On 3/23/2015 9:51 AM, Kevin Moody wrote:
Hi,
My apologies if I missed a post about this already, but I'm seeing the
following when running `nmake -f ms\ntdll.mak` in the vc9x64 build of openssl
1.0.2a:
...
Assembling: tmp32dll\aesni-sha256-x86_64.asm
tmp32dll\aesni-sha256-x86_64.asm(109) : er
Hi,
I'm facing a crash (heap corruption) on Windows ever since I updated
OpenSSL to the version 1.0.2a. The same seems to happen in 1.0.1m.
I'm using Visual Studio 2013. I'm building the x64-static variant of
OpenSSL like so:
perl Configure VC-WIN64A no-asm
--prefix=F:\git\openssl_crash\th
The key issue still remains, are the validated SP800-90 DRBGs the _same_
as SP800-90A's DRBGs? If yes then we can probably use Openssl-FIPS with
SP800-90A, otherwise OpenSSL-FIPS 2.0.9 probably can no longer be used
for any new validations?
Thanks,
xxiao
---
Hi,
For the second question any DR
Hi,
My apologies if I missed a post about this already, but I'm seeing the
following when running `nmake -f ms\ntdll.mak` in the vc9x64 build of openssl
1.0.2a:
...
Assembling: tmp32dll\aesni-sha256-x86_64.asm
tmp32dll\aesni-sha256-x86_64.asm(109) : error A2006:undefined symbol : __imp_Rtl
Virt
Thanks Matt for a prompt response.
On Mon, Mar 23, 2015 at 4:25 PM, Matt Caswell wrote:
>
>
> On 23/03/15 10:50, Jaya Nageswar wrote:
> > Hi All,
> >
> > As per openssl advisory http://www.openssl.org/news/secadv_20150319.txt,
> > the vulnerability CVE-2015-0292 is fixed in 0.9.8 za. Is this cor
Hi,
For the second question any DRBG that are approved in FIPS SP 800-90A are
approved for any application. You can chose over tha Hash, HMAC or CTR DRBG
equivalently.
Best regards
Q Gouchet
Le 23 mars 2015 09:38, "jonetsu" a écrit :
> Hello,
>
> Following on the 'SP800-90 DRBG in OpenSSL FIPS
It's unlikely to appear in 1.0.2 as it's a new feature.
CloudFlare has posted patches that seem like they would drop in easily, for
folks that want to do it; see
https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
--
Senior Architect, Akamai Technologies
IM:
Hello,
Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, the
OpenSSL source code does not seem to mention SP 800-90A. Only SP 800-90. So
the certifications were made for SP 800-90, is that right ?
Also, does it depend on the application to choose which DRBG and moreov
On 23/03/15 14:19, Jakob Bohm wrote:
> On 23/03/2015 14:48, Matt Caswell wrote:
>> On 23/03/15 13:45, Viktor Dukhovni wrote:
>>> On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote:
>>>
> As Viktor states RFC 4492 says if the client sends no TLS extension
> containing the curves
On 23/03/2015 14:48, Matt Caswell wrote:
On 23/03/15 13:45, Viktor Dukhovni wrote:
On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote:
As Viktor states RFC 4492 says if the client sends no TLS extension
containing the curves supported then the server can choose any supported
curve. S
Thanks Jakob.
On 23-Mar-2015 11:58 AM, "Jakob Bohm" wrote:
> The most common Java interface for openssl is to use an
> openssllibrary wrapper as the JNI backend behind the
> Java CryptographyExtensions (JCE). For instance this
> is how Android implements JCE.
>
> Curiously Android returns the OI
On 23/03/15 13:45, Viktor Dukhovni wrote:
> On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote:
>
>>> As Viktor states RFC 4492 says if the client sends no TLS extension
>>> containing the curves supported then the server can choose any supported
>>> curve. So your fix is to continue w
On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote:
> > As Viktor states RFC 4492 says if the client sends no TLS extension
> > containing the curves supported then the server can choose any supported
> > curve. So your fix is to continue when we reach the second iteration if
> > there a
On 23/03/15 11:54, Linsell, StevenX wrote:
> On 20/0315 15:51, Matt Caswell wrote:
>> On 20/03/15 12:44, Linsell, StevenX wrote:
>>> On Thu, Mar 19, 2015, Steve Linsell wrote:
>>> Following further testing I see identical failures in the master branch
>>> using the \
>>> following cipher/pr
On 20/0315 15:51, Matt Caswell wrote:
>On 20/03/15 12:44, Linsell, StevenX wrote:
>> On Thu, Mar 19, 2015, Steve Linsell wrote:
>> >
>> Following further testing I see identical failures in the master branch
>> using the \
>> following cipher/protocol combinations:
>> ECDH-ECDSA-AES128-SHA
On 23/03/15 10:50, Jaya Nageswar wrote:
> Hi All,
>
> As per openssl advisory http://www.openssl.org/news/secadv_20150319.txt,
> the vulnerability CVE-2015-0292 is fixed in 0.9.8 za. Is this correct or
> typo?
It is correct. As the advisory states this is a historic bug that was
fixed in previo
Hi All,
As per openssl advisory http://www.openssl.org/news/secadv_20150319.txt,
the vulnerability CVE-2015-0292 is fixed in 0.9.8 za. Is this correct or
typo? Can some one point me to the code changes related to this fix on gib
hub. I really could not find the code changes related to the commit
9
On Tue, Oct 7, 2014 at 12:42 PM, Matt Caswell wrote:
>
>
> On 07/10/14 18:07, Jeffrey Walton wrote:
But I have not been able to find its trail:
$ cd openssl-git
$ git pull
Already up-to-date.
$ grep -R -i chacha *
$ grep -R -i poly1305 *
18 matches
Mail list logo
