@gmail.com wrote:
Hi Matt,
Thanks Matt
Hi,
Thanks for your update.
We tried to compile without -no-ec . but its got failed.
Thanks,
Gayathri
On Wed, Aug 6, 2014 at 7:16 PM, Matt Caswell m...@openssl.org wrote:
On 6 August 2014 14:35, Gayathri Manoj gayathri.an...@gmail.com wrote:
Hi Matt,
Is there any solution to compile
Hi Matt,
One more doubt.
Please let me know if I compiled my openssl 0.9.8za without -no-ec
option and I am not using this alogorithm in any of my application
then shall I can say my application is fips complaint?
Thanks,
Gayathri
On Wed, Aug 6, 2014 at 7:22 PM, Gayathri Manoj gayathri.an
Hi All,
Please let me know openssl-0.9.8za with -no-ec option is fips compliant or
not.
Thanks,
Gayathri
at 1:11 AM, Gayathri Manoj gayathri.an...@gmail.com
wrote:
Please let me know openssl-0.9.8za with -no-ec option is fips compliant
or
not.
No. If you want FIPS validated crypto, then you need one of the
openssl-fips-*-tar.gz downloads. They produce the FIPS Object Module.
openssl-0.9.8xxx
Hi All,
Please let me know how can I see the FIPS certificate for
openssl-fips-1.2.4.
Thanks,
Gayathri
Thanks Steve.
On Mon, Sep 1, 2014 at 10:04 PM, Steve Marquess
marqu...@opensslfoundation.com wrote:
On 09/01/2014 06:55 AM, Gayathri Manoj wrote:
Hi All,
Please let me know how can I see the FIPS certificate for
openssl-fips-1.2.4.
Thanks,
Gayathri
http://csrc.nist.gov/groups
Hi All,
How can I replace RSA_public_decrypt() with EVP_Verify*().
I wanted to replace the below api with EVP_verify*()
RSA_public_decrypt(Len, SgnData, dBuffer, rsa_pub_key, RSA_PKCS1_PADDING);
I have tried with
EVP_MD_CTX md_ctx;
unsigned char *decryptBuffer = NULL;
EVP_PKEY *pubKey =
this
with EVP_Verify*(). Please let me know EVP_PKEY_public_decrypt() to make my
system FIPs complaint.
Thanks,
Gayathri
On Tue, Oct 28, 2014 at 12:54 AM, Tom Francis thomas.francis...@pobox.com
wrote:
On Oct 27, 2014, at 4:33 AM, Gayathri Manoj gayathri.an...@gmail.com
wrote:
Hi All,
How can I
Hi All,
I am using openssl-0.9.9za and I came to know EVP_PKEY_CTX is available
from 1.0.0.
Please let me know which API i can use in FIPS context instead of
RSA_public_decrypt().
Thanks,
Gayathri
On Tue, Oct 28, 2014 at 10:45 AM, Gayathri Manoj gayathri.an...@gmail.com
wrote:
Hi All
API for decryption.
Thanks,
Gayathri
On Tue, Oct 28, 2014 at 7:59 PM, Matt Caswell m...@openssl.org wrote:
On 28 October 2014 05:58, Gayathri Manoj gayathri.an...@gmail.com wrote:
Hi All,
I am using openssl-0.9.9za and I came to know EVP_PKEY_CTX is available
from 1.0.0.
Please
'signedData' using phones public key.
Please let me know how to decrypt this information in FIPS mode.
Thanks,
Gayathri
On Thu, Oct 30, 2014 at 5:28 AM, Matt Caswell m...@openssl.org wrote:
On 29/10/14 09:03, Gayathri Manoj wrote:
Hi Matt,
Thanks Matt.
Please let me know
the source code of RSA_public_decrypt() and not found any
difference in both versions. Please let me know what might be the reason
and how can i rectify this. Is there any other API i can use apart from
EVP_verify*().
Thanks,
Gayathri
On Thu, Oct 30, 2014 at 10:26 AM, Gayathri Manoj gayathri.an
can't make any changes here.
then how can i verify this message in FIPs mode pother than
RSa_public_decrypt().
Thanks,
Gayathri
On Thu, Oct 30, 2014 at 8:41 PM, Dr. Stephen Henson st...@openssl.org
wrote:
On Thu, Oct 30, 2014, Gayathri Manoj wrote:
Hi Matt,
Currently I am getting
entity ( In this case sData). and in the above
example , no other way we can check the authentication. Please update me
if the above sentence is wrong.
Thanks,
Gayathri
On Wed, Nov 12, 2014 at 10:03 PM, Dr. Stephen Henson st...@openssl.org
wrote:
On Wed, Nov 12, 2014, Gayathri Manoj wrote
:
On Thu, Nov 13, 2014, Gayathri Manoj wrote:
Hi Stephen,
I am extracting raw digest by using then below command.
/* decrypt the content using the RSA pub key */
elen = RSA_public_decrypt(sLen, sData, ebuf, rsaKey, RSA_PKCS1_PADDING);
/* comuptes SHA1 hash*/
SHA1_Init(ctx
Hi All,
Please let me know in which version CVE-2011-1473 got fixed.
Is openssl-1.x is vulnerable to this issue?
Thanks,
Gayathri
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Hi Jeffrey,
In this its not mentioned.
Thanks,
Gayathri
On Thu, Dec 11, 2014 at 4:46 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Dec 11, 2014 at 6:07 AM, Gayathri Manoj
gayathri.an...@gmail.com wrote:
Hi All,
Please let me know in which version CVE-2011-1473 got fixed
Hi,
I am using openssl- 0.9.8l and able to compile the openssl in fips mode.
Now planning to upgrade to latest version - 1.0.1j.
openssl-fips version is 1_2 and not changed this library.
But getting the following error while compiling openssl 1.0.1j with
openssl-fips 1_2 in fips mode
Thanks Matt.
On Tue, Jan 13, 2015 at 2:38 PM, Matt Caswell m...@openssl.org wrote:
On 13/01/15 06:42, Gayathri Manoj wrote:
Hi,
I am using openssl- 0.9.8l and able to compile the openssl in fips
mode. Now planning to upgrade to latest version - 1.0.1j.
openssl-fips version
Hi All,
For doing ntp authentication, I have used ntp-keygen command to create the
keys. But this is failing in fips enabled system with
RSA_BUILTIN_KEYGEN:bad e value error.
# ntp-keygen -S RSA -m 2048 -p serverpassword -c RSA-SHA1 -C aes-128-cbc
Using OpenSSL version *OpenSSL 1.0.1e-fips* 11
Hi All,
I am getting segfault while using i2d_X509_SIG() in FIPS mode.
(gdb) bt
#0 0x01f95045 in __memcpy_ssse3_rep () from /lib/libc.so.6
#1 0x00466837 in asn1_ex_i2c () from /usr/local/cm/lib/libcrypto.so.1.0.1
#2 0x00466a36 in asn1_i2d_ex_primitive () from
,
Gayathri
On Fri, Jan 30, 2015 at 7:09 PM, Gayathri Manoj gayathri.an...@gmail.com
wrote:
Hi All,
I am getting segfault while using i2d_X509_SIG() in FIPS mode.
(gdb) bt
#0 0x01f95045 in __memcpy_ssse3_rep () from /lib/libc.so.6
#1 0x00466837 in asn1_ex_i2c () from /usr/local/cm/lib/libcrypto.so
, 2015, Gayathri Manoj wrote:
Hi All,
Please let me know shall I need to take care the memory separately for
the
fips mode.
Only in FIPS mode i am getting the below error while calling
i2d_x509_sig().
I'm not sure how that can happen. The function i2d_X509_SIG isn't part of
the
FIPS
;
len = i2d_X509_SIG(sig,NULL);
Thanks,
Gayathri
On Mon, Feb 2, 2015 at 9:31 PM, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:
On Mon, Feb 02, 2015 at 07:15:12PM +0530, Gayathri Manoj wrote:
unsigned char *ptr, *tmp=NULL;
X509_SIG sig;
How is sig initialized?
len=i2d_X509_SIG
Hi All,
Tried with above method and its not worked. Please let me know is it
possible to use NID_md5WithRSAEncryption, NID_md5 in fips mode.
Thanks,
Gayathri
On Wed, Feb 4, 2015 at 8:56 PM, Dr. Stephen Henson st...@openssl.org
wrote:
On Tue, Feb 03, 2015, Gayathri Manoj wrote:
Hi Steve
error. And got return
value of this api as SUCCESS. Later i changed this to EVP_sha1() and able
to get the value in i2d_X509_SIG().
Thanks,
Gayathri
On Thu, Feb 5, 2015 at 7:21 PM, Dr. Stephen Henson st...@openssl.org
wrote:
On Thu, Feb 05, 2015, Gayathri Manoj wrote:
Tried with above method
Hi All,
I am trying to create a pem format key for my existing key by using the
below command.
openssl rsa -in my_rsa_key -outform PEM -out my_res_newkey_pem
The new key format is -BEGIN PRIVATE KEY-.
But I am expecting -BEGIN RSA PRIVATE KEY-
In nonFIPS mode i am getting
Thanks Steve for the quick reply.
On Thu, Jun 11, 2015 at 7:27 PM, Dr. Stephen Henson st...@openssl.org
wrote:
On Thu, Jun 11, 2015, Gayathri Manoj wrote:
Hi All,
I am trying to create a pem format key for my existing key by using the
below command.
openssl rsa -in my_rsa_key
Hi,
I am getting the below error while compliling openssl-0.9.8zg with fips
canister library.
make[2]: Entering directory `open_source/openssl/0_9_8zg_new1/fips'
../libcrypto.a(err_def.o): In function `ERR_get_state':
err_def.c:(.text+0x710): multiple definition of `ERR_get_state'
Hi All,
Please let me know what is the compatible openssl-fips package for the
0.9.8zg version.
When i try with with openssl-1_2_4, I am getting the below error
bash 3.2:90gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m32 -DL_ENDIAN
Hi Jacob,
I have used openssl-fips-1_2_4 with openssl 0.9.8zf and not found any
issue. For my environment, just I upgraded my openssl version from 0.9.8zf
to zg.
Thanks,
Gayathri
On Wed, Jul 15, 2015 at 12:36 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 14/07/2015 12:35, Gayathri Manoj
Hi All,
We are getting the below error in syslog file in FIPS mode.
sshd[5939]: error: openssh_DSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:-1
This is hitting when connecting between two servers using ssh
authentication.
Please let me know how can I solve this issue.
Openssl version :
52 matches
Mail list logo