Does anybody know of a version of BIGNUM that is SSE enabled allowing
simultaneous operations on multiple BIGNUMs?
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I did some quick research and found this:
http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
If my understanding is correct, the public key is (p, q, g, y).
The private key would be x, such that y = g^x mod p.
Is there some way to generate both public and private keys using OpenSSL,
bas
I should add that I prefer a protocol that optimizes the GSS round trips
over one that doesn't, though that means using SPNEGO for negotiation
(when negotiation is desired).
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/li
Thanks for both answers.
I tried using Y as the public key, but ssl seems not to accept that.
Here is the error scenario:
>From the FIP file:
[mod = 1024]
P =
fda5442483ccf7a12399d6c13d56ff882d689524f1885fcb7424e26da2d200a1657b631dcc74
c73ecbd89fe42cc554b7062835c73d7203161e09742392
On Tue, May 12, 2015 at 06:10:39PM +, Salz, Rich wrote:
> You can't easily have test vectors for DSA signatures since they
> include a random. Any test vector would have to include the random,
> and any API would have to be able to accept the random as part of the
> "sign" API. Verification s
On Tue, May 12, 2015 at 08:23:34PM +0200, Jakob Bohm wrote:
> How about the following simplifications for the new
> extension, lets call it "GSS-2" (at least in this e-mail).
>
> 1. GSS (including SASL/GS2) is always done via the SPNego
> GSS mechanism, which provides standard handling of
> mecha
Can anyone shed light on why these APIs are disabled in FIPS mode? They
involve operations that must be implemented within the boundary of the FIPS
crypto module? It seems like disabling them is intended to prevent mistakes
from developers trying to write their own AES mode implementations?
Thank
> What Mr. Salz refers to by "Verification should be okay" is probably this:
Yes and Mr. Salz greatly appreciates Mr. Bohm's elaboration.
:)
Lest the humor be misunderstood: yes, you're right, thanks for explaining.
___
openssl-users mailing list
To u
On 12/05/2015 20:10, Salz, Rich wrote:
You can't easily have test vectors for DSA signatures since they include a random. Any
test vector would have to include the random, and any API would have to be able to accept
the random as part of the "sign" API. Verification should be okay.
What M
On 11/05/2015 20:52, Nico Williams wrote:
On Mon, May 11, 2015 at 04:42:49PM +, Viktor Dukhovni wrote:
On Mon, May 11, 2015 at 11:25:33AM -0500, Nico Williams wrote:
- If you don't want to depend on server certs, use anon-(EC)DH
ciphersuites.
Clients and servers must reject[*] T
You can't easily have test vectors for DSA signatures since they include a
random. Any test vector would have to include the random, and any API would
have to be able to accept the random as part of the "sign" API. Verification
should be okay.
___
o
I'm working on a C++ security library solution that uses openssl internally.
It offers Sign/Verify, Digest and Encrypt/Decrypt as its features (please
check available methods below).
I'm using FIPS 2.0 test vectors to validate my library, but I'm having a bit
of trouble with that.
Testing
(Top posting to keep thread consistent).
It is also worth noting that if OpenSSL is used in a
plugin, which is unloaded (along with OpenSSL) and later
reloaded long before the container process is unloaded,
then "things that are only allocated once per OpenSSL
library lifetime" become very real m
I love that when it happens :)
2015-05-12 16:56 GMT+02:00 Ben Humpert :
> Ok, after plenty of testing and some googling: the name constraints
> extension is ... improvable. I ran plenty of tests but it looks like
> that the extension is not very well implemented in todays browsers.
>
> I have atta
Ok, after plenty of testing and some googling: the name constraints
extension is ... improvable. I ran plenty of tests but it looks like
that the extension is not very well implemented in todays browsers.
I have attached three txt files (DOS format) with the settings and
results of each test run.
Mike,
I agree that only security experts should implement production ciphers. But as
Lewis pointed out, the OP's stated intention is to create a demo from scratch.
This is what I think is worth doing and only for private distribution.
Publishing that demo or distributing it widely would be unwi
16 matches
Mail list logo
