Re: [openssl-users] DSA with OpenSSL-1.1

Well, since we will never go to 1.1, I guess we don't have to worry about it. From: openssl-users on behalf of Kurt Roeckx Sent: Saturday, July 2, 2016 5:53:20 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] DSA with OpenSSL-1.1 On Fri, Jul 01, 20

[openssl-users] Looking for the Changelog in openssl-fips-2.0.12

Hello, I am looking for the Changelog that explains the changes between openssl-fips-2.0.9 and 2.0.12. The README.FIPS that comes with 2.0.12 points here: https://www.openssl.org/docs/fips but I cannot find the changes. Any help would be most appreciated. Thanks, Phil [E-Banner]

[openssl-users] Key Deriviation Function Tests for TLS

Hello, In pursuit of FIPS validation using OpenSSL 1.0.2a/ FIPS 2.0.9, we are required by our testing lab to perform KDF tests for TLS (see document NIST SP800-135, Rev 1 section 4.2). Could you please point us to where the source for the KDF TLS test(s) are available. Thank you, Phil Belli

[openssl-users] FIPS test parse error?

One more item of note: The code appears to be erroring out on the keyword SEED. Looking at the source code there appears to be no provision to accept that word, hence the parse error. Hello, We are testing our FIPS implementation which is based on openssl-1.0.2a and openssl-fips-2.0.9.

[openssl-users] FIPS test parse error?

Hello, We are testing our FIPS implementation which is based on openssl-1.0.2a and openssl-fips-2.0.9. We are executing tests on the target machine (which doesn't support running perl scripts so we cannot run fipsalgtest.pl) that are included in the openssl-fips-2.0.9/fips directory, using req

[openssl-users] FIPS Validation questions

Hello, We use OpenSSL-1.0.2a and FIPS 2.0.9 and have questions we need to answer in conjunction with the FIPS validation process. One question is whether SHA1 accepts NULL (zero-length) messages? I couldn't find anything on the OpenSSL wiki so I thought I'd ask here. Also, another questions is

[openssl-users] FIPs validation questions

Hello, We use OpenSSL-1.0.2a and FIPS 2.0.9 and have questions we need to answer in conjunction with the FIPS validation process. One question is whether SHA1 accepts NULL (zero-length) messages? I couldn't find anything on the OpenSSL wiki so I thought I'd ask here. Also, another questions

Re: [openssl-users] FIPS wrapper to lock low level AES calls in FIPS mode

users-boun...@openssl.org] On Behalf Of Philip Bellino Sent: Monday, April 06, 2015 8:03 AM To: openssl-users@openssl.org Subject: [openssl-users] FIPS wrapper to lock low level AES calls in FIPS mode Hello, We are using Openssl-1.0.2a with FIPS 2.0.9 on Linux PPC environment. We have code that we a

[openssl-users] FIPS wrapper to lock low level AES calls in FIPS mode

Hello, We are using Openssl-1.0.2a with FIPS 2.0.9 on Linux PPC environment. We have code that we assume needs updating, to avoid using low level routines in FIPS. For example, our snmp v3 implementation currently decrypts/encrypts using AES_set_encrypt_key() and AES_cfb128_encrypt(). The old dec

Re: [openssl-users] Encryption length, OpenSSL_add_all_algorithm, and OpenSSL_add_all_ciphers questions

/OpenSSL_add_all_algorithms.html Also : https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption Hope this helps, Regards, Michel. De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de Philip Bellino Envoyé : jeudi 26 mars 2015 15:53 À : openssl-users@open

[openssl-users] Encryption length, OpenSSL_add_all_algorithms, and OpenSSL_add_all_ciphers questions

I am using OpenSSL-1.0.2a EVP routines to encrypt and decrypt passwords with cipher des_ede3_cbc as follows: encrypt routines: EVP_CIPHER_CTX_init EVP_EncryptInit_ex EVP_EncryptUpdate EVP_EncryptFinal_ex EVP_CIPHER_CTX_cleanup decrypt routines: EVP_CIPHER_CTX_init EVP_DecryptInit_ex EVP_DecryptUp

[openssl-users] AES CBC approved encryption algorithm/option in FIPS

Hello, I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question? If AES CBC Encryption is considered vulnerable to an attacker with the capability to inject arbitrary traffic into the plain-text stream, then why is it listed as an approved algorithm/option in table 4A on page 14

[openssl-users] HMAC-SHA1-96 in FIPS

Hello, I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question. In the FIPS-198-1 document, Chapter 5 discusses truncation with MACs. http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf I believe HMAC-SHA1-96 falls under this category, but I do not see its s

[openssl-users] make depend error in openssl-1.0.2/crypto

Hello, We built OpenSSL-1.0.1j (and OpenSSL-fips-2.0.7) within my PowerPC-target build environment and have been using it successfully. We now have upgraded to use OpenSSL-1.0.2 (and OpenSSL-fips-2.0.9). It cannot successfully build because of the following error (which occurs identically 16 ti

[openssl-users] FIPS JCE cryptographic modules usage with Openssl-1.0.1j and openssl-fips-2.0.7

Hello, I apologize if this is not the correct forum for my questions, so here goes. 1. Are the RSA JSafeJCE and the IBM' IBMJESFIPS cryptographic modules being used widely against Openssl in FIPS mode? 2. If so, have these modules kept pace with the latest Openssl FIPS implementat

Differences between openssl-fips-2.0.7 and 2.0.8

Hello, I am currently using openssl-fips-2.0.7 and I noticed that 2.0.8 is available on the website. Neither distribution contain a changelog, so I was wondering what changes were made to 2.0.8. Thanks, Phil Phil Bellino Principal Software Engineer | MRV Communications Inc. 300 Apollo Drive | C

RE: Query: Disabling SSLv3

Jeffrey, May I ask why you included "no-ssl2" as an option to "config? Is only adding "no-ssl3" not sufficient enough to fully disable SSLv3? Thanks, Phil -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton Sent: W

hearbeat_test in openssl-1.0.1j

Hello, Using an FC core Linux 2.6.x i686 system. In openssl-1.0.1h, we were able to build/execute the heartbeat_test as is. In Openssl-1.0.1j, we are now required to add a Configure option "enable-unit-test" to use the heartbeat_test. Also, the heartbeat_test executable in 1.0.1h was 14K in s

RE: Make depend issue in Openssl-1.0.1j/ssl

search paths. This will get the correct header files from the source tree. If you do something like '-nostdinc -I${SYSROOT}/usr/include -I', then the reverse will happen. Ref https://gcc.gnu.org/onlinedocs/cpp/Search-Path.html. Jay On 10/30/2014 12:40 PM, Philip Bellino wrote: Hello, I

Make depend issue in Openssl-1.0.1j/ssl

Hello, I am running in the following issue when I do a "make depend (after the "./config shared no-ssl3"): making depend in ssl... make[3]: Entering directory '.../openssl-1.0.1j/ssl' s3_lib.c:3370:4: #error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. d1_lib.c:27

Openssl-1.0.1h/test ssltest

Hello, I am attempting to use the tests provided in the 'test' directory of the openssl-1.0.1h software. I have successfully built and ran the tests on our target hardware. There is one test in particular, "ssltest", that appears to have a multitude of optional arguments/options that could be p

openssl-fips-2.0.7/test make errors

Hello, I am attempting to use the tests provided in the 'test' directory of the openssl-fips-2.0.7 software. I am under the impression that I should be able to build these tests, transport them to our target hardware and execute them in order to test our port of the openssl and fips software. 'm

Broken getaddrinfo

Hello, I previously emailed this issue to the ([EMAIL PROTECTED]) and was told to email openssl instead, so here goes: Linux 2.6.22.9 Openssl-0.9.8e Ipsec-tools-0.7 When I run the configure script for ipsec-tools-0.7 as follows: "./configure -with-openssl=/usr/local/ssl -enable-ipv6" produces