OpenSSL PRNG built in polling function strength

Hello,   I am using OpenSSL 0.9.8l on windows that is built according to FIPS user guide. And I would like to understand what is the strength in terms of random of the random data that is gathered by OpenSSL built in functions that poll for random data on OpenSSL startup (rand_poll function).  

RE: Crash when using FIPS OpenSSL

Cheers, Hagai. From: Hagai Yaffe Sent: Thursday, December 04, 2008 11:08 PM To: openssl-users@openssl.org Subject: Crash when using FIPS OpenSSL Hello, I am working on using OpenSSL in FIPS mode in my application, I am using OpenSSL 0.9.7m on windows. I

Upgrade from 0.9.7m to 0.9.8i - are there known pitfalls?

Hello, I have a windows OpenSSL based application, I am using OpenSSL for: * Symmetric encryption (3DES & AES) * Asymmetric encryption (RSA) * SSL I have been using 0.9.7 for several years, and now I am planning on upgrade to 0.9.8i, I would be happy to hear from any o

Crash when using FIPS OpenSSL

Hello, I am working on using OpenSSL in FIPS mode in my application, I am using OpenSSL 0.9.7m on windows. I have successfully built OpenSSL according to the FIPS user guide, but on specific operation my application crashes inside OpenSSL. I have created a small program that demonstrates th

OpenSSL Standard version VS last STABLE version

Hello, I am using OpenSSL in my application and generally I download OpenSSL versions when they are announced on www.openssl.org (I have called this Standard release tough I am not sure if this is the right term) and embed the new version into my software. How ever I

Avoid large memory consumption when using pkcs7_sign

Hello, I am using PKCS7_sign for applying Digital Signature to files, when I am creating an enveloped PKCS#7 file that contains also the signed file content all the signed file data is being loaded to memory (this would be a problem with large files), I know that I can use the DEACHED option to

Question reagrding OpenSSL recent security advisory

Hello,   I have read the advisory an I am a bit puzzled regarding the there are CAs using exponent 3 in wide use comment, I have tried to check and could not found any CA using this exponent, all the CA’s I have seen are using 0x10001 (CA’s I have generate by OpenSSL using default values,

RE: Creating an Application according to the OpenSSL FIPS Security Policy

sers@openssl.org Subject: Re: Creating an Application according to the OpenSSL FIPS Security Policy On Tue, Jun 27, 2006, Hagai Yaffe wrote: > > I would then like to use that DLL from a few applications (by way of > linking or dynamic loading), this DLL will provide all the cryp

Creating an Application according to the OpenSSL FIPS Security Policy

Hello,   I have gone over the OpenSSL FIPS Security Policy & User Guide and was able to build a test OpenSSL based application according to FIPS Security Policy, I think that I have quite a clear understating of the OpenSSL FIPS field.   How ever I came across a more complicated situat

Createing an Application acording to the OpenSSL FIPS Security Policy

Hello,   I have gone over the OpenSSL FIPS Security Policy & User Guide and was able to build a test OpenSSL based application according to FIPS Security Policy, I think that I have quite a clear understating of the OpenSSL FIPS field.   How ever I came across a more complicated situat

Using MD5 in FIPS OpenSSL for RADIUS support

Hello,   I am using OpenSSL version 0.9.7d for cryptographic needs of my application, among other uses I am using MD5 to implement RADIUS client. I would like to use the FIPS compliant version of OpenSSL but MD5 is not one of the certified algorithms, this is a problem since MD5 is part o

PKI question, trusting subordinate CA

Hello,   I am using OpenSSL to implement SSL in my application, I would like to enable trusting subordinate CA in my server (I do not want to trust the root CA and other subordinate CA’s, only a specific subordinate CA), I have used the verify callback and I can do this, but I have anothe

Information regarding LRW-AES

Hello, I have a system that uses OpenSSL to encrypt files using AES in CBC mode, I have recently heard about another encryption mode for AES called LRW-AES which is preferable for disk encryption, is this true also for files encryption? Am I vulnerable to attacks that would not be feasibl

OpenSSL Random Number Generator

Hello,   I am looking for some documentation regarding OpenSSL Random Number Generator, I have looked on the net and could not find what I need. I mainly need some compression between OpenSSL Random Number Generator and other Random Generation algorithms (Blum-Blum-Shub, FIPS 186, RPK). I

Duplicate X509_STORE_CTX / X509_STORE

ading from files). If there are such functions or if someone has already handled this issue and could guide me to finding a solution I would be most obliged. Thanks, Hagai Yaffe. __ OpenSSL Pr

RE: Partitioned CRL's support

Thanks a lot for your help. Hagai. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Wednesday, July 20, 2005 8:12 PM To: openssl-users@openssl.org Subject: Re: Partitioned CRL's support On Wed, Jul 20, 2005, Hagai Yaffe wrote: >

Partitioned CRL's support

Hello,   I am using openssl (version 0.9.7) to support PKI authentication to my product and I would like to implement revocation support, I have successfully implemented support for a CA that publish a full CRL but I have a problem working with CA’s that publishes partitioned CRL’s.  

Using new objects store in 0.9.8 for certificates and keys

Hello,   I would like to be able to store certificates and keys in a permanent location, and I ubderstand that in openssl 0.9.8 version it is possible with the new objects store. If you have an example of how to work with the objects store with default engine, (suppose I only want to use

get openssl fips version snapshot.

Hello, I have looked around the www.openssl.org site and could not find where can I download a tarball of the openssl fips version, can anyone tell me where can I get it from ? Thanks. Hagai. __ OpenSSL Project