Re: Adding my own algorithm into openssl

in advance. -- SY, Dmitry Belyavsky

Re: Adding my own algorithm into openssl

gost as engine. I followed the instructions as mentioned in readme file. But I can't see the ciphers in the list. What else should I do? On Saturday, February 8, 2014 5:06 PM, Dmitry Belyavsky beld...@gmail.com wrote: Hello! You can take the ccgost engine as example. On Sat, Feb 8

Re: Adding my own algorithm into openssl

to establish a secure connection between s_server and s_client involving gost engine in order to get more familiar with gost as a written engine. What should I do? On Sunday, February 9, 2014 10:38 AM, Dmitry Belyavsky beld...@gmail.com wrote: Hello! You should call, for example, the openssl

Finding out subject without private key

it? Thank you. -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager

Re: verify signed messages with Outlook

, that the content of the message could've been altered. Anyone knows why this is happening? We had such problem. It happened because of endlines in headers. To avoid problems, we use smime -sign -crlfeol. -- SY, Dmitry Belyavsky (ICQ UIN 6575

Re: how to debug openssl

, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager

Re: problems making Certificate Request

OR-req.pem -days 3650' Whether right quote is at place expected or it shoul be before keyout? -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http://www.openssl.org User Support

openssl ciphers

for openssl ciphers AES+DES? Using specification, it shouldn't return any cipher suite. But it returns both DES and AES cipher suites. What is wrong? -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project

RE: openssl ciphers

was from OpenSSL 0.9.7e 25 Oct 2004 -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated

Re: Does OpenSSL support AttributeCertificate RFC 3281?

at is very interested in cooperation with OpenSSL Team. We'll be happy to contribute the work we have made to upstream. Thank you. -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http

s_server doesn't work with IE 6.0

OpenSSL 0.9.7e binary, I get the same result. But when cert and key are used by apache with mod_ssl, pages are displayed normally. What is wrong? Thank you. -- SY, Dmitry Belyavsky (ICQ UIN 6575)-BEGIN CERTIFICATE- MIICuDCCAngCAQEwCQYHKoZIzjgEAzBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMK

Re: s_server doesn't work with IE 6.0

doesn't. You should add -bugs argument to allow IE talk. In this context -bugs refers to bugs in another SSL implementation, not bugs in OpenSSL. Thank you! It works. May be IE should be metioned in s_server manpage according to this key? -- SY, Dmitry Belyavsky (ICQ UIN 6575

Enumerating supported algorithms

Greetings! What shall I look at whether I want to enumerate all, for example, digest algorithms supported in a particular build? Thank you! -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project

RE: Enumerating supported algorithms

(). hope it could help. No, that is not what I need. I need an enumeration. Thank you! -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http://www.openssl.org User Support Mailing List

ASN1_OCTET_STRING_it error

OPENSSL_EXTERN or as function. What should I do? Thank you! -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl

RAND_pseudo_bytes() implementation

understanding of RAND_pseudo_bytes() semantics, or there is an error in OpenSSL? Thank you! -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: EC Digest error

same syntax when used with an RSA key works fine. What am I doing wrong? Am I missing something completely obvious? EC requires SHA1, and SHA512 does not allow EC as key. -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL

b-etch: воспроизведение проблемы (fwd)

, I successfully get the page I request. openssl-0.9.7 s_client doesn't get an error anyway. What's wrong? Thank you! -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http

Re: b-etch: problems with openssl-0.9.8a

Greetings! On Tue, 29 Nov 2005, Victor Duchovni wrote: On Tue, Nov 29, 2005 at 05:32:45PM +0300, Dmitry Belyavsky wrote: Greetings! We use openssl 0.9.8a, apache 1.3.34 with mod_ssl 2.8.25 (Debian etch). The URL we request requires client certificate. 4119:error:1408F455:SSL

Run-time disabling SSL compression

Greetings! Is there a simple way to switch SSL compression off run-time? Thank you! -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http://www.openssl.org User Support Mailing

Re: FW: error in CRYPTO_mem_leaks_fp

lh_doall_arg doall_util_fn func_arg(a-data,arg); // Error inside this method Can anyone help me resolve this problem so that I can understand my memory leakage problem? -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project

Re: trouble launching an automated script to create a self-signed certificate

through the manual request to get the script to do it itself? -batch, and place necessary info into the req.conf file. -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http

Custom engine, OBJ_cleanup

Hello! We implement custom engine registering some NIDs via OBJ_create(). We have problems using this engine in openssl commands calling OBJ_cleanup() before apps_shutdown() such as req, ca, x509. It causes a segfault inside EVP_cleanup() function. Now we use 20041207 snapshot. -- SY, Dmitry

openssl smime: using -CA* options

Hello! I'm using openssl smime to sign and verify data. openssl ca is used to make cert for usage. How should I provide trust chain with openssl ca as CA? Thank you. -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL

micalg

[MIME-SECURE]. The values to be placed in the micalg parameter SHOULD be from the following: Algorithm Value used MD5 md5 SHA-1 sha1 Any other unknown --- So, is the hard-coded value a bug or a feature? -- SY, Dmitry Belyavsky (ICQ UIN 6575

Dynamic engine problems

Hello! We are implementing custom engine providing GOST algorithms. We get a SEGFAULT on app_shutdown. We didn't find out what is wrong with our code. Engine code is attached. We use 20050112 snapshot of 0.9.8 branch. -- SY, Dmitry Belyavsky (ICQ UIN 6575) #include string.h #include

Re: Dynamic engine problems

at, for example, demos/engines/rsaref/ for a working example to look at? Thank you very much. Should we call ENGINE_unregister_ciphers any time really? What are they for? -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project

Re: Dynamic engine problems

Hello! On Tue, 18 Jan 2005, Dmitry Belyavsky wrote: That's because of the call to ENGINE_unregister_ciphers() in cce_destroy(). Can I suggest you take a look at, for example, demos/engines/rsaref/ for a working example to look at? Unfortunately that's not only because

A bug in OBJECT management?

without libefence. Engine source code is attached. Please, tell me where is my mistake. Thank you. -- SY, Dmitry Belyavsky (ICQ UIN 6575) #include string.h #include openssl/err.h #include openssl/evp.h #include openssl/bn.h #include openssl/engine.h #include openssl/objects.h static int

Adding signature to PKCS7

); } if(flags PKCS7_DETACHED)PKCS7_set_detached(p7, 1); if (!PKCS7_dataFinal(p7,p7bio)) { PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); return 0; } BIO_free_all(p7bio); return 1; It seems that BIO_write doesn't calc digest at all. Where is my mistake? -- SY, Dmitry

Re: We'll be at LinuxConf next week

, Dmitry Belyavsky

Re: We'll be at LinuxConf next week

not even officially on the agenda yet, because we haven't figured out when to meet. We'll try, tho. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.me Twitter: RichSalz -- SY, Dmitry Belyavsky

Re: Is it possible to disable SSLv3 for all openssl-enabled applications via settings in openssl.cnf?

__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- SY, Dmitry Belyavsky

Re: [openssl-users] Help with using a dynamic engine with SSL_CTX

! Thanks, BW ___ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users -- SY, Dmitry Belyavsky ___ openssl-users mailing list

Re: [openssl-users] Help with using a dynamic engine with SSL_CTX

causes default_RAND_meth to change. Thanks, BW On Tue, Dec 9, 2014 at 1:52 PM, Dmitry Belyavsky beld...@gmail.com wrote: Hello! Do you set your RNG as default when the engine is loaded? On Tue, Dec 9, 2014 at 10:44 PM, Brian Watson bwats9...@gmail.com wrote: Hi, I am doing

[openssl-users] Implementing the rsa_sign callback

the rsa_pkcs1_eay_meth, as other engines do. But the rsa_pkcs1_eay_meth does not provide a rsa_sign callback. What is the correct way to implement the rsa_sign callback? Thank you! -- SY, Dmitry Belyavsky ___ openssl-users mailing list To unsubscribe: https

Re: [openssl-users] Implementing ECDSA in an engine

for me this way. -- SY, Dmitry Belyavsky ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Implementing ECDSA in an engine

, Reinier On 6/26/15 12:51 PM, Dmitry Belyavsky wrote: Hello Reinier, On Fri, Jun 26, 2015 at 7:47 PM, Reinier Torenbeek reinier.torenb...@gmail.com wrote: Hi, The mechanism for implementing ECDSA in my own engine is unclear to me. Unfortunately, none of the example engines implement

Re: [openssl-users] How to use the default ECDSA verify operation in my engine

callback? -- SY, Dmitry Belyavsky ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Implementing the rsa_sign callback

Hello all, Any suggestions? On Thu, Apr 30, 2015 at 1:06 PM, Dmitry Belyavsky beld...@gmail.com wrote: Hello all! I'm implementing a custom engine providing its own RSA method. I need to provide the rsa_sign callback, which is required to call my own code in case when ex_data is set

[openssl-users] Engines mess

, funct_ref = 3, and it seems strange to me. It also seems to me that it should be a call to ENGINE_free at the end of openssl app call to free the resources (e.g. engine error strings), but there is no one. Could you explain my mistakes? Thank you! -- SY, Dmitry Belyavsky

Re: [openssl-users] [openssl-dev] OpenSSL version 1.1.0 pre release 3 published

Dear Rich, > Just to emphasize one important point: Our next release is planned to be > Beta-1, in about a month. After that, no new API's or features will be > added to OpenSSL 1.1 > > If so, could you take a look at RT#4267? Thank you! -- SY, Dmitry Belyavsky -- openss

[openssl-users] EVP_EncryptUpdate and EVP_CIPHER callback do_cipher

ger then the input. Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] mailing list registration renewal - clarify bounce errors

rom my email address ? > > The latter. > > We have seen some more reports of this recently, and are increasing the > logging to determine the cause. Interestingly, it's all from gmail.com > addresses. > I confirm the receiving the similar message. -- SY, Dmitry Bely

Re: [openssl-users] Help

CEJydXNzZWxzMSEwHwYDVQQKExhOYXRpb25hbCBCYW5rIG9mIEJlbGdp > dW0xITAfBgNVBAsT > > GERhdGEgU2VjdXJpdHkgTWFuYWdlbWVudDEcMBoGA1UEAxMTTkJCIFNlY3Vy > ZSBFbWFpbCBDQTEc > > MBoGCSqGSIb3DQEJARYNZHNtb3BzQG5iYi5iZQICAKgwCQYFKw4DAhoFAKCB > sTAYBgkqhkiG9w0B > > CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA3MDEwODI2MTVa > MCMGCSqGSIb3DQEJ > > BDEWBBRs4Ik9waWLNU/4OZ9TfT4yZZ0EljBSBgkqhkiG9w0BC > Q8xRTBDMAoGCCqGSIb3DQMHMA4G > > CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDAH > BgUrDgMCBzANBgkq > > hkiG9w0BAQEFAASCAQCSP5/h1v6feRr+ekK19tlI4zvm1Wy7hUtN+ > XmbWLJHOxSU4wJUBRj6ptph > > Mb7AOm1JYy8+wWRQhgOcIegD74eXZoYfws+O3ADZ//feXYJAF/ > jqAyhs0r9CoGw2eUUeZR4KYILy > > ZG5I3lcFJLDPHcElSe3NgRBOmfuFWD/mSLE2B2S+PqbnbugYPSN7mCSOqMZODPBlop9wcz > BUD1BI > > K+kM1fP28541RfCFS6tGUXamWnKOdbxoHbPmnQDT1zzcbRIUvnLCV6MZ4KFNAX > f5YxwggV3jjPiQ > > vyzr8EdFzmaWpoOFEtCLmQw4hpSEPJO8yGxQ5/29MWg6Ypy62bjMfs54 > > --=_Part_1_6142443.1467361575963-- > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Help

: > Dear Dmitry, > > > > The result must be as mentionned below? > > > > *Van:* openssl-users [mailto:openssl-users-boun...@openssl.org] *Namens > *Dmitry > Belyavsky > *Verzonden:* donderdag 27 oktober 2016 19:09 > *Aan:* openssl-users@openssl.org > *Onderwerp:*

Re: [openssl-users] openvpn 2.4.1 with gost

S_GOSTR341001_WITH_28147_CNT_IMIT' > -- OpenSSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher > match > -- Failed to set restricted TLS cipher list: GOST2001-GOST89-GOST89 > -- Exiting due to fatal error > > Please help with this problem > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Engine configuration

functions. Is there any way to distinguish whether engine is configured via the config file or via direct calls to ENGINE_ctrl* functions? Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Engine configuration

Dear Stephen, On Tue, Oct 3, 2017 at 12:16 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Mon, Oct 02, 2017, Dmitry Belyavsky wrote: > > > Hello, > > > > I have a question regarding engine configuration. > > > > We need to implement such behavio

[openssl-users] ASN1_TIME to time_t

Hello, Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick googling does not show good results. Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] ASN1_TIME to time_t

Dear Matt, On Wed, Sep 6, 2017 at 11:16 AM, Matt Caswell <m...@openssl.org> wrote: > > > On 06/09/17 09:12, Dmitry Belyavsky wrote: > > Hello, > > > > Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick > > googling does not show

[openssl-users] ERR_add_error_data

Hello, What happens if I call the ERR_add_error_data twice? Will it add the arguments or replace them? Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to load the right engine?

TH = /usr/local/lib/yubihsm_pkcs11.dylib > >init = 0 > > > > > > Thanks! > > -- > > Regards, > > Uri Blumenthal > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Storing private key on tokens

with it after that. Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Engine for an openssl server with a private key

ent connections with SSL_CTX_set_client_cert_engine > but nothing similar exists for a server connection. Can this be done? > > > I solved this problem for my purpose by writing a custom RSA method. -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [openssl-dev] Blog post; changing in email, crypto policy, etc

notifications from the openssl > github project to notice them? that's really suboptimal > Totally agree. -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Building OpenSSL from sources

ed way ( ./config; make; make test; make install) does not work? Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Building OpenSSL from sources

Dear Richard, On Thu, Feb 15, 2018 at 11:48 AM, Richard Levitte wrote: > In message

Re: [openssl-users] Building OpenSSL from sources

Dear Richard, On Fri, Feb 16, 2018 at 12:26 PM, Richard Levitte <levi...@openssl.org> wrote: > In message <CADqLbzLoBAo5w7XVBnUoRzuyyLKvo9+A8pZN3-hWPj4HBiU+nA@mail. > gmail.com> on Fri, 16 Feb 2018 10:59:04 +0300, Dmitry Belyavsky < > beld...@gmail.com> said: >

Re: [openssl-users] New usability feature

unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Behaviour changed between 1.1.0 and 1.1.1

to EVP_PKEY_print_public and EVP_PKEY_print_private. Could you please clarify whether it's a bug in my engine or something incompatible in openssl code? Thank you! -- SY, Dmitry Belyavsky a.pem Description: application/x509-ca-cert tmp.pem Description: application/x509-ca-cert -- openssl

Re: [openssl-users] Behaviour changed between 1.1.0 and 1.1.1

906E0855E9 > Parameter set: id-GostR3410-2001-CryptoPro-A-ParamSet > > > On Fri, 17 Aug 2018 at 18:15, Dmitry Belyavsky wrote: > >> Hello, >> >> I use my engine providing gost algorithms ( >> https://github.com/gost-engine/engine). It seems not to have

Re: [openssl-users] How to Implement a new PubKey method correctly

use that pointer to reference the composite_pkey_st (at least for the >user-space implementation) ? > > Yes. > > > Thanks for any help for understanding all these details... :D > > Cheers, > Max > -- > Best Regards, > Massimiliano Pala, Ph.D. > OpenCA

Re: [openssl-users] Behaviour changed between 1.1.0 and 1.1.1

catched by existing regression testing. > > I'll open a proper PR to fix this as soon as we finish to test the > alternative implementation. > Thank you very much! > > In the meantime you might open a proper issue in Github for this problem > so that the bug will be properly

[openssl-users] Problem using GOST engine with OpenSSL_1_1_0-stable

routines:tls_construct_cke_gost:library bug:ssl/statem/statem_clnt.c:2436: The error does not occur when using the master openssl branch. Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] DECLARE_ASN1* etc.

Hello, Is there any description how to use openssl macros describing the necessary ASN1 structures? Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Limit the number of AES-GCM keys allowed in TLS

be avoided - the limitation has been made too generic - the implementation seems to be AEAD-specific. So does not it make sense to provide this limitation at least at the ciphersuite level? It can provide more straightforward way to manage such limitations. Thank you! -- SY, Dmitry Belyavsky

[openssl-users] ARM native compiler

Hello, Has anybody tried to build OpenSSL using ARM C compiler (armcc/armclang) and got a success? Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] overriding EVP_PKEY method callbacks for a specific key only

Well, you can use opaque pointer and own structure containing a flag and switch between native and custom implementations depending on it. I've tried it and it works пн, 15 окт. 2018 г., 23:13 Selva Nair : > Hi, > > How to override the evp_pkey_sign method in EVP_PKEY_METHOD structure for > a

Re: [openssl-users] x509 manual

On Thu, Nov 8, 2018 at 4:02 PM Matt Caswell wrote: > > > On 08/11/2018 12:44, Dmitry Belyavsky wrote: > > Hello, > > > > can anybody clarify what for the abbreviations AVA and RDN stand for? > > RDN == Relative Distinguised Name > AVA == Attribute

[openssl-users] x509 manual

characters. If no field separator is specified then sep_comma_plus_space is used by default. = Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] x509 manual

Hello, https://github.com/openssl/openssl/pull/7614 On Thu, Nov 8, 2018 at 4:57 PM Dmitry Belyavsky wrote: > > > On Thu, Nov 8, 2018 at 4:02 PM Matt Caswell wrote: > >> >> >> On 08/11/2018 12:44, Dmitry Belyavsky wrote: >> > Hello, >> > >>

Re: [openssl-users] Possible bug in crypto/engine

Hello вс, 6 янв. 2019 г., 21:55 Antonio Iacono ant...@gmail.com: > Hi, > > I sign a text file with: > openssl cms -sign -signer cert.pem -inkey 01 -keyform engine -engine > pkcs11 > in openssl.cnf > [pkcs11_section] > engine_id = pkcs11 > dynamic_path = /path/pkcs11.so > MODULE_PATH =

[openssl-users] Sending empty renegotiaion_info

Hello, Is it possible to send empty renegotiation_info extension instead of TLS_EMPTY_RENEGOTIATION_INFO_SCSV using openssl s_client? If yes, is it possible to test secure renegotiation afterward? Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https

[openssl-users] tls1_change_cipher_state

Hello, Am I right supposing that local variables tmp1, tmp2, iv1, and iv2 are unused in this function? -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] AESCBC support in SSL

here isn't a cipherlist property that specifically selects CBC, so to >>> get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM). >>> >>> -- >>> Viktor. >>> >>> -- >>> openssl-users mailing list >>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >>> >> -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] tls1_change_cipher_state

Hello, On Wed, Jan 2, 2019 at 12:41 PM Matt Caswell wrote: > > > On 27/12/2018 08:37, Dmitry Belyavsky wrote: > > Hello, > > > > Am I right supposing that local variables tmp1, tmp2, iv1, and iv2 are > unused in > > this function? > > Looks that way

Re: [openssl-users] tls1_change_cipher_state

Dear Jakob, On Wed, Jan 2, 2019 at 1:14 PM Jakob Bohm via openssl-users < openssl-users@openssl.org> wrote: > On 02/01/2019 10:41, Matt Caswell wrote: > > > > On 27/12/2018 08:37, Dmitry Belyavsky wrote: > >> Hello, > >> > >> Am I right supposi

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

ng the check down into the algorithm implementations > makes sense. A more generic mechanism at the EVP would. > > > > > > > > Pauli > > -- > > Oracle > > Dr Paul Dale | Cryptographer | Network Security & Encryption > > Phone +61 7 3031 7217 > >

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

Hello, Sorry, I've just found similar checks in all _CGM functions. On Fri, Sep 14, 2018 at 1:30 PM Dmitry Belyavsky wrote: > Dear Paul, > > Could you please clarify? > The code seems to be related to s390 platform. Do I miss something? > > On Thu, Sep 13, 2018 at 1:55 A

Re: [openssl-users] Two questions on OpenSSL EVP API

as I would have expected) "unsigned int". Is there a > possibility that EVP would set to a negative value and if so, > what would that mean? Do I need to check for this in my code? Same > with inl; why isn't it "unsigned int"? Is there ever a reason to pass > in a

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

Dear Richard, On Sat, Feb 23, 2019 at 8:47 AM Richard Levitte wrote: > On Thu, 21 Feb 2019 17:20:53 +0100, > Matt Caswell wrote: > > On 21/02/2019 15:02, Dmitry Belyavsky wrote: > > > Dear Matt > > > > > > > > > > > > On Wed, Feb 13, 2

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

t; Pauli > -- > Dr Paul Dale | Cryptographer | Network Security & Encryption > Phone +61 7 3031 7217 > Oracle Australia > > > > On 25 Feb 2019, at 5:02 pm, Dmitry Belyavsky wrote: > > > > On Sun, Feb 24, 2019 at 11:31 PM Viktor Dukhovni < > openssl-us

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

ly_ external users. But sometimes, providing new algorithms, there appear some parts that should go into the core part. And regulation creates similar problems. All other users can call OBJ_obj2nid() or OBJ_txt2nid() to get a NID, > and we can figure out how to allocate things dynamically if this makes > sense. I don't know which APIs are currently NID-only. AFAIK, no external API, but there are some cases when external API does not cover all. -- SY, Dmitry Belyavsky

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

gt; NIDs in the private space at runtime. The key question is whether > such NIDs are global or valid only if returned to the same engine > (provider, ...). If not global, the allocation might be static > within the engine, and not require any locks. > Totally agree. OBJ_create() and similar functions exist, but do not solve our problems. -- SY, Dmitry Belyavsky

Missing accessor for the EVP_PKEY.engine

Hello, We've started porting our 1.0.2 application to 1.1.1. What is a way to get an engine reference? I did not find a function like EVP_PKEY_get1_engine Thank you! -- SY, Dmitry Belyavsky

Re: Missing accessor for the EVP_PKEY.engine

On Mon, Feb 25, 2019 at 5:23 PM Matt Caswell wrote: > > > On 25/02/2019 13:28, Dmitry Belyavsky wrote: > > Hello, > > > > We've started porting our 1.0.2 application to 1.1.1. > > What is a way to get an engine reference? I did not find a function like &

Re: [openssl-project] OpenSSL 3.0 and FIPS Update

s a patch to extend 3-5 internal lists. If it could be done dynamically, it will be great. 3. Do you have plans to make some callback structures created by providers? I mean such structures as SSL key exchange/authentication methods, X.509 extensions etc. Thank you very much! -- SY, Dmitry Belyavsky

Migrating from 1.0.2 to 1.1.1

ttr(&(p8->attributes), attr) != NULL, 0, CRYPTOCOM_R_NO_MEMORY); } == The code is intended to add a custom attribute to PKCS8 attributes. How do I do it in 1.1.1? Thank you! -- SY, Dmitry Belyavsky

Re: Howto prevent cycles in engine invocation ?

Hello Andreas, I used smth like === RSA_METHOD my_rsa_method = { "My RSA method", 0, /* pub_enc */ 0, /* pub_dec */ 0, /* priv_enc */ my_priv_dec, /* priv_dec */ 0, /*

[openssl-users] Adding custom OBJ identifiers

branch usually cause numerous merge conflicts. So any advice is appreciated. Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Adding custom OBJ identifiers

Dear Hubert, On Mon, Feb 4, 2019 at 6:52 PM Hubert Kario wrote: > On Thursday, 31 January 2019 11:09:00 CET Dmitry Belyavsky wrote: > > Hello, > > > > What is best practice to add own object identifiers to the > crypto/objects/* > > files? > > > > I

Blinding implementation in OpenSSL

extracting from memory/swap/etc? Am I wrong? Many thanks in advance! -- SY, Dmitry Belyavsky

Re: How to use CONF_modules_load_file

h different flag combination as well. But all in vain. Please help > > Thanks > Subrata > -- SY, Dmitry Belyavsky

Re: failing in reproducing .so files

It's worth trying to run make update before running make. пт, 14 июн. 2019 г., 20:13 Giovanni Fontana : > A little bit further...with my problem in trying to build a tailored > version of openSSL. > > If I do make I get at the end of building (trying to make .map file > before the .so files ) >

s_client + PSK + pha

3 -CAfile cert.pem -key key.pem -cert cert.pem -trace -- SY, Dmitry Belyavsky cert.pem Description: application/x509-ca-cert key.pem Description: application/x509-ca-cert

Re: OpenSSL Upgrade to 1.1.1c from very old version

; > 99,9% you'll have to fix your openssl calls. Most of data structures became opaque and you'll need to fix access to separate fields if any. If you used algorithm-specific methods instead of EVP, you probably have to rewrite this calls. It's only a part of the changes happened since 0.9.7. -- SY, Dmitry Belyavsky

asn1parse genstr question

'ф' I want. But the encoding of it is not UTF8, as the utf8 encoding of a cyrillic letter is 2 bytes long. Am I wrong? If the behavior I see is desired one, how can I convert the result of the encoding to UTF8 using openssl internal API? -- SY, Dmitry Belyavsky

Re: asn1parse genstr question

Dear Victor, On Mon, Apr 22, 2019 at 9:23 PM Viktor Dukhovni wrote: > On Sun, Apr 21, 2019 at 06:58:53PM +0300, Dmitry Belyavsky wrote: > > > When I use a command > > > > openssl asn1parse -genstr "UTF8String:ф" -out content > > > > I get a 6-b

Re: asn1parse genstr question

Hello, On Tue, Apr 23, 2019 at 12:21 AM Dmitry Belyavsky wrote: > Dear Victor, > > On Mon, Apr 22, 2019 at 9:23 PM Viktor Dukhovni < > openssl-us...@dukhovni.org> wrote: > >> On Sun, Apr 21, 2019 at 06:58:53PM +0300, Dmitry Belyavsky wrote: >> >> &

  1   2   >