[openssl-users] Documentation for Integrating New Cipher Creation Request

2017-04-30 Thread Schmicker, Robert
Hello, Over the past several months through trial and error I have at last been able to integrate a new symmetric cipher into OpenSSL. After following this email chain for these past months I’ve noticed that once in a blue moon other users would ask how to integrate a new cipher into both

[openssl-users] C++ How to parse Subject Directory Attributes Extension?

2017-04-30 Thread Matthias Ballreich
Hi there, can anyone tell me how to parse a the Subject Directory Attribute Extension of a X509-Certificate in C++ with OpenSSL? I don't found any documentation or piece of code in the Github Repo of OpenSSL. I read the Extension this way: int loc = X509_get_ext_by_NID(cert,

Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?

2017-04-30 Thread Blumenthal, Uri - 0553 - MITLL
Understood. Thanks! Yes, it would be nice if 1_0_2-stable and 1_1 branches returned an error on an attempt to sign or verify with RSA_NO_PADDING. Regards, Uri Sent from my iPhone > On Apr 30, 2017, at 15:19, Dr. Stephen Henson wrote: > >> On Sun, Apr 30, 2017,

Re: [openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?

2017-04-30 Thread Dr. Stephen Henson
On Sun, Apr 30, 2017, Blumenthal, Uri - 0553 - MITLL wrote: > > Semi-related question. Is RSA_NO_PADDING allowed for EVP signature? When I > tried that (without using DigestSign of course), signing succeeded but > verification always failed. Was that expected? Are there some special >

Re: [openssl-users] Doubt regarding ExtendedMasterSecret

2017-04-30 Thread Stiju Easo
Hi , I got the answer to this, and now the question looks bit stupid. Generation of master key is different in case of "Extended Master Secret" , I still have a doubt, what would be the contents in SSL* s->s3->handshake_buffer? I need to manually set this for my tool, i assume it

Re: [openssl-users] Query regarding DTLS handshake

2017-04-30 Thread Michael Tuexen
> On 20. Apr 2017, at 20:01, mahesh gs wrote: > > Hi, > > This issue occur purely based on the time (sequence of events) at which SSL > read_state_machine enter the post processing of certificate verify which is > received from client. > > Handshake works fine if the

Re: [openssl-users] Is there a "Golden" CA makefile?

2017-04-30 Thread Jochen Bern
On 04/29/2017 09:55 PM, John Lewis got digested: > I am looking for a CA makefile to use with a openvpn tutorial I am > writing https://github.com/Oflameo/openvpn_ws. Is there one officially > endorsed by the openssl project? Since you're specifically mentioning Open*VPN*, let me mention that