On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote:
TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC
which
is a problem, but the reason for not using SSLv3 is FIPS regulation.
Not Exactly. The TLS PRF uses *both* SHA1 and MD5, in a way which
is carefully
i2d_RSAPublicKey( RSA, NULL ) is to be used to get the size of an RSA
structure.
The following code shows that it does not return the correct value.
#define _GNU_SOURCE
#include string.h
#include stdio.h
#include stdlib.h
#include openssl/rsa.h
#define
William Estrada wrote:
i2d_RSAPublicKey( RSA, NULL ) is to be used to get the size of an RSA
structure.
Yes it can and it does. It returns the value for the *public* key - the rest of
your code is looking at the *private* key.
Change the line:
Len = i2d_RSAPublicKey( My_RSA, NULL );
To
Hi All,
I have my own implementation for RC4. I have overridden it in an
engine. I am using a simple C code to test. It initializes the cipher
using EVP_ini*. However when I trace, the call doesn't land into my
implementation. I have also overridden the AES. And it works perfectly
ok.
On Sun, Sep 21, 2008 at 12:58:26PM +1000, Michael Gray wrote:
On Sat, Sep 20, 2008 at 06:24:31AM +1000, Michael Gray wrote:
TLS uses MD5 as well in the PRF. The PRF in SSLv3 is not a true HMAC
which
is a problem, but the reason for not using SSLv3 is FIPS regulation.
Not
On Sun, Sep 21, 2008 at 12:58:26PM +1000, Michael Gray wrote:
Not Exactly? Both TLS and SSLv3 both use SHA1 and MD5 in the PRF, which
is IMHO very cleaver as it requires both HASH functions to be broken. But,
the TLS PRF is a HMAC for both SHA1 and MD5 whereas SSLv3 is not. The
specific
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the library built supports all algorithms
and when in FIPS mode it disables the use of non-approved algorithms.
A single
On Tue, Sep 23, 2008 at 08:26:23AM +1000, Tim Hudson wrote:
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the library built supports all
algorithms and when in FIPS mode it