> Hello,
>
> I have some questions regarding table '6b - Conditional Tests' of the
> 2.0.7 Security Policy.
>
> It is mentioned that there are continuous tests for stuck fault. Is
> the meaning of 'continuous' a the matter of frequency ? Or are these
> continuous tests ran each time an algorithm i
> From: "Dr. Stephen Henson"
> To: openssl-users@openssl.org
> Date: 02/19/15 11:34
> Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting
> The low level cipher and digest APIs cannot be used in FIPS mode: you have to
> use EVP.
That's quite an important point. It br
On 02/19/2015 11:09 AM, Salz, Rich wrote:
>> For instance, any of the void DES_*_encrypt(). This cursory observation is
>> also supported by a vendor application code such as:
>
> Ah, okay. Those functions are 'just math' They depend on no external state.
> They can't fail. It's shifts and m
On 2015/2/19 00:22, Dave Thompson wrote:
genpkey has a standard idea, across all algorithms that have parameters
(which RSA does not), to generate parameters and key(s) as separate
steps with a file in between. For DSA and DH this is good; you may want
to generate your own params, or you may want
> For instance, any of the void DES_*_encrypt(). This cursory observation is
> also supported by a vendor application code such as:
Ah, okay. Those functions are 'just math' They depend on no external state.
They can't fail. It's shifts and masking, etc.
> This is basically why I'm wonderin
I wanted to switch to having separate signing and encryption
certificates. I followed the outline at Stefan Holek's excellent
http://pki-tutorial.readthedocs.org/en/latest/expert/index.html
That is the signing cert request used
keyUsage= critical,digitalSignature
extendedKe
"jone...@teksavvy.com"
writes:
> Hello,
>
> Could you please comment on the following ? Any suggestion, insight,
> hint, is greatly appreciated.
>
> In FIPS mode, the OS, the device, must be aware of crypto errors, and
> adopt a certain behaviour when one occurs. Like shutting down all
> data o
-Original Message-
> From: "Marcus Meissner"
> To: openssl-users@openssl.org
> Date: 02/19/15 08:07
> Subject: Re: [openssl-users] OpenSSL FIPS mode system integration
> Well, the writing is that the "crypto module" must stop operating
> on error.
> We solved this by calling abor
On Thu, Feb 19, 2015, jonetsu wrote:
>
>
> -Original Message-
> > From: "Salz, Rich"
> > To: openssl-users@openssl.org
> > Date: 02/19/15 07:43
> > Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting
> >
> > > For that matter and in a general sense, so far I'v
On 02/19/2015 05:19 AM, jone...@teksavvy.com wrote:
> ...This means that when using OpenSSL, a link must be made between
> OpenSSL (or the application using it) and the OS, if only to signal
> the OS of such errors.
Ummm, no. The FIPS module stops functioning (i.e. doesn't perform any
useful crypt
-Original Message-
> From: "Salz, Rich"
> To: openssl-users@openssl.org
> Date: 02/19/15 07:43
> Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting
>
> > For that matter and in a general sense, so far I've seen that many
> > encryption
> > methods do not retu
On Thu, Feb 19, 2015, Dave Thompson wrote:
> > From: openssl-users On Behalf Of open...@lists.killian.com
> > Sent: Wednesday, February 18, 2015 13:26
>
> > I noticed that openssl(1) says that various things have been superseded by
> > genpkey, so I tried changing my scripts to use it. It works f
On Thu, Feb 19, 2015 at 05:19:37AM -0500, jone...@teksavvy.com wrote:
> Hello,
>
> Could you please comment on the following ? Any suggestion, insight,
> hint, is greatly appreciated.
>
> In FIPS mode, the OS, the device, must be aware of crypto errors, and
> adopt a certain behaviour when one o
> For that matter and in a general sense, so far I've seen that many encryption
> methods do not return any error code. How does error reporting generally
> works ?
Really? Which ones?
___
openssl-users mailing list
To unsubscribe: https://mta.openssl
Hello,
Could you please comment on the following ? Any suggestion, insight,
hint, is greatly appreciated.
In FIPS mode, the OS, the device, must be aware of crypto errors, and
adopt a certain behaviour when one occurs. Like shutting down all
data output interfaces.
This means that when using O
Hello,
I have some questions regarding table '6b - Conditional Tests' of the
2.0.7 Security Policy.
It is mentioned that there are continuous tests for stuck fault. Is
the meaning of 'continuous' a the matter of frequency ? Or are these
continuous tests ran each time an algorithm is used ?
The
> From: openssl-users On Behalf Of open...@lists.killian.com
> Sent: Wednesday, February 18, 2015 13:26
> I noticed that openssl(1) says that various things have been superseded by
> genpkey, so I tried changing my scripts to use it. It works fine for RSA,
but the
> man page is not very helpful on
17 matches
Mail list logo
