RE: ECDSA certificate question
Thanks Michael, I tried to invoke SM3 algorithm in command "openssl req -new -key eckey.pem -x509 -sm3 -nodes -days 365 -out cert.csr", unfortunately got the following error: 140320586413888:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:crypto/ec/ec_pmeth.c:331: -Original Message- From: Michael Richardson Sent: Tuesday, September 22, 2020 4:36 PM To: Yan, Bob Cc: openssl-users@openssl.org Subject: Re: ECDSA certificate question Yan, Bob via openssl-users wrote: > Is there a way to generate a ECDSA certificate with SM2 typed public > key and ecdsa-with-SM3 as the signature algorithm in openssl 1.1.1x > version? I don't know the detail with the SM3, part, but have you seen: https://datatracker.ietf.org/doc/html/draft-moskowitz-ecdsa-pki-09 https://github.com/rgmhtt/draft-moskowitz-ecdsa-pki but, 1.1.1 release notes say it supports SM3. I expect you need to tweak something when "openssl req" is run. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
ECDSA certificate question
Hello everybody, Is there a way to generate a ECDSA certificate with SM2 typed public key and ecdsa-with-SM3 as the signature algorithm in openssl 1.1.1x version? Thank you very much! Bob
safeseh flag on libssl and libcrypto dlls
Hello everybody, By any chance, has anyone ever managed to get libssl and libcrypto dlls with the SafeSEH option enabled ? When I add /safeseh in the makefile at ldflag line, winchecksec tells me that SafeSEH is still in "NotPresent". I am compiling with nmake, after a perl configure, on x86 Native Tools Command Prompt for VS 2019. Thank you, Regards, Lauris
Re: OpenSSL version 1.1.1h published
On 22/09/2020 15:03, Michael Wojcik wrote: > changelog.html hasn't been updated since 1.1.1e. > > https://www.openssl.org/news/changelog.html#openssl-111 shows: That's the master Changelog. Confusing I know. The link to the 1.1.1 Changelog is at the top of the page. Matt > > - > OpenSSL 1.1.1 > Changes between 1.1.1e and 1.1.1f [xx XXX ] > Changes between 1.1.1d and 1.1.1e [17 Mar 2020] > - > > I noticed this because the Release Notes page > (https://www.openssl.org/news/openssl-1.1.1-notes.html) has a link to > changelog.html, and I popped over there to see what minor changes might be in > h. (I haven't downloaded it yet because it's usually someone else on the team > who does that these days.) > > -- > Michael Wojcik >
RE: OpenSSL version 1.1.1h published
changelog.html hasn't been updated since 1.1.1e. https://www.openssl.org/news/changelog.html#openssl-111 shows: - OpenSSL 1.1.1 Changes between 1.1.1e and 1.1.1f [xx XXX ] Changes between 1.1.1d and 1.1.1e [17 Mar 2020] - I noticed this because the Release Notes page (https://www.openssl.org/news/openssl-1.1.1-notes.html) has a link to changelog.html, and I popped over there to see what minor changes might be in h. (I haven't downloaded it yet because it's usually someone else on the team who does that these days.) -- Michael Wojcik
OpenSSL version 1.1.1h published
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.1.1h released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.1h of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: https://www.openssl.org/news/openssl-1.1.1-notes.html OpenSSL 1.1.1h is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): * https://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.1.1h.tar.gz Size: 9810045 SHA1 checksum: 8d0d099e8973ec851368c8c775e05e1eadca1794 SHA256 checksum: 5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9 The checksums were calculated using the following commands: openssl sha1 openssl-1.1.1h.tar.gz openssl sha256 openssl-1.1.1h.tar.gz Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl9p9DIACgkQ2cTSbQ5g RJG6pAf/Y6B3I9pwD6MG7lm3ywEqp2dAwYym84l39K6LrBFPOg76GmHLby92Se5/ N2S5uHPCcXrBdtHLZZTi1Tn3rwMN6EAJmedZJvMwoxeKJxNjZ2f8K8SjgUkuimSa dKbXtv92uDNRpD4X3Fv+uRatmbvygdjduwJWqgJ88ahz/IM7x1lv8E8GNnkPNBfA 9M9rDP5ThiQAetbefHBq9vb6wywwbi0FGTnXkeaYpyKDXmob0VWUdI0olMFLIUAG ZAQAD8XEPnJBVh4qCOlVy0n/5+jzcOiqcwJyORQc/U0wkV71I9XigW9H7wgg6skD iVQQe2QEODbEbtx9iMPsN4Ssmfk+VA== =OYam -END PGP SIGNATURE-