From: openssl-users On Behalf Of open...@lists.killian.com
Sent: Wednesday, February 18, 2015 13:26
I noticed that openssl(1) says that various things have been superseded by
genpkey, so I tried changing my scripts to use it. It works fine for RSA,
but the
man page is not very helpful on EC.
On 02/19/2015 11:09 AM, Salz, Rich wrote:
For instance, any of the void DES_*_encrypt(). This cursory observation is
also supported by a vendor application code such as:
Ah, okay. Those functions are 'just math' They depend on no external state.
They can't fail. It's shifts and
From: Dr. Stephen Henson st...@openssl.org
To: openssl-users@openssl.org
Date: 02/19/15 11:34
Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting
The low level cipher and digest APIs cannot be used in FIPS mode: you have to
use EVP.
That's quite an important
Hello,
I have some questions regarding table '6b - Conditional Tests' of the
2.0.7 Security Policy.
It is mentioned that there are continuous tests for stuck fault. Is
the meaning of 'continuous' a the matter of frequency ? Or are these
continuous tests ran each time an algorithm is used ?
The
Hello,
Could you please comment on the following ? Any suggestion, insight,
hint, is greatly appreciated.
In FIPS mode, the OS, the device, must be aware of crypto errors, and
adopt a certain behaviour when one occurs. Like shutting down all
data output interfaces.
This means that when using
On Thu, Feb 19, 2015 at 05:19:37AM -0500, jone...@teksavvy.com wrote:
Hello,
Could you please comment on the following ? Any suggestion, insight,
hint, is greatly appreciated.
In FIPS mode, the OS, the device, must be aware of crypto errors, and
adopt a certain behaviour when one occurs.
On Thu, Feb 19, 2015, Dave Thompson wrote:
From: openssl-users On Behalf Of open...@lists.killian.com
Sent: Wednesday, February 18, 2015 13:26
I noticed that openssl(1) says that various things have been superseded by
genpkey, so I tried changing my scripts to use it. It works fine for
For that matter and in a general sense, so far I've seen that many encryption
methods do not return any error code. How does error reporting generally
works ?
Really? Which ones?
___
openssl-users mailing list
To unsubscribe:
On 02/19/2015 05:19 AM, jone...@teksavvy.com wrote:
...This means that when using OpenSSL, a link must be made between
OpenSSL (or the application using it) and the OS, if only to signal
the OS of such errors.
Ummm, no. The FIPS module stops functioning (i.e. doesn't perform any
useful crypto
For instance, any of the void DES_*_encrypt(). This cursory observation is
also supported by a vendor application code such as:
Ah, okay. Those functions are 'just math' They depend on no external state.
They can't fail. It's shifts and masking, etc.
This is basically why I'm wondering
On 2015/2/19 00:22, Dave Thompson wrote:
genpkey has a standard idea, across all algorithms that have parameters
(which RSA does not), to generate parameters and key(s) as separate
steps with a file in between. For DSA and DH this is good; you may want
to generate your own params, or you may
I wanted to switch to having separate signing and encryption
certificates. I followed the outline at Stefan Holek's excellent
http://pki-tutorial.readthedocs.org/en/latest/expert/index.html
That is the signing cert request used
keyUsage= critical,digitalSignature
Hello,
I have some questions regarding table '6b - Conditional Tests' of the
2.0.7 Security Policy.
It is mentioned that there are continuous tests for stuck fault. Is
the meaning of 'continuous' a the matter of frequency ? Or are these
continuous tests ran each time an algorithm is used
On Thu, Feb 19, 2015, jonetsu wrote:
-Original Message-
From: Salz, Rich rs...@akamai.com
To: openssl-users@openssl.org
Date: 02/19/15 07:43
Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting
For that matter and in a general sense, so far I've
-Original Message-
From: Salz, Rich rs...@akamai.com
To: openssl-users@openssl.org
Date: 02/19/15 07:43
Subject: Re: [openssl-users] FIPS, continuous tests, and error reporting
For that matter and in a general sense, so far I've seen that many
encryption
methods do not
-Original Message-
From: Marcus Meissner meiss...@suse.de
To: openssl-users@openssl.org
Date: 02/19/15 08:07
Subject: Re: [openssl-users] OpenSSL FIPS mode system integration
Well, the writing is that the crypto module must stop operating
on error.
We solved this by
jone...@teksavvy.com
jone...@teksavvy.com writes:
Hello,
Could you please comment on the following ? Any suggestion, insight,
hint, is greatly appreciated.
In FIPS mode, the OS, the device, must be aware of crypto errors, and
adopt a certain behaviour when one occurs. Like shutting down
17 matches
Mail list logo