Re: [openssl-dev] [openssl.org #4147] TSA: SHA-1 update

Similar patch [0] is waiting for inclusion since 2010. Good luck :) [0] https://rt.openssl.org/Ticket/Display.html?id=2145 Regards, Jaroslav On Wed, Nov 18, 2015 at 4:24 PM, Michal Bozon via RT wrote: > OpenSSL TSA (ts) code is still using SHA-1 message digest algorithm, >

[openssl.org #2145] New parameter signing_digest for TS module

I have cleaned the patch from unnecessary whitespace changes. Kind regards, Jaroslav ts_signing_digest_cleaned.patch Description: Binary data smime.p7s Description: S/MIME cryptographic signature

[openssl.org #3285] openssl ts -reply can specify message digest algorithm for signing

Hello Steve, I have posted similar patch 4 years ago - please take a look at #2145. It contains also accessor function, documentation updates, digest algorithm can be specified in the configuration file etc. I will apply the flags technique you have mentioned and will post the update. Can you

RE: [openssl.org #2145] [PATCH] New parameter signing_digest for TS module

Thank you for the comment - I have moved the new field at the end of the TS_RESP_CTX structure. I have also introduced TS_SIGNING_DIGEST flag that should prevent binary compatibility issues when application allocates TS_RESP_CTX itself using older headers but uses a newer library - you have

RE: [openssl.org #2192] [PATCH] chil engine displays weird prompts to the end user

I've tested todays snapshot and I can confirm that all issues are resolved. Kind Regards Jaroslav Imrich Disig, a.s. Zahradnicka 151, 821 08 Bratislava 2 jaroslav.imr...@disig.sk www.disig.sk __ OpenSSL Project

RE: [openssl.org #2192] [PATCH] chil engine displays weird prompts to the end user

Your code successfuly fixed problems no.2 and no.3. However problem no.1 (output of strange binary characters) described in my initial email is still there. Buffer that stores prompt really needs to be zeroed. Please see my initial patch (memset) for more details. Kind Regards Jaroslav

[openssl.org #2192] [PATCH] chil engine displays weird prompts to the end user

Hello all, during the development of application that uses nCipher nShield F3 HSM I found few problems in current implementation (0.9.8m) of chil engine. Problem no.1: Prompt for card insertion was displayed with leading binary characters (see attached screenshot). Zeroing of buffer where

RE: [openssl.org #2192] AutoReply: [PATCH] chil engine displays weird prompts to the end user

I've just realized that chil.patch I sent in my first e-mail can cause troubles when hwcrhk library passes null as stated in nCipher headers. I am attaching modified version chil2.patch that supports both null and an empty string. Sorry for inconvenience. -- Jaroslav Imrich Disig, a.s.

[openssl.org #2188] [PATCH] OpenSSL UI misses getter and setter functions for user-defined prompt constructor

Hello all, during development of application that uses ENGINE and UI I found out that UI provided by UI_OpenSSL() is almost perfect for me except for the prompt_constructor. After short research I found prototype for UI_construct_prompt function in openssl/ui.h with following description ..if

[openssl.org #2145] [PATCH] New parameter signing_digest for TS module

Hello, I am attaching patch that introduces new parameter signing_digest to the TSA section of OpenSSL configuration file. This parameter allows user to set digest algorithm used for TS response signing. Instead of previous default signature SHA1withRSA it is now possible to create TS responses