with the openssl code, and could try to fix it
myself, but pointers would be helpful.
-- Chris Bare
On Mon, Sep 12, 2011, Stef Hoeben wrote:
Hi,
we have an SOD (a CMS for e-passports and e-ID cards) file that we can
read
out and verify nicely if the signature algo is RSA_PKCS1_PADDING
.
--
Chris Bare
On Mon, Sep 12, 2011, Stef Hoeben wrote:
Hi,
we have an SOD (a CMS for e-passports and e-ID cards) file that we
can read
out and verify nicely if the signature algo is RSA_PKCS1_PADDING.
But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt for an asn1
dump
in CMS_verify.
If not, I have some experience working with the openssl source code, but
some pointers would be appreciated.
--
Chris Bare
On Mon, Sep 12, 2011, Stef Hoeben wrote:
Hi,
we have an SOD (a CMS for e-passports and e-ID cards) file that we can
read
out and verify nicely
Can anyone confirm my understanding that the FIPS 140-2 certified module is
NOT affected by the CVE 2014-0160 vulnerability?
--
Chris Bare
or pointers would be appreciated.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
to
write it to a socket in DER format, not base64.
Also I need to figure out how to build up other ASN1 structures to go inside
the ContactInfo. I hoped looking at the CMS code would give me an example to
follow, but if so, I haven't figured it out yet.
--
Chris Bare
ch...@bareflix.com
I'm trying to understand the ASN1 macros like:
ASN1_SEQUENCE
IMPLEMENT_ASN1_FUNCTIONS
etc to implement my own structures.
What examples in the code would be best to follow, especially for nested
structures with optional elements?
--
Chris Bare
ch...@bareflix.com
code.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
is sending back some data, but
BIO_read returns -1.
Any suggestions?
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
-rbio (nil)
ssl-wbio (nil)
So naturally, after that the next call to BIO_read (output) fails.
why would the bio's be getting set to null?
Is there some other flag or function I need to use to prevent this?
--
Chris Bare
ch...@bareflix.com
A fix has now been applied, please try the current 1.0.0 CVS, get the next
snapshot or just manually apply:
http://cvs.openssl.org/chngview?cn=18310
Steve.
I built from the latest CVS and it now works fine. Thanks for the fix.
--
Chris Bare
ch...@bareflix.com
call to i2d_CMS_bio_stream, but I also get 0
bytes output to the file. If I comment out the first call, it works fine.
Is there something else I need to reset, or once it's sent, do I have to start
all over with a new cms object?
--
Chris Bare
ch...@bareflix.com
, requestNonce, ASN1_OCTET_STRING, 1)
} ASN1_SEQUENCE_END(CVRequest)
IMPLEMENT_ASN1_FUNCTIONS(CVRequest)
Is the error complaining out the structure I have defined, or the der data it
is trying to process?
As far as I can tell the der data doesn't even contain a requestorRef.
Any suggestions?
--
Chris Bare
ch
Is there a API to extract the X509 cert(s) from a CMS_ContentInfo object?
Looking at the implementation of CMS_add0_cert() I see how to reach them, but
that function depends on things defined in cms_lcl.h, so I can't re-implement
it in my code.
Any suggestions?
--
Chris Bare
ch...@bareflix.com
the intermediaries?
Is there a way to hook in my own function to do this? It seems like you have
the info you need during the path building process, and I don't want to have
to duplicate that.
Any other suggestions on the best way to handle this?
--
Chris Bare
ch...@bareflix.com
Can I reuse an X509_STORE for multiple ssl connections, cert verifications
etc, or should I create a fresh one for each operation? If I reuse it will it
continue to grow as it pulls in more certificates?
--
Chris Bare
ch...@bareflix.com
the
directory.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
to work on a patch.
I understand I can make the command line tool with with -verify_other, but in
my code I have no handy way to do that. My users are going to dump all trusted
certs, regardless of purpose, into the trusted store.
--
Chris Bare
ch...@bareflix.com
to let X509_verify_cert error out and call
it again?
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
On 05/10/2010 08:43 PM, Chris Bare wrote:
Is there a way get have X509_verify_cert retry it's path building after it
gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT?
My idea is to implement a verify callback that uses the AIA information to
download the issuer cert and add it to the stack
On Mon, 2010-05-10 at 14:43 -0400, Chris Bare wrote:
Is there a way get have X509_verify_cert retry it's path building after it
gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT?
My idea is to implement a verify callback that uses the AIA information to
download the issuer cert and add
the code below works fine if signed = true.
If signed = false, i2d_CMS_bio_stream seg faults.
I've looked through the code inside CMS_sign and didn't see anything else
obvious that I should call.
any suggestions on what I'm missing for an unsigned CMS?
--
Chris Bare
ch...@bareflix.com
On Thu, Jun 10, 2010, Chris Bare wrote:
I have 2 different certs with the same subject name in a CA dir:
lrwxrwxrwx 1 chris chris 23 2010-06-10 14:35 0721e1e6.0 - other.pem
lrwxrwxrwx 1 chris chris 18 2010-06-10 14:35 0721e1e6.1 - ssl.pem
when I try to establish an ssl
Has anyone seen .deb packages for openssl 1.0.0?
I took a quick stab at converting the 0.9.8 debian files, but I ran into a lot
of problems and it takes a long time to debug.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project
that expect 0.9.8 data files. Also programs linked with 0.9.8
libraries will have to be rebuilt to use the 1.0.0 libraries since the major
version number has changed.
Let's hope debian or ubuntu packages 1.0.0 soon.
--
Chris Bare
ch...@bareflix.com
.
Is this the expected behavior of the BIO_f_buffer on a read?
If so, is the only alternative to track a read and a write bio? I assume that
I can read from the bio under the BIO_f_buffer without causing problems, is
that correct.
--
Chris Bare
ch...@bareflix.com
this via openssl functions, can anyone enlighten me?
--
Chris Bare
that Windows has
started to favor the slower ECC ciphers, but I need a way to prove it.
--
Chris Bare
Henson st...@openssl.org
wrote:
On Fri, Nov 21, 2014, Chris Bare wrote:
Is there a way to query the BIO or SSL object to see which cipher is
being
used?
I have a case where my openssl client's performance is significantly
slower
when talking to server A vs server B. AFAIK, the only
!
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
--
Chris Bare
___
openssl-users mailing list
openssl-users@openssl.org
https
Is there a public interface to access the X and Y elements of an Ecc public
key?
I tried:
EC_KEY *ecc;
BN_num_bytes (ecc->pub_key->X);
but get the compiler error:
error: dereferencing pointer to incomplete type ‘EC_KEY {aka struct
ec_key_st}’
--
Chris Bare
--
openssl-users mailin
a function that
will return just the digest algorithm?
I'm trying to be as flexible as possible, so I don't want to hard code this
or have my own limited lookup table.
On Thu, Jul 7, 2016 at 2:54 PM, Jakob Bohm <jb-open...@wisemo.com> wrote:
> On 07/07/2016 20:08, Chris Bare wrote:
>
>&g
BJ_NAME_get = (nil)
EVP_get_digestbyobj failed
So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails.
I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10
Am I doing something wrong, or could this be a bug in the library?
Any suggestions appreciated.
--
Chris Bare
--
openssl-users ma
own protocol
and BIO_do_connect fails as expected, but BIO_free gives this error:
SSL_shutdown:shutdown while in init
If I don't free it, I have a memory leak.
Is there something else I need to do to clean up the BIO?
I tried calling BIO_do_handshake, but that crashes (not surprised).
--
Chris B
false);
but after that the nmap script doesn't find any ciphers.
Any suggestions?
--
Chris Bare
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
a get_by_fingerprint function, but it never gets called.
--
Chris Bare
On Tue, May 3, 2022 at 3:10 PM William Roberts
wrote:
> On Tue, May 3, 2022 at 1:14 PM Chris Bare wrote:
> >
> > I'm converting some openssl 1.0 code to 3.0 and I don't know how to get
> the coordinates
> > in a 3.0 way.
> > The old code is:
> > BN_CTX *ctx =
Thanks, I'll check those out.
On Tue, May 3, 2022 at 4:53 PM William Roberts
wrote:
> On Tue, May 3, 2022 at 3:18 PM Chris Bare wrote:
> >
> >
> > On Tue, May 3, 2022 at 3:10 PM William Roberts
> wrote:
> >>
> >> On Tue, May 3, 2022 at 1:14 PM Chris
= EC_KEY_get0_public_key ((EC_KEY *) EVP_PKEY_get0 (pkey));
group = EC_KEY_get0_group ((EC_KEY *) EVP_PKEY_get0 (cvr->sm_pkey));
EC_POINT_get_affine_coordinates_GFp (group, pubkey, X, Y, ctx)
What would be the 3.0 way to get X and Y without using deprecated functions?
--
Chris Bare
39 matches
Mail list logo