_ASM to the compile lines, but I still get
that unresolved external.
Does anyone know what I need to do? I'll eventually figure this out, but I'd
like this to work as soon as possible.
Regards,
Bill
On 4/17/2018 5:47 PM, Ludwig, Mark wrote:
From: Bill Kurland, Tuesday, April 17, 2018 4:19 PM
I'm trying to build openssl-1.1.0h on AIX 6.1 with the ultimate goal of
building the IO::Socket::SSL perl module.
make fails when creating libcrypto.a and libssl.a because, it seems, the *.o
I'm trying to build openssl-1.1.0h on AIX 6.1 with the ultimate goal of
building the IO::Socket::SSL perl module.
make fails when creating libcrypto.a and libssl.a because, it seems, the
*.o files are in a format not recognized by ar
I've passed "-Wl,-baix5coff64-rs6000" in config. I've also
nssl.org] On
> Behalf Of Bill Smith
> Sent: Friday, June 02, 2017 08:11
>
> Looking at the openssl build output, sure enough, it's missing -fPIC.
This is one of the reasons why we use our own Configure script for OpenSSL.
When we update to a new OpenSSL release, we diff its Config
Hi,
I'm building OpenSSL 1.0.2l on Centos Linux 5.4. When linking the libcrypto.a
library against my application, I'm getting the error:
/usr/bin/ld: /vobs_prgs/src/openssl/linuxx86_64/lib/libcrypto.a(x86_64-gcc.o):
relocation R_X86_64_32 against 'a local symbol' can not be used when making a
I pulled down 1.1.0e and tried to build it on Solaris 64. I ran into the
following error:
/tools/solaris/SunStudio12.2/bin/cc -xarch=v9 -mt -o test/ct_test
test/ct_test.o test/testutil.o -L. -lcrypto -lresolv -lsocket -lnsl -ldl
-lpthread
cc: Warning: -xarch=v9 is deprecated, use -m64 to crea
Hi,
While trying to build openssl 1.1.0c on Windows, the configure step failed for
me if I used a perl that is on a network share. Example:
\\rdlserv\tools\nt\asperl-5.24.0\bin\perl ./Configure VC-WIN64A
enable-weak-ssl-ciphers enable-rc4 enable-deprecated no-shared
--prefix=z:\openssl\work\nt
Hi,
I'm in the process of building 1.1.0c and noticed a behavior difference with
"openssl version -a". The bug is that we're not seeing all of the compiler
flags on the "compiler: " line. In the following example, we're not seeing:
-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst
in the line
If I understand you correctly, yes you must use the private key to decrypt
the symmetric key which has been encrypted using RSA and the client's
public key. There is no way (theoretically) to decrypt using only the
public key.
On Tue, Dec 29, 2015 at 7:58 AM, suguacl28 wrote:
> Ya i know it. Ac
What you are describing is not even how RSA works. You would be describing
symmetrical encryption, whereas RSA is asymmetrical. There is no inherent
vulnerability with symmetrical encryption assuming you keep the key
private. The idea behind RSA is that you can share your public key and
only the
conf_def.c:199:
I would appreciate any help you can give on this.
--
Bill
Wow... That is certainly a very unfortunate limitation... Thank you for
clarifying... Bill
On Dec 19, 2012, at 6:40 AM, Steve Marquess wrote:
> On 12/19/2012 05:21 AM, Bill Durant wrote:
>> Hello Jeffrey:
>>
>> Thank you for the response.
>>
>> So FIPS mod
Hello Jeffrey:
Thank you for the response.
So FIPS mode enable is supported on non-SSE2 processors *only* with a
fipscanister that is built with the "no-asm" option?
Thanks,
Bill
On Dec 19, 2012, at 1:13 AM, Jeffrey Walton wrote:
> On Tue, Dec 18, 2012 at 11:15 PM, Bill Durant
nguage optimization disabled in order to get into FIPS mode under
non-SSE2 processors.
So how to build a FIPS-capable OpenSSL with assembly language optimization
enabled in the fipscanister that works under non-SSE2 capable processors?
Is that not possible?
Thanks,
Bill
Thank you Jeff. I will take a look. -Bill
On Nov 27, 2012, at 5:59 AM, Jeffrey Walton wrote:
> On Mon, Nov 26, 2012 at 5:59 PM, Bill Durant wrote:
>> Hello:
>>
>> Is PKCS5_PBKDF2_HMAC() thread safe?
> See the "Is OpenSSL thread-safe?" under the PROG section
Hello:
Is PKCS5_PBKDF2_HMAC() thread safe?
Thanks,
Bill
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
ist to get a validated install built?
Thanks in advance for your help!
____
Bill Reister
rying to understand exactly
when is the continuous PRNG test is called.
Thanks!
Bill
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openss
On Nov 1, 2011, at 4:34 PM, Bill Durant wrote:
> On Nov 1, 2011, at 4:23 PM, Dr. Stephen Henson wrote:
>> On Tue, Nov 01, 2011, Bill Durant wrote:
>>
>>> Hello,
>>>
>>> What is the procedure for building a FIPS-capable OpenSSL snapshot on
>>
On Nov 1, 2011, at 4:23 PM, Dr. Stephen Henson wrote:
> On Tue, Nov 01, 2011, Bill Durant wrote:
>
>> Hello,
>>
>> What is the procedure for building a FIPS-capable OpenSSL snapshot on Ubuntu
>> 8.04.4 LTS from the following snapshots:
>>
>
&g
Hello,
What is the procedure for building a FIPS-capable OpenSSL snapshot on Ubuntu
8.04.4 LTS from the following snapshots:
ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-20111031.tar.gz
ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-20111031.tar
On Oct 28, 2011, at 3:51 PM, Dr. Stephen Henson wrote:
> On Fri, Oct 28, 2011, Bill Durant wrote:
>
>> On Oct 28, 2011, at 1:57 PM, Dr. Stephen Henson wrote:
>>> On Fri, Oct 28, 2011, Bill Durant wrote:
>>>
>>>> Hello,
>>>>
>>>>
On Oct 28, 2011, at 1:57 PM, Dr. Stephen Henson wrote:
> On Fri, Oct 28, 2011, Bill Durant wrote:
>
>> Hello,
>>
>> What is the procedure for building a 64-bit FIPS-capable OpenSSL on Windows
>> from the following latest snapshots:
>>
>> ftp://ftp
directory
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 10.0
\VC\BIN\amd64\cl.EXE"' : return code '0x2'
Stop.
Thanks,
Bill
__
OpenSSL Project
On Oct 25, 2011, at 4:17 AM, Dr. Stephen Henson wrote:
> On Mon, Oct 24, 2011, Bill Durant wrote:
>
>> On Oct 24, 2011, at 4:00 PM, Dr. Stephen Henson wrote:
>>> On Mon, Oct 24, 2011, Bill Durant wrote:
>>>
>>>>
>>>>
>>>> He
in FIPS
mode?
Thanks,
Bill
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord
On Oct 24, 2011, at 1:01 AM, Bill Durant wrote:
> On Oct 5, 2011, at 12:15 PM, Dr. Stephen Henson wrote:
>> On Wed, Oct 05, 2011, Bill Durant wrote:
>>> On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote:
>>>> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
>
On Oct 5, 2011, at 12:15 PM, Dr. Stephen Henson wrote:
> On Wed, Oct 05, 2011, Bill Durant wrote:
>> On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote:
>>> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
>>>> On 10/4/2011 10:45 PM, Bill Durant wrote:
>&g
On Oct 5, 2011, at 9:10 PM, William A. Rowe Jr. wrote:
> On 10/5/2011 10:08 AM, Dr. Stephen Henson wrote:
>> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
>>
>>> On 10/4/2011 10:45 PM, Bill Durant wrote:
>>>>
>>>> But when I run it unde
On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote:
> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
>
>> On 10/4/2011 10:45 PM, Bill Durant wrote:
>>>
>>> Does anyone know how to produce a FIPS-capable OpenSSL that works on
>>> Windows NT?
>>
NT (it is available on Windows 2000 and above).
So is it possible to produce a working FIPS-capable OpenSSL without some
hacking of the code to remove calls to Module32NextW and friends?
Any ideas?
Thanks,
Bill
__
OpenS
On May 24, 2011, at 5:42 PM, Dr. Stephen Henson wrote:
> On Tue, May 24, 2011, Bill Durant wrote:
>
>> On May 24, 2011, at 3:58 PM, Dr. Stephen Henson wrote:
>>> On Tue, May 24, 2011, ciphertexto wrote:
>>>
>>>> On May 24, 2011, at 4:18 AM, Dr. Stephe
i386-apple-darwinDarwin Kernel Version 10.7.0: Sat Jan 29
15:17:16 PST 2011; root:xnu-1504.9.37~1/RELEASE_I386
Configuring for darwin-i386-cc
target already defined - darwin-i386-cc (offending arg: fipcanisterbuild)
Notice that it configures for "darwin-i386-cc" which I believe it is inc
for anyone, I would appreciate if you could share some
details about how the OpenSSL was built.
Or does anyone know if the 64-bit version of a FIPS-capable OpenSSL is
supported on SnowLeopard? So far it looks like it is not.
Thanks,
Bill
=/Users/alicate
SHLVL=4
PEX_LIBS=-Wl,-search_paths_first
LIBRPATH=/usr/local/ssl/fips-1.0/lib
DYLD_LIBRARY_PATH=../util/..:
CFLAG=-fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_D
0)
$ ldd foobar
linux-gate.so.1 => (0xb775b000)
libfoo.so.1 => ./libfoo.so.1 (0xb76f2000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7595000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xb74a1000)
/lib/ld-linux.so.2 (0xb775c000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb747c000)
I listened to your email using DriveCarefully and will respond as soon as I can.
Download DriveCarefully for free at www.drivecarefully.com
__
OpenSSL Project http://www.openssl.org
User Support Mai
1.0.0, current
version 1.0.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
version 111.1.5)
Thanks,
Bill
__
OpenSSL Project http://www.openssl.org
User Support Mailing
m planning to use only the following algorithms: SHA-256, HMAC-
SHA256, AES-256 for encrypt/decrypt and AES Key wrap (on Linux,
Windows and Mac OS X 10.3+).
Thanks,
Bill
__
OpenSSL Project
On Oct 13, 2010, at 5:27 PM, William A. Rowe Jr. wrote:
On 10/13/2010 7:22 PM, Bill Durant wrote:
On Oct 13, 2010, at 5:19 PM, William A. Rowe Jr. wrote:
On 10/13/2010 3:31 PM, Bill Durant wrote:
I am interested in building the static version of the FIPS-
capable OpenSSL as an universal
On Oct 13, 2010, at 5:19 PM, William A. Rowe Jr. wrote:
On 10/13/2010 3:31 PM, Bill Durant wrote:
I am interested in building the static version of the FIPS-capable
OpenSSL as an universal
binary.
Three builds, per spec, of the FIPS canister. No tweaks, no
exceptions to
the security
On Oct 13, 2010, at 11:30 AM, Michael S. Zick wrote:
On Wed October 13 2010, Bill wrote:
Hello Mike,
It is not a script:
===> Ubuntu 8.04
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu 8.04.4 LTS"
$ which gcc
FIPS-capable
OpenSSL as an universal binary.
I would appreciate any clues on how to accomplish this (if it is
possible).
Thank you,
Bill
__
OpenSSL Project http://www.openssl.org
User
910:fips.c:238:0:error:
2D06906E:lib(45):func(105):reason(110)
FIPS_mode_set(1) failed
$ ./cmd
FIPS mode is enabled.
Thanks,
Bill
On Oct 13, 2010, at 1:12 PM, Bill Durant wrote:
On Oct 13, 2010, at 11:30 AM, Michael S. Zick wrote:
On Wed October 13 2010, Bill wrote:
Hello Mike,
On Oct 13, 2010, at 11:27 AM, Dr. Stephen Henson wrote:
On Wed, Oct 13, 2010, Bill wrote:
Hi Steve,
Thank you for the suggestion but It did not help:
$ make
gcc -c foo.cpp -fPIC -Wall -I./openssl-0.9.8o-fips/include -I.
rm -f libfoo.so
FIPSLD_CC=gcc ./openssl-0.9.8o-fips/bin/fipsld -shared
On Oct 13, 2010, at 9:47 AM, Dr. Stephen Henson wrote:
On Tue, Oct 12, 2010, Bill wrote:
Hello Steve,
Good eye! That got rid of the compilation error.
However, FIPS_mode_set(1) fails when it gets called from a "shared"
library
that links with the "static" version
.4
gcc-4.4: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04 LTS"
Any ideas about how
=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04 LTS"
$ gcc --version
gcc (Ubuntu 4.4.3-4ubuntu5) 4.4.3
Copyright (C) 2009 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There
is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICUL
Hello,
I found a workaround by linking with the FIPS capable "shared" library.
Please let know if any one has been successful in building a shared
library on linux that links with the FIPS capable "static" library.
Thanks,
Bill
On Oct 12, 2010, at 12:33 PM, Bill
o-fips/lib/
libcrypto.a -lstdc++
$ ./cmd
FIPS mode is enabled.
Thanks,
Bill
On Oct 12, 2010, at 12:13 PM, Bill wrote:
Hello,
I have followed the FIPS UserGuide 1.2 to build a FIPS object module
and a FIPS capable OpenSSL.
I used openssl-fips-1.2.tar.gz and openssl-0.9.8o.tar.gz to build
Hello,
I have followed the FIPS UserGuide 1.2 to build a FIPS object module
and a FIPS capable OpenSSL.
I used openssl-fips-1.2.tar.gz and openssl-0.9.8o.tar.gz to build these.
On Ubuntu, when I try to build a shared library that links with the
FIPS-capable OpenSSL static library, I get th
nown_issuer)
In Firefox, but Chrome accepts it fine.
Again, I am not using client authentication.
Thanks,
--
Bill Moseley
mose...@hank.org
nvironment.
Running an old version of Apache, unfortunately:
Apache/2.0.54 (Debian GNU/Linux) mod_ssl/2.0.54 OpenSSL/0.9.7e
Any ideas?
Thanks,
[1]
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO15167
--
Bill Moseley
mose...@hank.org
ensure it is treated as a positive number.
Without the leading 00, the C4 would make it negative. The shorter one has the
most significant bit of the leading byte as a zero; therefore, it is positive
and the leading zeros for the most significant three bits of the 163 bits are
assumed.
Bill
Try:
export OPENSSL_FIPS=1
unset OPENSSL_FIPS
Bill
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Carl Anderson
Sent: May 8, 2009 8:39 AM
To: openssl-users@openssl.org
Subject: Re: relationship between
Why not take a look at destest.c in the test directory?
Bill
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Thor Catarius
Sent: May 3, 2009 10:01 AM
To: openssl-users@openssl.org
Subject: Looking for DES encryption
hic modules implemented using dedicated hardware systems.
I don't think you will find openssl software on its own ever being able
to meet these requirements. You must wrap it within a system that
provides them.
Bill
From: owner-openssl-us...@ope
f is not being
used?
2) Is there anything I can do to get more verbose debugging?
3) Anyone on-list familiar with PHP's implementation?
However, any helpful advice on this is appreciated!
--
Bill Moran
http://www.potentialtech.com
http://people.c
temporary area and zero filled. The output is
always an integral multiple of eight bytes.
Bill
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Nikos Balkanas
Sent: March 8, 2009 1:20 PM
To: openssl-users@openssl.org
Subject
>From is filled with random data. It is not a zero terminated text
string, therefore, strlen(from) will probably be invalid.
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of chamara caldera
Sent: November 24, 2008 7:58 AM
To: open
I suspect that the smaller one is using Certicom's patented point compression
representation of the public key.
Not sure on the signature part of your question.
Bill
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruno VĂ©tel
Sent: October 9, 2008
The answer is in: "data too large for key size"
According to Secure Programming Cookbook, when using RSA PKCS #1 v1.5
padding you can only encrypt messages up to 11 bytes smaller than the
modulus size in bytes. If you are using RSA-1024, then that is
(1024/8)-11=117 bytes.
Bill
---
several rounds of AES encryption using the Key Encryption
Key. It appears that the output buffer is used as a working area for
this process and thus initializes it with the original plaintext key.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alfred
order to
export crypto. The Canadian Government Export and Import Controls
branch http://www.dfait-maeci.gc.ca/eicb/menu-en.asp provides the
details on how to apply.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fred Picher
Sent: August 18, 2008 2:22
The Secure Programming Cookbook is still available at O'Reilly
http://oreilly.com/catalog/9780596003944/
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Travis
Sent: July 30, 2008 5:21 PM
To: OpenSSL Users
Subject: best book on openssl as c
ubtraction of two EC points
depending on the type of underlying curve. Essentially these routines
first perform a negation of the subtrahend followed by an addition.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pietro Albano
Sent: July 4, 2008 1
--openssldir=/etc/ssl --prefix=/usr zlib-dynamic
make depend
make MANDIR=/usr/share/man
make MANDIR=/usr/share/man install
The "make depend" is only required if options selected during config
require it. A message will appear at the end of the config if it is
needed
.
Then you build a fips capable version of openssl to reside in the target
directories of your choice. If you are using openssl-fips-1.1.1 then
you would do this with openssl-0.9.7m
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Richard: I suggest you look at
http://openssl.hoxt.com/openssl-web/docs/apps/ciphers.html
and
http://www.openssl.org/docs/ssl/SSL_COMP_add_compression_method.html
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Hartmann
Sent: June 25
0.9.8 have used it with f, g and h
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Siddhartha Chhabra
Sent: June 20, 2008 10:07 PM
To: openssl-users@openssl.org
Subject: Re: DSA signing and verification
What version of the library
Check your include statements. You might need either or both of:
#include
#include
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Siddhartha Chhabra
Sent: June 20, 2008 8:39 PM
To: openssl-users@openssl.org
Subject: Re: DSA
= PEM_write_DSAPublicKey(fptr, dsa_E );
/* Transfer the public key file to the remote */
/* where the remote does the following assuming that fptr references
the public key file */
dsa_E = PEM_read_DSAPublicKey( fptr, NULL, NULL, NULL );
Bill
rganization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
Regards
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniela Gutierrez
Sent: June 12, 2008 6:13
I add the flags no-md2 no-ripemd160 no-bf no-camellia no-cast no-idea
no-mdc2 no-rc5
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of vaibhav bindroo
Sent: May 8, 2008 1:17 AM
To: openssl-users@openssl.org
Subject: Re: Building OpenSSL
read_X509_AUX( fptr, NULL, NULL, NULL );
// Extract the public key from the cert structure
EVP_PKEY*evp_A=NULL;
evp_A = X509_get_pubkey( cert_A );
Of course you will want to add appropriate error checking around this
and generalize it.
Bill
_
/nistpubs/800-56A/SP800-56A_Revision1_M
ar08-2007.pdf
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kurapati Raja
Sekhar
Sent: April 24, 2008 12:02 AM
To: openssl-users@openssl.org
Subject: RE: Need help on How to use ECDH in openssl
Hi
You haven't specified which version of OpenSSL you are using, but if it
is a reasonably current version from the 0.9.8 stream, then ECDH should
be there.
For test routines, look at the ec... source in the test directory, like
ecdhtest.c
Bill
openssl x509 -in -noout -text
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chuck Aaron
Sent: April 18, 2008 10:35 AM
To: openssl-users@openssl.org
Subject: Openssl
What is the command please to view the entire contents of a certificate?
Thank you,
Did you do
./config fips
And not other options? I think you might get errors like that if you
added the option shared, which is expressly prohibited in the user
guide.
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed snooper
I have noticed this as well. I believe it operates correctly in the
0.9.9 snapshot.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Bugbee
Sent: February 13, 2008 8:41 PM
To: openssl-users@openssl.org
Subject: Re: ECC Self-Signed Certificate
I'v
CA:TRUE
Signature Algorithm: ecdsa-with-SHA1
30:45:02:21:00:a7:58:a0:52:62:be:42:dd:53:83:6d:4c:c4:
4f:dd:96:24:56:f5:f8:6b:76:ec:3f:cf:fa:0b:41:8c:6c:4b:
85:02:20:24:00:ae:a7:fb:1b:37:cf:77:f6:3e:2e:47:22:ed:
ba:21:0b:79:32:31:3a:07:2b:2f:32:0e:81:4f:8c:eb:b0
metric and hashing algorithms of equivalent strength.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sateesh Babu
Sent: January 11, 2008 7:03 AM
To: openssl-users@openssl.org
Subject: How to use ECDH_compute_key
Hi,
There is not enough documentation on th
ed "field of use".
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar
Bollineni
Sent: January 10, 2008 2:12 PM
To: openssl-users@openssl.org
Subject: About ECC patent and OpenSSL ECC code
Hi there,
I have a ques
ation as input to a
Key Derivation Function to generate as many bits as are required for the
application.
Another reference is NIST Special Publication 800-56A (chapter 6)
http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_M
ar08-2007.pdf
5
Num Bytes for g=1
Return code from generate key=1
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Agustin Cozzetti
Sent: December 14, 2007 5:30 AM
To: openssl-users@openssl.org
Subject: Doubt about the use and initialization of DH str
You should probably investigate HMAC-SHA1
There is an example of the openssl command in Appendix C of
http://www.openssl.org/docs/fips/SecurityPolicy-1.1.1.pdf
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Vittorio Giovara
Sent: December 8, 2007
.
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of PS
Sent: November 29, 2007 3:54 PM
To: openssl-users@openssl.org
Subject: Openssl Command line in FIPS mode
Hi,
The openssl User-Guide only mentions about how to create an application
in
They relate to the type of elliptic curve.
P is for polynomial basis curves. Also sometime referred to as prime
modulus curves.
B is for normal basis curves
K is for Koblitz curves. These are special cases of normal basis curves
that are faster for some operations.
Bill
-Original
For a list of comparable key lengths for various algorithms, see Table 2
on page 63 of
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised
2_Mar08-2007.pdf
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz
Sent
ips
bad decrypt
20049:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:509:
Decrypting a.fips
So a file encrypted in FIPS mode must be decrypted in FIPS mode and a
file encrypted in non-FIPS mode must be decrypted in non-FIPS mode.
One might expect that aes-256-cbc would operate the same regardless of
whether it is FIPS mode or not. Am I missing something here?
Bill
Thanks for the explanation as to why this is occurring.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: September 25, 2007 11:49 AM
To: openssl-users@openssl.org
Subject: Re: EC Oddity
Some of the newer functions in
compiler warnings. It seems that EC_GROUP is inconsistently defined in
the include files between its various uses. Is this also expected?
Bill
You need to specify a cipher for encrypting your private key. Something
like:
openssl rsa -in nopassword.key -des3 -out password.key
You will be prompted for a passphrase.
-des3 could be replaced by -aes128, -aes192, or -aes256 if you want a
stronger cipher for encryption.
Bill
-Original
Marek: I suspect Markus is referring to ECIES (Elliptic Curve
Integrated Encryption Scheme) as specified in ANSI X9.63 and the IEEE
P1363a Draft.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: September 19, 2007 7:35 AM
To
the plaintext data
without padding.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin Salo
Sent: September 4, 2007 12:30 PM
To: openssl-users@openssl.org
Subject: Re: AES cbc? How to Init Openssl?
Thanks for the examples. :-)
You wrote:
>
Martin: I couldn't get your code to compile. However, I could get this
to work:
#include
#include
int main() {
// Do some init:
RSA *oRsaKey = NULL;
int iLength=2048;
// Generate the key:
oRsaKey = RSA_generate_key(iLength, 65537, NULL, NULL);
// Write key to hard disk (for testing)
FILE *
Suggest you pick up a copy of Secure Programming Cookbook. It has
exactly what you are looking for in chapters 7.10 and 7.11.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin Salo
Sent: August 30, 2007 7:37 AM
To: openssl-users@openssl.org
You should see that each of the pt files are the same and the ct files
are different.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Elia, Leonard F.
Sent: August 10, 2007 3:29 PM
To: openssl-users@openssl.org
Subject: OpenSSL fips mode fails to
algorithms are disabled once you
enable FIPS MODE.
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Raymond Yuan
Sent: July 5, 2007 7:33 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL FIPS module doesn't support RSA publi
o the
FIPS approved algorithms.
Bill
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlo Milono
Sent: June 1, 2007 1:09 AM
To: openssl-users@openssl.org
Subject: Q's on making 0.9.8e with FIPS 1.1.1 and no-cipher/enable-cipher
On a Linux A
1 - 100 of 201 matches
Mail list logo
