On Wed, Mar 25, 2015 at 12:36 PM, Salz, Rich wrote:
>> I see Adam Langley's patch here:
>> https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a8646510b
>>
>> Any ideas why it was not accepted or not merged? (I'm assuming it was not
>> merged because it was rejected for some reason).
>
>
On 26 March 2015 at 14:53, Philip Bellino wrote:
> I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords
>
> with cipher des_ede3_cbc as follows:
>
>
>
Your design is fundamentally flawed. You should be hashing passwords using
bcrypt, pbkdf or similar not encrypting them.
Rega
Hi Phil,
> "
or is the encrypted length put into the encrypted information so an EVP
call is available to retrieve it?"
It is NOT the case.
May not be the answer you expected :
The encrypted length is length of clear text + size of 1 cipher block if
padding is enabled.
https://www.open
>> Hi,
>> I am playing with openssl 1.0.2a - specifically CMS support for ECC.
>> But what I think should work doesn't.
>> Commands used and parsed data shown.
>> (I gave an RSA example as a known good working example)
>>
>> ./openssl version
>> OpenSSL 1.0.2a 19 Mar 2015
>>
>> echo -n 123456781234
On 26/03/2015 22:29, Steve Marquess wrote:
On 03/26/2015 01:41 PM, Jakob Bohm wrote:
On 26/03/2015 16:56, Steve Marquess wrote:
On 03/26/2015 11:30 AM, John Foley wrote:
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable kerne
On 03/26/2015 01:41 PM, Jakob Bohm wrote:
> On 26/03/2015 16:56, Steve Marquess wrote:
>> On 03/26/2015 11:30 AM, John Foley wrote:
>>> We looked at this very briefly a couple of years ago. In theory, there
>>> may be a way to achieve the goal as a loadable kernel module (a.k.a.
>>> device driver)
On Thu, Mar 26, 2015, Chris Madden wrote:
> Hi,
> I am playing with openssl 1.0.2a - specifically CMS support for ECC.
> But what I think should work doesn't.
> Commands used and parsed data shown.
> (I gave an RSA example as a known good working example)
>
> ./openssl version
> OpenSSL 1.0.2a 19
> From: jonetsu
> Date: 03/26/15 11:11
> Is FIPS_mode_set(1) taking care of setting up a default DRBG ?
Yes. It does. When using post_cb() from fips_test_suite.c in for instance the
fips_hmac.c demo, with only but a FIPS_mode_set(1) call, it is reported that
the four DRBGs are tested:
On 26/03/2015 16:56, Steve Marquess wrote:
On 03/26/2015 11:30 AM, John Foley wrote:
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable kernel module (a.k.a.
device driver). The idea would be to have a kernel module that provid
On 03/26/2015 01:00 PM, Marcus Meissner wrote:
> ...
>>
>> Unfortunately FIPS 140-2 validation conflicts rather violently with open
>> source software (and with software engineering best practice in general,
>> for that matter). Even if some benevolent benefactor ponied up the
>> quarter megabuck i
On Thu, Mar 26, 2015 at 10:57:28AM -0400, Steve Marquess wrote:
> On 03/25/2015 06:26 PM, jone...@teksavvy.com wrote:
> > On Wed, 25 Mar 2015 17:03:04 -0400
> > Steve Marquess wrote:
> >
> >> I wasn't aware the Linux kernel (the real one, not proprietary
> >> commercial derivatives) had a "FIPS"
On 03/26/2015 11:30 AM, John Foley wrote:
> We looked at this very briefly a couple of years ago. In theory, there
> may be a way to achieve the goal as a loadable kernel module (a.k.a.
> device driver). The idea would be to have a kernel module that provides
> crypto support. This kernel module
Thanks Viktor for clarification.
So in case we need to use SSL_CTX_set_cipher_list(), we should use : for
multiple Ciphers.
and + working in old releases for same scenario can be treated as bug..
Thanks
Mukesh
On 26 March 2015 at 20:24, Viktor Dukhovni
wrote:
> On Thu, Mar 26, 2015 at 07:56:38
Hi,
I am playing with openssl 1.0.2a - specifically CMS support for ECC.
But what I think should work doesn't.
Commands used and parsed data shown.
(I gave an RSA example as a known good working example)
./openssl version
OpenSSL 1.0.2a 19 Mar 2015
echo -n 12345678123456781234567812345678 > sess.
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable kernel module (a.k.a.
device driver). The idea would be to have a kernel module that provides
crypto support. This kernel module would be the FIPS object module,
with the FIP
Hello,
Is FIPS_mode_set(1) taking care of setting up a default DRBG ? Would a
subsequent call to RAND_pseudo_bytes() for instance be using the default DRBG (
256-bit CTR AES ?) There are quite a few DRBG-related FIPS methods described in
the User Guide, and one that is called FIPS_get_defaul
I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords
with cipher des_ede3_cbc as follows:
encrypt routines:
EVP_CIPHER_CTX_init
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_cleanup
decrypt routines:
EVP_CIPHER_CTX_init
EVP_DecryptInit_ex
EVP_DecryptUp
On 03/25/2015 06:26 PM, jone...@teksavvy.com wrote:
> On Wed, 25 Mar 2015 17:03:04 -0400
> Steve Marquess wrote:
>
>> I wasn't aware the Linux kernel (the real one, not proprietary
>> commercial derivatives) had a "FIPS" mode. Please enlighten me.
>
> It could very well be that the word 'mode' i
On Thu, Mar 26, 2015 at 07:56:38PM +0530, Mukesh Yadav wrote:
> :~/openssl-0.9.8d_install/usr/local/bin# ./openssl ciphers RC4-MD5+RC4-SHA
> -v
>
> RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
>
> RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
That's Right..
here is O/p
Openssl-0.9.8d:
:~/openssl-0.9.8d_install/usr/local/bin# ./openssl ciphers RC4-MD5:RC4-SHA
-v
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA SSL
Hello Openssl Users,
Currently we are facing a memory leak issue in the following scenario.
We are allocating dynamic memory to a appctx and we are setting this appctx
to the session using the function
SSL_SESSION_set_app_data().
My understanding is that, this appctx will be updated as part of e
> I am wondering is this newly introduced?.
No it's not new.
> Application compiled with openssl-0.9.8d used to work when Cipher string has
> '+'.or ':'
That release is nearly 10 years old (Sep 2006) And are you sure it worked? +
tended to mean add, so :+ worked...
--
Senior Architect
Thanks Marcus.
It worked when changed + to :.
I am wondering is this newly introduced?.
Application compiled with openssl-0.9.8d used to work when Cipher string
has '+'.or ':'
On 26 March 2015 at 15:23, Marcus Meissner wrote:
> On Thu, Mar 26, 2015 at 10:42:21AM +0530, Mukesh Yadav wrote:
Hi Steve,
as far as I can see this works only if the application embedding openssl is the
ssl client; but how can this be achieved from the server's point of view?
Thanks
Dirk
On 25.03.2015 16:35, Dr. Stephen Henson wrote:
> On Wed, Mar 25, 2015, Dirk Menstermann wrote:
>
>> Hello,
>>
>> which
On Thu, Mar 26, 2015 at 10:42:21AM +0530, Mukesh Yadav wrote:
> HI,
>
> I have a query for SSl cipher on Openssl-1.0.1h
> Have an application which is using library compiled with openssl-1.0.1h.
>
> Application is failing in func SSL_CTX_set_cipher_list() when input is "
> RC4-MD5+RC4-SHA" and it
Hello,
i have been able to cross-compile openssl with fips module and what i
want now is to use it within my project which is using C++. According to
the manual https://wiki.openssl.org/index.php/Fipsld_and_C%2B%2B i have
to modify fipsld to fipsld++. Everything works properly if i'm compiling
my o
26 matches
Mail list logo
