On Sat, Jul 28, 2018, 09:13 Devang Kubavat wrote:
> Hi Kaarhik,
>
> Please refer https://github.com/ThomasHabets/openssl-tpm-engine. It is
> OpenSSL TPM Engine. It will help to offload all crypto operation to TPM.
>
Is this for tpm2.0?
> Regards,
> Devang.
>
> On Tue, Jul 24, 2018 at 4:48 PM,
On Tue, Jul 24, 2018 at 4:18 AM, Kaarthik Sivakumar
wrote:
> Hello
>
> I need to create a key pair using a TPM (proprietary) and build a CSR and
What TPM Version?
If it's TPM 2.0, a new Engine project has emerged here:
https://github.com/tpm2-software/tpm2-tss-engine
This might be able to
On Wed, Jul 25, 2018 at 11:30 AM, Michael Wojcik
wrote:
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
>> Sudarshan Soma
>> Sent: Wednesday, July 25, 2018 12:13
>
>> But rand() returns max value of 32767 . Is there a recomended way to
>> convert RAND_bytes to
I can successfully deconstruct an an ECDSA Signature Sequence, but now I
need
to construct it, and I am getting lost.
The format I need to build is:
sECDSA-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER }
I have r and s as buffers in the same format as returned from:
d2i_ASN1_INTEGER() if one
On Fri, Apr 13, 2018 at 2:55 PM, Richard Levitte <levi...@openssl.org> wrote:
> In message
> <CAFftDdqWPXq1+Mo9_6J0EzhZ4uwg5QC=R5fx8N1j=qycha8...@mail.gmail.com> on Fri,
> 13 Apr 2018 09:17:28 -0700, William Roberts <bill.c.robe...@gmail.com> said:
>
> bill.
I am currently working on writing an openssl engine
to interface with a piece of hardware.
I am trying to understand how to implement
rsa key generation, where the private key
bytes would not be available.
I am currently invoking the
command:
openssl genrsa -engine foo
Which is calling my
he CAPI engine) implement the genrsa hook. If you are
> looking for wide compatibility you may wish to ask your clients to do key
> generation using an external utility (as that's how almost everyone else
> does it).
I have only looked at the PKCS11 module, and it's quite limited in
functiona
I would like to use OpenSSL to compute the DigestInfo structure to
pass to a TPM for a TPM side RSA_Decrypt() operation when the TPM
doesn't support the digest algorithm.
I see in crypt/rsa_sign.c the routine encode_pkcs1() seems to do what
I want. Is their
a public version of this or a better
On Wed, Nov 28, 2018 at 1:22 AM Fuchs, Andreas
wrote:
>
> Hi all,
>
> I'm currently implementing a TPM2 engine for OpenSSL over at
> https://github.com/tpm2-software/tpm2-tss-engine
> The problem I'm facing is that OpenSSL's TLS negotiation will request ECDSA
> from my engine with any hash alg,
This thread actually has some code on it for doing this:
https://www.mail-archive.com/openssl-users@openssl.org/msg86672.html
Bill
On Mon, Aug 26, 2019 at 9:46 AM Ken Goldman wrote:
>
> On 8/17/2019 5:35 AM, Billy Brumley wrote:
> > Hey Ken,
> >
> >> I have an ECDSA signature supplied to me as
Hi,
I occasionally get spurious errors in my ECDSA signatures, and it
appears that when the top byte is over 0x80 of either the R or S
component, that I get a zero pad. I noticed all this when reading
through the source, their was some comments (see below). I noticed a
d2i_ASN1_UINTEGER, but I
On Tue, Aug 6, 2019 at 10:56 AM Matt Caswell wrote:
>
>
>
> On 06/08/2019 16:34, William Roberts wrote:
> > Hi,
> > I occasionally get spurious errors in my ECDSA signatures, and it
> > appears that when the top byte is over 0x80 of either the R or S
> >
On Tue, Aug 6, 2019 at 11:16 AM Matt Caswell wrote:
>
>
>
> On 06/08/2019 17:00, William Roberts wrote:
> > On Tue, Aug 6, 2019 at 10:56 AM Matt Caswell wrote:
> >>
> >>
> >>
> >> On 06/08/2019 16:34, William Roberts wrote:
> >
On Tue, Aug 6, 2019 at 11:18 AM William Roberts
wrote:
>
> On Tue, Aug 6, 2019 at 11:16 AM Matt Caswell wrote:
> >
> >
> >
> > On 06/08/2019 17:00, William Roberts wrote:
> > > On Tue, Aug 6, 2019 at 10:56 AM Matt Caswell wrote:
> > >>
> &
On Thu, Feb 27, 2020 at 1:01 PM Andersen, John S
wrote:
>
> Hi All,
>
> The TPM 2.0 PKCS11 project has been attempting to get the TPM working with
> EAP-TLS WiFi.
>
> We've run into an issue where the TPM spec specifies that for RSA PSS signing
> keys, the random salt length will be the largest
On Mon, Apr 6, 2020, 9:16 PM Jason Proctor wrote:
> Distinguished crypto community,
>
> I have the requirement to import RSA keypairs generated by the Amazon
> Key Management System into my environment. These keypairs arrive in
> the de facto standard of SPKI for the public component and PKCS8
On Mon, Apr 6, 2020, 11:59 PM Jason Proctor wrote:
> On Mon, Apr 6, 2020 at 9:44 PM William Roberts
> wrote:
> >
> >
> > There's setter functions now. See:
> > https://www.openssl.org/docs/man1.1.0/man3/RSA_set0_key.html
>
> Thanks, yes it does look li
On Mon, Jun 22, 2020 at 10:45 AM shiva kumar wrote:
>
> Hi,
> I was using the structure
> struct x509_store_ctx_st
> provide by x509_vfy.h in openssl 1.0.2, but can you please help me on how to
> use the same or alternative for the above structure on openssl 1.1.1
I think just use the accessor
On Tue, Dec 22, 2020 at 3:45 AM prudvi raj wrote:
>
> Hello all,
>
> We use a hardware accelerator to calculate BIGNUM rr = a^p mod m .(
> bn_mod_exp). I am trying to rewrite that logic for openssl 1.1.1. Code
> snippet of custom bn_mod_exp function:
> --
> if(rr->d)
> {
>
On Thu, Aug 26, 2021 at 3:01 AM Tomas Mraz wrote:
>
> On Wed, 2021-08-25 at 13:20 -0500, William Roberts wrote:
> > Hello,
> >
> > I am trying to verify an HMAC signature with the code below and the
> > EVP_DigestVerifyInit()
> > routine is failing w
On Fri, Aug 27, 2021 at 2:47 PM Ken Goldman wrote:
>
> I run valgrind on all my software to find memory leaks. This worked for
> openssl 1.0.2 and 1.1.1, but fails with 3.0.0. Suggestions?
>
> vex amd64->IR: unhandled instruction bytes: 0xF3 0xF 0x1E 0xFA 0x49 0x89 0xD8
> 0x31
> vex amd64->IR:
Hello,
I am trying to verify an HMAC signature with the code below and the
EVP_DigestVerifyInit()
routine is failing with "error:0608F096:digital envelope
routines:EVP_PKEY_verify_init:operation not supported for this
keytype". Eventually it gets to EVP_PKEY_verify_init() and since the
I have code that applies PCKS1.5 padding via
RSA_padding_add_PKCS1_type_1 and strips it with
RSA_padding_check_PKCS1_type_2 before sending it to the HSM for raw
RSA operation to support a legacy PKCS11 interface. Is there any way
to perform these tasks with OpenSSL 3.0?
Thanks,
Bill
It's there:
https://github.com/openssl/openssl/releases/tag/openssl-3.0.0
I checked it out this morning.
On Wed, Sep 8, 2021, 16:32 Steffen Nurpmeso wrote:
> Yeah?
> :)
>
> --steffen
> |
> |Der Kragenbaer,The moon bear,
> |der holt sich munter he cheerfully and one by
On Wed, Sep 8, 2021 at 5:15 PM Steffen Nurpmeso wrote:
>
> Hello.
>
> William Roberts wrote in
> :
> |It's there:
> |https://github.com/openssl/openssl/releases/tag/openssl-3.0.0
> |
> |I checked it out this morning.
>
> Oh! I have
>
> fetch =
Outside of the migration guide others have pointed out, I think the
functions you need are:
https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html
Use use EVP level now as pointed out in the guide.
On Tue, Jul 13, 2021, 16:04 Ken Goldman wrote:
> What is the 3.0.0 equivalent to
I'd be nice to have a more detailed porting guide, I'd been poking into
this a little bit, but did you see Matt's response? (Pasted below)
Those functions are deprecated. Better would be EVP_PKEY_fromdata():
https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_fromdata.html
On Wed, Jul 14,
On Wed, Jul 14, 2021, 09:27 Ken Goldman wrote:
> On 7/13/2021 5:14 PM, William Roberts wrote:
> > Outside of the migration guide others have pointed out, I think the
> functions you need are:
> >
> > https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html <
On Mon, Feb 28, 2022 at 2:59 AM Matt Caswell wrote:
>
>
>
> On 25/02/2022 22:07, William Roberts wrote:
> > Hello,
> >
> > In openssl 3.0.1 the following code hits the ctx->keymgt is null check
> > and thus returns -2
> > in pmeth_gn.c:
> &
Hello,
In openssl 3.0.1 the following code hits the ctx->keymgt is null check
and thus returns -2
in pmeth_gn.c:
static int fromdata_init(EVP_PKEY_CTX *ctx, int operation)
{
if (ctx == NULL || ctx->keytype == NULL)
goto not_supported;
evp_pkey_ctx_free_old_ops(ctx);
if
; How are you creating the EVP_PKEY_CTX?
>
> Kory
>
>
> > On Feb 25, 2022, at 2:07 PM, William Roberts
> > wrote:
> >
> > Hello,
> >
> > In openssl 3.0.1 the following code hits the ctx->keymgt is null check
> > and thus returns -2
&
On Fri, Feb 25, 2022 at 4:19 PM William Roberts
wrote:
>
> Hi Kory,
>
> its the line:
> genctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL);
>
> There's a snippet in the first email or is there something else you're
> asking me and I'm not groking it?
>
On Tue, Mar 29, 2022 at 3:40 PM Philip Prindeville
wrote:
>
> Hi,
>
> I'm trying to develop a newer replacement module for Asterisk's res_crypto
> that is (for now) 1.1.x compatible but can be easily updated to 3.0 (and
> maybe even easily add provider support for TPM escrowed secrets, etc).
On Tue, May 3, 2022 at 3:18 PM Chris Bare wrote:
>
>
> On Tue, May 3, 2022 at 3:10 PM William Roberts
> wrote:
>>
>> On Tue, May 3, 2022 at 1:14 PM Chris Bare wrote:
>> >
>> > I'm converting some openssl 1.0 code to 3.0 and I don't know how to g
On Tue, May 3, 2022 at 1:14 PM Chris Bare wrote:
>
> I'm converting some openssl 1.0 code to 3.0 and I don't know how to get the
> coordinates
> in a 3.0 way.
> The old code is:
> BN_CTX *ctx = BN_CTX_new ();
> BIGNUM *X = NULL, *Y = NULL;
> const EC_POINT *pubkey;
> const EC_GROUP *group;
>
On Wed, Apr 27, 2022 at 11:46 AM Philip Prindeville
wrote:
>
> Oh, forgot one other issue:
>
> I also need to pick apart the RSA keys into their constituent exponents,
> modulus, etc. as BN's that I can then compare to bit-strings.
>
> With the old RSA_* routines this was trivial. How does one
36 matches
Mail list logo