On May 12, 2017, at 5:00 PM, Michael Wojcik
wrote:
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of Thomas Francis, Jr.
>> Sent: Friday, May 12, 2017 15:55
>>
>>> On 5/10/17 3:55 AM, 共通基盤SSL[業務ID] / COMMONSSL,GYOUMU wrote:
>>>
> On Sep 10, 2015, at 8:44 AM, Jayalakshmi bhat
> wrote:
>
> Hello all,
>
> I have a question on FIPS. We have OpenSSL FIPS module integrated with our
> product. We have an option to enable/disable FIPS at run time. We are
> executing the following openSSL API's
I'm not currently interested in the given platforms, and while I really hope to
never be interested again, I can't rule it out. It'd be nice to be able to
follow the discussions, without necessarily contributing. But I also understand
I if those involved don't want to include those in my
On Apr 9, 2015, at 3:13 PM, Deepak dpb795...@gmail.com wrote:
Hi,
Any help on following questions is appreciated.
1) Can the function PKCS5_PBKDF2_HMAC_SHA1() in 0.9.8zf be used to
derive a key for AES-256-CBC encryption from user supplied passphrase?
Yes.
2) Is
If you mean you’re using CryptSignHash(), and are reversing the bytes in the
resulting signature, then yes, this is normal. You’ll need to reverse the
bytes when verifying the signature with ANY other toolkit/library, including
CNG. :) If it’s not too late, you should store the signature with
On Mar 11, 2015, at 11:40 AM, Alberto Roman Linacero aro...@alienvault.com
wrote:
Dear all, I'm doing an strace to the FIPS validated version of
openssl, and I'm seeing that is uses /dev/urandom. I thought that the
FIPS validated module always use /dev/random, isn't this the case, or
am
On Mar 2, 2015, at 12:18 PM, jonetsu jone...@teksavvy.com wrote:
Hello,
I tried a simple test to see if FIPS mode would fail, using the example
given in the FIPS user guide 2.0. The test consisted of replacing the
/dev/random and /dev/urandom with /dev/zero. I would have expected
, if the error is not from invoking fips_premain_dso, then
something else is wrong, and I’d suggest opening a support case with HP.
TOM
-Mrunal
On Wed, Feb 25, 2015 at 8:31 AM, Tom Francis thomas.francis...@pobox.com
wrote:
Have you tried changing FIPSLD_CC and FIPSLD_LINK to include
Have you tried changing FIPSLD_CC and FIPSLD_LINK to include the necessary
options (e.g. -mt)? Note: it might be simpler to modify fipsld instead,
depending on how easy/hard it is to maintain spaces properly when settings
FIPSLD_CC and FIPSLD_LINK. Since the fipsld script is just a
On Feb 24, 2015, at 9:42 PM, jone...@teksavvy.com wrote:
On Tue, 24 Feb 2015 16:16:17 +
Dr. Stephen Henson st...@openssl.org wrote:
On Tue, Feb 24, 2015, jonetsu wrote:
Hello,
To grasp how FIPS methods are called, and following one method
as an example, HMAC_Update() in
I think Jakob’s real concern (as expressed to me off-list a month or so ago) is
that OpenSSL’s libcrypto will become entirely hidden. I found several of his
comments confusing until he mentioned that. So, I think the fair question to
be asking is:
Is there any plan to make libcrypto go
On Jan 28, 2015, at 8:47 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, Jan 28, 2015, jone...@teksavvy.com wrote:
On Mon, 26 Jan 2015 22:35:12 -0500
Tom Francis thomas.francis...@pobox.com wrote:
Thanks for the detailed comments. I understand the concerns, although
there's
On Jan 28, 2015, at 8:47 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, Jan 28, 2015, jone...@teksavvy.com wrote:
On Mon, 26 Jan 2015 22:35:12 -0500
Tom Francis thomas.francis...@pobox.com wrote:
Thanks for the detailed comments. I understand the concerns, although
there's
On Jan 26, 2015, at 6:21 PM, jone...@teksavvy.com wrote:
On Fri, 16 Jan 2015 10:16:48 -0500
Steve Marquess marqu...@openssl.com wrote:
On 01/15/2015 05:52 AM, Marcus Meissner wrote:
On Linux usually triggered by /proc/sys/crypto/fips_enabled
containing 1 or the environment variable
On Jan 21, 2015, at 8:09 AM, Philip Bellino pbell...@mrv.com wrote:
Hello,
I apologize if this is not the correct forum for my questions, so here goes.
1. Are the RSA JSafeJCE and the IBM’ IBMJESFIPS cryptographic modules
being used widely against Openssl in FIPS mode?
In
On Jan 21, 2015, at 8:09 AM, Philip Bellino pbell...@mrv.com wrote:
Hello,
I apologize if this is not the correct forum for my questions, so here goes.
1. Are the RSA JSafeJCE and the IBM’ IBMJESFIPS cryptographic modules
being used widely against Openssl in FIPS mode?
In
On Jan 20, 2015, at 3:00 PM, Nou Dadoun ndad...@teradici.com wrote:
Thanks for the clarification, a couple of short questions -
We already have a shim to index into the function table that gets loaded
after run-time selecting from the 0.9.8 FIPS vs non-FIPS dll to use. I
imagined
On Jan 15, 2015, at 3:41 AM, Jeffrey Walton noloa...@gmail.com wrote:
According to the man pages on EVP_DigestVerifyFinal
(https://www.openssl.org/docs/crypto/EVP_DigestVerifyInit.html):
EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for
success and 0 or a negative
On Oct 27, 2014, at 4:33 AM, Gayathri Manoj gayathri.an...@gmail.com wrote:
Hi All,
How can I replace RSA_public_decrypt() with EVP_Verify*().
I wanted to replace the below api with EVP_verify*()
RSA_public_decrypt(Len, SgnData, dBuffer, rsa_pub_key, RSA_PKCS1_PADDING);
You’d
Your assumption is incorrect. Note that when you use the FIPS module, that you
should not attempt to use the FIPS module directly — instead, you build a
separate version of OpenSSL that uses the FIPS module (after building the FIPS
module). You then link the new libcrypto (and libssl if you
Use of -no-ec when building the FIPS capable openssl doesn’t affect the FIPS
module at all, and therefore doesn’t affect any statements you can make
regarding FIPS 140 compliance. The -no-ec option will prevent elliptic curve
cryptography from being used in OpenSSL when NOT using the FIPS
You might want to start by reading the OpenSSL FIPS Users Guide. Then go read
FIPS 140-2, and then read the user’s guide again. In this case “FIPS” is short
for “Federal Information Processing Standard Publication 140-2”, and that
standard is the controlling document (for now, 140-3 should be
You should be setting the KERNEL_BITS environment variable. That works for
several platforms, including Solaris x86 (although others default to 32, and
you need to set it to 64 to get a 64-bit build). As an alternative, (if you’re
not building the FIPS module) if you know which build
On Jul 7, 2014, at 5:40 AM, Sanjaya Joshi joshi.sanj...@gmail.com wrote:
Hello,
My application uses openssl 1.0.0, and it uses X509_check_ca() to find out
if an X509 certificate is a CA certificate, or an End-entity (EE) certificate.
The below are the possible return codes.
On May 25, 2014, at 10:15 AM, Han Sooloo hansoo...@gmail.com wrote:
Trying to understand how the crl2p7.c application allocates PKCS7 pointers.
I see the PKCS7_new() function and it makes sense.
However, I cannot find the definition of PKCS7_free(). The only place it
shows up is in
On May 16, 2014, at 4:14 AM, Hooman Fazaeli hoomanfaza...@gmail.com wrote:
On 5/16/2014 2:15 AM, Dave Thompson wrote:
EVP_BytesToKey implements (a tweak on) the original PKCS#5, which derived a
key and IV
by iterated hashing of a (reusable but secret) password with random (i.e.
unique)
On May 3, 2014, at 2:41 PM, Kevin Le Gouguec kevin.le-goug...@insa-lyon.fr
wrote:
Using asn1parse, I got this:
0:d=0 hl=4 l=3980 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT:pkcs7-envelopedData
15:d=1 hl=4 l=3965 cons: cont [ 0 ]
19:d=2 hl=4
On May 2, 2014, at 3:19 AM, Kevin Le Gouguec kevin.le-goug...@insa-lyon.fr
wrote:
(tl;dr : see questions at the end)
I'm trying to build nested CMS structures, as in, having a file F, a signer S
and a recipient R, I want to build a CMS-compliant message M which looks like:
M =
On Apr 26, 2014, at 6:25 PM, Anant Rao a...@noknok.com wrote:
Hi,
I see the doc. But, I'm afraid to say my question is still unanswered. Is
this function (PKCS5_PBKDF2_HMAC) supposed to generate same or diff output
over multiple calls with the same input? I see the latter and I want
On Apr 24, 2014, at 8:21 AM, Edward Ned Harvey (openssl)
open...@nedharvey.com wrote:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Dave Thompson
- the truststore if -CAfile and/or -CApath specified IF NEEDED
Thank you very much for your
On Mar 18, 2014, at 2:19 PM, Clesmon University www.clemson@gmail.com
wrote:
Hello:
What I can find online or in book Network security with OpenSSL is using
command line to generte a CRL. However, what I want to do is to let my
server receive a serial number from outside interface
31 matches
Mail list logo