I've done this sort of thing back before 2000. I'd label my approach
back then as 'force brutish' as it was a mix of using the build system
and some code changes.
The trick is to search the configure system for a *hardware* (CPU!)
which is identical or at least very similar to your embedded one. D
have you read UserGuide? http://www.openssl.org/docs/fips/UserGuide-1.2.pdf
the APIs are the same but you have to add call FIPS_mode_set() and make sure
you use only FIPS approved algorithms
Galina
On Tue, Feb 17, 2009 at 9:23 PM, Randy Turner wrote:
>
> Hello List,
>
> I was curious about the d
I sent this snippet out a few days ago, but I haven't received an
adequate response. I am encrypting and base 64 encoding per the code
below. I am using 15 digit Amex numbers. On some numbers I get a valid
encryption and decryption and on others my decryption ends up losing the
last character.
Hello List,
I was curious about the diffs between the FIPS distribution of OpenSSL
and the "standard" distribution.
It seems like the FIPS tar file is based on an entirely different
versioning system, but I'm assuming there is a table somewhere that
maps this version back to a 0.9.x rele
On Tue, Feb 17, 2009 at 11:30 PM, Victor Duchovni
wrote:
>> Why are you trying to enforce the idea of cryptography as a black box,
>> rather than something that people should learn about?
>
> Because in amost all cases that's exactly the right advice.
Well, yes, about the 'almost' you are spot on
> Victor Duchovni wrote:
> > Because in amost all cases that's exactly the right advice.
> >
> > The cryptography learning that is sufficient and desirable is from books
> > such as "Applied Cryptography" which cover protocols and algorithms
> > at a high level. Studying the implementation or cre
Hi,
I think there is probably a *formal* way to do this within the
confines of the build system and design of OpenSSL, and there is
probably a brute-force way to do this.
I think just grabbing the crypto subtree and building a "make"
subsystem for this that makes no dependencies on platfo
Hi -
I am wondering if it is possible to build openSSL (or actually a very small
portion of it) for use in an embedded ROM on an ARM11-based system. For my
purpose I only need to be able to perform RSA public key decryption within the
ROM. Being a ROM, I have no OS support whatsoever.
I have
Victor Duchovni wrote:
Because in amost all cases that's exactly the right advice.
The cryptography learning that is sufficient and desirable is from books
such as "Applied Cryptography" which cover protocols and algorithms
at a high level. Studying the implementation or creating ones own
imple
On Tue, Feb 17, 2009 at 02:08:43PM -0800, Kyle Hamilton wrote:
> > You are asking the wrong questions. Why are you trying to reverse-engineer
> > the AES implementation? Why not just use it via the EVP interface?
>
> My guess is that he's trying to understand an actual in-world AES
> implementati
Hello,
owner-openssl-us...@openssl.org wrote on 02/17/2009 03:20:38 PM:
> 2009/2/17 Victor Duchovni :
> > On Mon, Feb 16, 2009 at 01:48:54PM +0800, loody wrote:
> >
> >> Dear all:
> >> I want to realize aes, so I trace enc_main in enc.c.
> >> But I find there are a lot call back functions such th
On Tue, Feb 17, 2009 at 8:57 AM, Victor Duchovni
wrote:
> On Tue, Feb 17, 2009 at 10:20:38PM +0800, loody wrote:
>
>> The round# is set according to the bits we pass to AES_set_encrypt_key.
>> And Nk*round# keys are also produced well in it.
>> But how about Nb, the number of column in state?
>> (
On Tue, Feb 17, 2009 at 12:49 PM, sofian sindhi wrote:
> Dear all:
> I trace openssl recently and I cannot find where the location of EVP_CIPHERs
> defined in evp.h.
> In evp.h, it is declared as const EVP_CIPHER *EVP_camellia_128_ecb(void);
> But where is the trully EVP_camellia_128_ecb(void) loc
On Tue, Feb 17, 2009 at 10:20:38PM +0800, loody wrote:
> The round# is set according to the bits we pass to AES_set_encrypt_key.
> And Nk*round# keys are also produced well in it.
> But how about Nb, the number of column in state?
> (in 128, 192 and 256 bits block plaintext, the Nb, column# of sta
2009/2/17 Victor Duchovni :
> On Mon, Feb 16, 2009 at 01:48:54PM +0800, loody wrote:
>
>> Dear all:
>> I want to realize aes, so I trace enc_main in enc.c.
>> But I find there are a lot call back functions such that I spend more
>> time on tracing these call back functions than understanding aes
>>
Hi,
Hodie XIII Kal. Mar. MMIX, özgür berksoy scripsit:
[...]
>subjectAltName=URI:[1]http://�BOX_3:8080,DNS:�BOX_3
>
>entry inside the cnf file, I get an error:
>
>problems making Certificate Request
>1188:error:0D07A07C:asn1 encoding
>routines:ASN1
Hi,
I've actually 2 problems.
First is:
Is it possible to create a X 509 certificate with 'µ' character inside
the subject alternative name ?
When I try to run following command :
openssl req -new -x509 -nodes -sha1 -extensions v3_ua -keyout
µBOX_3.Cert.pem -outform DER -out µB
Dear all:
I trace openssl recently and I cannot find where the location of EVP_CIPHERs
defined in evp.h.
In evp.h, it is declared as const EVP_CIPHER *EVP_camellia_128_ecb(void);
But where is the trully EVP_camellia_128_ecb(void) located?
I have grepped the source but I cannot get any hint.
appreci
Dear all:
I trace openssl recently and I cannot find where the location of EVP_CIPHERs
defined in evp.h.
In evp.h, it is declared as const EVP_CIPHER *EVP_camellia_128_ecb(void);
But where is the trully EVP_camellia_128_ecb(void) located?
I have grepped the source but I cannot get any hint.
appreci
Hi,
I've actually 2 problems.
First is:
Is it possible to create a X 509 certificate with 'µ' character inside
the subject alternative name ?
When I try to run following command :
openssl req -new -x509 -nodes -sha1 -extensions v3_ua -keyout
µBOX_3.Cert.pem -outform DER -out µB
20 matches
Mail list logo
