Similar patch [0] is waiting for inclusion since 2010. Good luck :)
[0] https://rt.openssl.org/Ticket/Display.html?id=2145
Regards, Jaroslav
On Wed, Nov 18, 2015 at 4:24 PM, Michal Bozon via RT wrote:
> OpenSSL TSA (ts) code is still using SHA-1 message digest algorithm,
>
I have cleaned the patch from unnecessary whitespace changes.
Kind regards, Jaroslav
ts_signing_digest_cleaned.patch
Description: Binary data
smime.p7s
Description: S/MIME cryptographic signature
Hello Steve,
I have posted similar patch 4 years ago - please take a look at #2145. It
contains also accessor function, documentation updates, digest algorithm can
be specified in the configuration file etc. I will apply the flags technique
you have mentioned and will post the update. Can you
Thank you for the comment - I have moved the new field at the end of the
TS_RESP_CTX structure.
I have also introduced TS_SIGNING_DIGEST flag that should prevent binary
compatibility issues when application allocates TS_RESP_CTX itself using older
headers but uses a newer library - you have
I've tested todays snapshot and I can confirm that all issues are resolved.
Kind Regards
Jaroslav Imrich
Disig, a.s.
Zahradnicka 151, 821 08 Bratislava 2
jaroslav.imr...@disig.sk
www.disig.sk
__
OpenSSL Project
Your code successfuly fixed problems no.2 and no.3.
However problem no.1 (output of strange binary characters) described in my
initial email is still there. Buffer that stores prompt really needs to be
zeroed. Please see my initial patch (memset) for more details.
Kind Regards
Jaroslav
Hello all,
during the development of application that uses nCipher nShield F3 HSM I
found few problems in current implementation (0.9.8m) of chil engine.
Problem no.1:
Prompt for card insertion was displayed with leading binary characters
(see attached screenshot). Zeroing of buffer where
I've just realized that chil.patch I sent in my first e-mail can cause troubles
when hwcrhk library passes null as stated in nCipher headers.
I am attaching modified version chil2.patch that supports both null and an
empty string.
Sorry for inconvenience.
--
Jaroslav Imrich
Disig, a.s.
Hello all,
during development of application that uses ENGINE and UI I found out
that UI provided by UI_OpenSSL() is almost perfect for me except for the
prompt_constructor. After short research I found prototype for
UI_construct_prompt function in openssl/ui.h with following
description ..if
Hello,
I am attaching patch that introduces new parameter signing_digest to
the TSA section of OpenSSL configuration file. This parameter allows
user to set digest algorithm used for TS response signing. Instead of
previous default signature SHA1withRSA it is now possible to create TS
responses
10 matches
Mail list logo