Hi Jacob,
Thanks for looking into this.
This FIPS186-4 is not just about SHA. It basically about the key
generation parameters. Especially I am looking for RSA key generation
parameters wrt FIPS 186-4.
Thanks,
Murugesh P.
On 10/5/17, Jakob Bohm wrote:
> On 05/10/2017 13:51, murugesh pitchaiah
>> You should avoid calls to RAND_poll altogether on Windows. Do so by
>> explicitly seeding the random number generator yourself.
>
> As a starting point, try something like this:
>
> -
> static ENGINE *rdrand;
>
> void init_prng(void) {
> /* Try to seed the PRNG with the Intel RDRAND on-c
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jeffrey Walton
> Sent: Thursday, October 05, 2017 13:33
> To: Jason Qian; OpenSSL Users
> Subject: Re: [openssl-users] DH_generate_key Hangs
>
>
> You should avoid calls to RAND_poll altogether on Windows. Do so by
>
M2Crypto is the most complete Python wrapper for OpenSSL
featuring RSA, DSA, DH, EC, HMACs, message digests, symmetric
ciphers; SSL functionality to implement clients and servers;
HTTPS extensions to Python’s httplib, urllib, and xmlrpclib;
unforgeable HMAC’ing AuthCookies for web session managemen
More :
The call stacks are from 1.0.1c when calling DH_generate_key.
Is any fix in the latest version for this ?
Thanks
Jason
On Thu, Oct 5, 2017 at 3:53 PM, Jason Qian wrote:
> We call DH_generate_key(DH *dh) and the RAND_poll() is called
> ssleay_rand_bytes
>
>
> libeay32d.dll!RAND_po
We call DH_generate_key(DH *dh) and the RAND_poll() is called
ssleay_rand_bytes
libeay32d.dll!RAND_poll() Line 572 C
libeay32d.dll!ssleay_rand_bytes(unsigned char * buf=0x03318fe0, int
num=128, int pseudo=0) Line 395 C
libeay32d.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf=0x03318fe
On Thu, Oct 5, 2017 at 3:27 PM, Jason Qian via openssl-users
wrote:
> Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no
> change
I believe it was fixed earlier than that. Also see
https://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest
As Michael suggested
On Thu, Oct 5, 2017 at 2:55 PM, Jason Qian via openssl-users
wrote:
> Thanks Michael,
>
> I saw a lot of discussion for this issue on,
>
>https://mta.openssl.org/pipermail/openssl-dev/2015-July/002210.html
>
> Not sure if openSSL has a workaround or a patch ?
>
>
> It hangs on
* Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no
change
Sorry, then try 1.1.0 The HEAPWALK bug/issue is fixed there.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no
change
Thanks
On Thu, Oct 5, 2017 at 2:59 PM, Salz, Rich wrote:
> You could try to backport the win_rand file from a more recent release.
>
>
>
> Far better, as Michael first said, to move to 1.0.2 or later.
>
>
>
>
>
--
You could try to backport the win_rand file from a more recent release.
Far better, as Michael first said, to move to 1.0.2 or later.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Thanks Michael,
I saw a lot of discussion for this issue on,
https://mta.openssl.org/pipermail/openssl-dev/2015-July/002210.html
Not sure if openSSL has a workaround or a patch ?
It hangs on :
*libeay32.dll!RAND_poll() Line 523 *
if (*heap_first*(&hentry,
hlist.th32
As I speculated, it appears you're hanging in random-number generation,
probably due to a blocking CPRNG that can't get the entropy it needs.
This is an operating-system issue, and needs to be referred to your OS
administrator.
Michael Wojcik
Distinguished Engineer, Micro Focus
From: Jason Q
On 05/10/2017 13:51, murugesh pitchaiah wrote:
Hi All,
I am looking for the FIPS 186-4 patch. I see it is not yet implemented
in openssl FIPS 2.0
I assume FIPS 186-4 is the updated SHA standard that adds the SHA-3
specification.
In that case, that would be something that OpenSSL would first ad
Here is the stack trace :
libeay32.dll!RAND_poll Normal
[External Code]
libeay32.dll!RAND_poll() Line 523
libeay32.dll!ssleay_rand_bytes(unsigned char * buf, int num, int pseudo)
Line 395
libeay32.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf, int num) Line
536
Thanks
Jason
On Wed
Hi All,
I am looking for the FIPS 186-4 patch. I see it is not yet implemented
in openssl FIPS 2.0
I see many vendors have implemented their own fix for FIPS 186-4
compliance. I am looking for the patch which i can reuse. Looks like
redhat too has its own patch.
Kindly share any pointers for the
Hi All,
I have query regarding the SSL_read on blocking socket. How to come out of
blocking SSL_read when we have to close the connection ?
As per the documentation SSL_read will only return if there is any data or
an error occurred.
"If the underlying BIO is *blocking*, SSL_read() will only re
17 matches
Mail list logo
