Hi all,
We use the OpenSSL FIPS Object Module v.2.0, but are not allowed anymore (as of
the start of this year) to submit new product for validation because the RSA
implementation is only FIPS 186-2 compliant. Based on extensive review and
research it seems to be possible to "patch" the RSA key
On Wed, 26 Mar 2014 06:55:41 + geoff_l...@mcafee.com wrote:
>It looks as though CVE-2014-0076 affects OpenSSL 0.9.8-based
>distributions as well, correct?
Yes, 0.9.8y also uses the same Lopez/Dahab algo when computing
elliptic scalar mult on curves defined over "binary fields"
(i.e. GF(2^m)).
On 03/26/2014 03:19 AM, Leon Brits wrote:
> Hi all,
>
>
>
> We use the OpenSSL FIPS Object Module v.2.0, but are not allowed anymore
> (as of the start of this year) to submit new product for validation
> because the RSA implementation is only FIPS 186-2 compliant. Based on
> extensive review a
> Much of the mystery and inconsistency of cryptographic module validation
> would be obviated if the results of validations were more fully disclosed. At
> present details about validations are treated as state secrets, with the
> singular exception of our open source based validations.
Sadly
On Tue, Mar 25, 2014, geoff_l...@mcafee.com wrote:
> It looks as though CVE-2014-0076 affects OpenSSL 0.9.8-based distributions as
> well, correct?
>
>
Yes that's correct but we weren't planning on making any more 0.9.8 releases.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer
On Tue, Mar 25, 2014 at 09:23:58PM +, geoff_l...@mcafee.com wrote:
> It looks as though CVE-2014-0076 affects OpenSSL 0.9.8-based
> distributions as well, correct?
Isn't this an ECDSA issue? I thought that EC algorithms are by
default disabled in OpenSSL 0.9.8 (require explicit ECCdraft in
c
On Wed, Mar 26, 2014, Viktor Dukhovni wrote:
> On Tue, Mar 25, 2014 at 09:23:58PM +, geoff_l...@mcafee.com wrote:
>
> > It looks as though CVE-2014-0076 affects OpenSSL 0.9.8-based
> > distributions as well, correct?
>
> Isn't this an ECDSA issue? I thought that EC algorithms are by
> defau
Looking at the fips_canister.c I see that ia32 (32-bit and 64-bit) systems are
not enabled with the cross compiling when using 'Linux'. But ia32 (32-bit) is
enabled on Android systems.
This is preventing me from cross compiling and using the fipsld with the incore
script to link my applicatio
On 03/26/2014 12:30 PM, Mark Hatle wrote:
> Looking at the fips_canister.c I see that ia32 (32-bit and 64-bit)
> systems are not enabled with the cross compiling when using 'Linux'.
> But ia32 (32-bit) is enabled on Android systems.
>
> This is preventing me from cross compiling and using the fip
Dr. Stephen Henson openssl.org> writes:
> > On Wed, Mar 26, 2014, Viktor Dukhovni wrote:
> > Perhaps given the number of post-0.9.8y commits pending on the
> > OpenSSL_0_9_8-stable branch, one final "z" release could be issued,
> > no more commits made after that, and plans to not make any further
On 3/26/14, 2:41 PM, Steve Marquess wrote:
On 03/26/2014 12:30 PM, Mark Hatle wrote:
Looking at the fips_canister.c I see that ia32 (32-bit and 64-bit)
systems are not enabled with the cross compiling when using 'Linux'.
But ia32 (32-bit) is enabled on Android systems.
This is preventing me fro
11 matches
Mail list logo
