[FIPS] is EVP_des_ede_ecb permitted ?
Dear team In FIPS mode is the cipher "EVP_des_ede_ecb" permitted or not ? If i check the openssl.org fipscansitor code then in the file fips_des_selftest.c , I can see that the self test for only EVP_des_ede3_ecb is being done . In Centos openssl code (openssl-1.0.2k-19.el7.src.rpm) , in the file fips_des_selftest.c , function FIPS_selftest_des() I can see that the self test for both EVP_des_ede_ecb and EVP_des_ede3_ecb . Thanks and regards Akshar
[openssl-users] [AES-GCM] TLS packet nounce_explicit overflow
Dear team In AES-GCM mode i know that the final counter will be [4 bytes salt which is negotiated between client and serevr ] + [8 bytes of random bytes which are generated using RAND_bytes (nounce_explicit). nounce] + [32 bit counter ] nounce_explicit will be incremented for every TLS packet and will be sent in the packet . * if the nounce _explicit overflows or overlaps , then does openssl code handles it (atleast by initiating renegotiation )?* I know that it will take 2^64 TLS packets in one direction . It is practically not possible but theoritically possible . 32 bit counter should not be a problem , since individual TLS packet has to be more than 68GB for this counter to overflow or overlap . This will not be possible . Please correct me if I am wrong ? Thanks and regards Akshar -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] POODLE attack on TLS1.2
Dear Team In https://en.wikipedia.org/wiki/POODLE , It is mentioned that POODLE attack is possible aganist *TLS *also . has this issue been alredy addressed in openssl . Thanks and regards Akshar -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [FIPS compliance] ssl reneg when counter overflows(AES_GCM)
Dear team as per the documnet http://csrc.nist.gov/groups/ STM/cmvp/documents/fips140-2/FIPS1402IG.pdf page 150 , Its mentioned The implementation of the nonce_explicit management logic inside the module shall ensure that when the nonce_explicit part of the IV exhausts the maximum number of possible values for a given session key (e.g., a 64-bit counter starting from 0 and increasing, when it reaches the maximum value of 2 64 -1), *either party (the client or the server) that encounters this condition triggers a handshake toestablish a new encryption key – see Sections 7.4.1.1 and 7.4.1.2 in RFC 5246*. is this being handled by openssl ? in the source code of openssl i am not able find out the exact location where this renegotiation is initiated when the counter over flows ? Thanks in advance Thanks and regards Akshar -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] [FIPS compliance] ssl reneg when counter overflows(AES_GCM)
Dear team as per the documnet http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf page 150 , Its mentioned The implementation of the nonce_explicit management logic inside the module shall ensure that when the nonce_explicit part of the IV exhausts the maximum number of possible values for a given session key (e.g., a 64-bit counter starting from 0 and increasing, when it reaches the maximum value of 2 64 -1), *either party (the client or the server) that encounters this condition triggers a handshake toestablish a new encryption key – see Sections 7.4.1.1 and 7.4.1.2 in RFC 5246*. is this being handled by openssl ? in the source code of openssl i am not able find out the exact location where this renegotiation is initiated when the counter over flows ? Thanks in advance Thanks and regards Akshar -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users