Hi All,
My client is a windows XP and Freeradius version is 3.0.15 and openssl
version is [OpenSSL 1.0.1t 3 May 2016 (Library: OpenSSL 1.0.2k 26 Jan
2017)]
The client sends these cipher suites to the server in auth request
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WI
> On Jul 25, 2018, at 4:50 PM, Ken Goldman wrote:
>
> For background, this is the TPM 1.2 endorsement key certificate. I.e., this
> is a real application with millions of certificates issued. The key is an
> RSA-2048 key.
>
> The TCG (for a while) specified
>
> Public Key Algorithm:
On 7/25/2018 4:27 PM, Viktor Dukhovni wrote:
Yes, that's what I'm saying, but also asking the broader list for feedback
on such a change. Should security level zero succeed even with unsupported
EE keys (which somehow get used with some other software???).
For background, this is the TPM 1.2
> On Jul 25, 2018, at 3:00 PM, Ken Goldman wrote:
>
>
> If you're suggesting that altering the above code to do the level check
> before the call to get pkey, I think that would fix my problem.
Yes, that's what I'm saying, but also asking the broader list for feedback
on such a change. Sho
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of William Roberts
> Sent: Wednesday, July 25, 2018 13:00
>
> >unsigned char bytes[2];
> >RAND_bytes(bytes, 2);
> >return (bytes[0] | (bytes[1] << 8)) & 0x7fff;
>
> You can ditch the shift logic. Offhand, i'm
On 7/25/2018 10:47 AM, Viktor Dukhovni wrote:
On Jul 25, 2018, at 10:05 AM, Ken Goldman wrote:
I have a certificate with a non-standard public key algorithm -rsaesOaep. See
snippet #2.
With openssl 1.0, I can validate the certificate chain. With openssl 1.1 it
fails with the error X509
On Wed, Jul 25, 2018 at 11:30 AM, Michael Wojcik
wrote:
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
>> Sudarshan Soma
>> Sent: Wednesday, July 25, 2018 12:13
>
>> But rand() returns max value of 32767 . Is there a recomended way to
>> convert RAND_bytes to libc
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Sudarshan Soma
> Sent: Wednesday, July 25, 2018 12:13
> But rand() returns max value of 32767 . Is there a recomended way to
> convert RAND_bytes to libc rand()
> something like this?
> unsigned char buf[2];
> RAND_
On Wed, Jul 25, 2018 at 11:42:34PM +0530, Sudarshan Soma wrote:
> Now few applications are using libc rand function. For FIPS compliance,
> applications have to call approved SP 800-90A DRBG implementation.
If you're using libc's rand() for non-cryptographic purposes, you
can surely continue to d
If RAND_MAX is a power of 2, then just ask RAND_bytes for the right number of
bytes (four for 32768) and use bit-shifting to pack the value.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi, we have linked FIPS compliant openssl version against our applications.
Now few applications are using libc rand function. For FIPS compliance,
applications have
to call approved SP 800-90A DRBG implementation. I was planning to replace
libc rand with RAND_bytes
for the same.
But rand() retu
On 25/07/18 20:58, William Roberts
wrote:
On Tue, Jul 24, 2018 at 4:18 AM, Kaarthik Sivakumar
wrote:
Hello
I need to create a key pair using a TPM (proprietary) and build a CSR and
What TPM Version?
If it's TPM 2.0, a new Engin
On Tue, Jul 24, 2018 at 4:18 AM, Kaarthik Sivakumar
wrote:
> Hello
>
> I need to create a key pair using a TPM (proprietary) and build a CSR and
What TPM Version?
If it's TPM 2.0, a new Engine project has emerged here:
https://github.com/tpm2-software/tpm2-tss-engine
This might be able to handl
> On Jul 25, 2018, at 10:05 AM, Ken Goldman wrote:
>
> I have a certificate with a non-standard public key algorithm -rsaesOaep.
> See snippet #2.
>
> With openssl 1.0, I can validate the certificate chain. With openssl 1.1 it
> fails with the error X509_V_ERR_EE_KEY_TOO_SMALL. See dump
Seeking advice.
I have a certificate with a non-standard public key algorithm
-rsaesOaep. See snippet #2.
With openssl 1.0, I can validate the certificate chain. With openssl
1.1 it fails with the error X509_V_ERR_EE_KEY_TOO_SMALL. See dump #1.
I believe that this is due to new 1.1 code
15 matches
Mail list logo
