Hi!
Sorry, when I try to click the links, I am offered to download something.
Is it intentional?
On Tue, 21 May 2024, 19:48 Kajal Sapkota, wrote:
> *Hi All,*
>
>
>
>
>
>
>
>
> * We are pleased to announce our upcoming webinar, Getting Started with
> QUIC and OpenSSL. In this brief yet
plementation,
> but that seemed a bit more complicated (probably mostly because I have
> never had to implement the interface...).
>
> Thank you for your help and have a wonderful day!
> Cheers,
> Max
>
> --
> Best Regards,
> Massimiliano Pala, Ph.D.
> OpenCA Labs Director
> [image: OpenCA Logo]
>
--
SY, Dmitry Belyavsky
ting the new OpenSSL 3 APIs.
>
> Are any of you aware of any such existing work/project? Or if someone
> is interested in helping in any way (coding, testing, documenting,
> etc.) feel free to contact me.
>
> Thanks,
> Timo
>
--
SY, Dmitry Belyavsky
tory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
> make: *** [tests] Error 2
>
>
>
>
> --
> Dennis Clarke
> RISC-V/SPARC/PPC/ARM/CISC
> UNIX and Linux spoken
> GreyBeard and suspenders optional
>
--
SY, Dmitry Belyavsky
tw I have a rsa and a ecc certificate in my keystore already.
>
> I don’t know with which certificate (rsa or ecc) a client comes during
> handshake of a tls connection.
>
> How can this technically work?
>
>
>
--
SY, Dmitry Belyavsky
Isn't it a fix for this issue?
https://github.com/php/php-src/issues/8369
On Thu, 19 May 2022, 21:17 Frederic Leclercq, wrote:
> Hi all,
>
> Apologies for just popping in here, but since I installed ubuntu 22.04 LTS
> I often come across the error
> "file_get_contents(): SSL operation failed
blic nor does it have any METHOD or ex data.
>
> My question is how to support ed25519/ed448 keys?
>
> /Bengt
>
--
SY, Dmitry Belyavsky
Dear Shariful,
Could you please try the patch from
https://github.com/openssl/openssl/pull/16734?
On Wed, Sep 29, 2021 at 6:59 PM Dmitry Belyavsky wrote:
> Dear Shariful,
>
> Yes. You have to provide all the RSA_METHO functions your app is going to
> use.
>
> On Tue, Sep 2
>
> To my understanding, instead of pointing to the default encryption
> function, it is pointing to 0x, thus causing the
> segmentation fault.
>
>
> Thanks,
> Shariful
>
>
>
> On Tue, Sep 28, 2021 at 1:40 AM Dmit
56.
>57. static int bind_helper(ENGINE *e, const char *id){
>58. if (!bind_dasync(e)){
>59. printf("2_Error: Inside Bind helper\n");
>60. return 0;
>61. }
>62. return 1;
>63. }
>64.
>65. IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
>66. IMPLEMENT_DYNAMIC_CHECK_FN()
>
>
> ==
>
> Regards,
> Shariful Alam
>
>
--
SY, Dmitry Belyavsky
brsa_engine.so rsa-engine-new.so sudo cp rsa-engine-new.so
> /opt/openssl/lib/engines-1.1/clean: rm -f *.o *.d *.so rsa-engine*
> ===
>
> My code compiles. When I try to do encryption using the following command,
> =
> *openssl rsautl -encrypt -inkey public.pem -pubin -in msg.txt -out msg.enc
> -engine rsa-engine-new*
> =
>
> I get a segmentation fault,
>
>
>
> *engine "rsa-engine-new" set.RSA Engine is encrypting using public
> keySegmentation fault (core dumped)*
>
>
> Do I need to Compile this sample engine with the OpenSSL in order for it
> to work?
>
> Regards,
> Shariful Alam
>
>
>
--
SY, Dmitry Belyavsky
rror:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field
> missing:crypto/asn1/tasn_dec.c:425:Field=p, Type=RSAPrivateKey
>
> The above error is because field p is NULL, but with same p is NULL
> encoding is successful. Any idea why encode is Success but decode fails?
>
> Thanks
es-1.1/rsa-engine-new.so
> ==
>
> My engine load without any error. Thanks.
> One more question, Do I need to compile and install my engine with Openssl
> source code in-order for it to work with mod_ssl?
>
> Regards,
> Shariful Alam
>
>
>
>
>
> On Thu, Aug 26
gt; # These are used by the TSA reply generation only.
> dir = ./demoCA # TSA root directory
> serial = $dir/tsaserial # The current serial number (mandatory)
> crypto_device = builtin # OpenSSL engine to use for signing
> signer_cert = $dir/tsacert.pem # The TSA signing certifi
gt;> static int bind_dasync(ENGINE *e){
>>
>> /* Setup RSA_METHOD */
>>
>> if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0))
>> == NULL
>>
>> || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
>>
>> || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
>>
>> || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc)
>> == 0
>>
>> || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec)
>> == 0
>>
>> ) {
>>
>>
>> return 0;
>>
>> }
>>
>>
>> /* Ensure the dasync error handling is set up */
>>
>>
>>
>> if (!ENGINE_set_id(e, engine_dasync_id)
>>
>> || !ENGINE_set_name(e, engine_dasync_name)
>>
>> || !ENGINE_set_RSA(e, dasync_rsa_method)
>>
>> ) {
>>
>> return 0;
>>
>> }
>>
>> return 1;
>>
>> }
>>
>>
>> static int bind_helper(ENGINE *e, const char *id){
>>
>> if (!bind_dasync(e)){
>>
>> printf("2_Error: Inside Bind helper\n");
>>
>> return 0;
>>
>> }
>>
>> return 1;
>>
>> }
>>
>>
>> IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
>>
>> IMPLEMENT_DYNAMIC_CHECK_FN()
>>
>>
>> =
>>
>>
>>
>>
>>
>> Thanks,
>>
>> Shariful
>>
>>
--
SY, Dmitry Belyavsky
42991dGWJpnfC30xieXCMoD7zx5hhc5Uf5EbFtxeWaT2HTfs0
> h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyoSqhsmZ+9hvkUWylDYiXfm24T
> UwIDAQAB
> -END PUBLIC KEY-
>
>
> Thank you,
>
> Nestor Melo
>
>
>
--
SY, Dmitry Belyavsky
in response to a ClientHello.
It can be invisible for end-users because of downgrade dance, but I wonder
if we have any real-life cases.
The relevant GH issue is https://github.com/openssl/openssl/issues/16075
Many thanks!
--
SY, Dmitry Belyavsky
ginx load
> balancer) and client with latest openssl certificate.
>
> Any idea to resolve this?
>
--
SY, Dmitry Belyavsky
Would you mind to raise the issue on GitHub with the reproduction?
On Fri, 19 Feb 2021, 21:44 Alon Bar-Lev, wrote:
> Hi,
>
> I am trying to analyze openssl sources, and it looks like the resign
> is implemented in an naive path that does not handle all cases.
>
> In other words, the CMS resign
all my
> approaches.
>
> Can someone give me brief hint on where to start and which API to look at
> first?
>
> Thanks a lot!
> Timo
>
>
--
SY, Dmitry Belyavsky
crash
>
> ./config -ggdb enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method
> no-shared
>
>
> What is the significance of no-shared ? why we have to use this option
>
>
> Thanks
>
> Satyam
>
> On Mon, 26 Oct 2020 at 22:59, Dmitry Belyavsky wrote:
>
Segmentation fault (core dumped)
>
>
> Thanks
>
> Satyam
>
> On Mon, 26 Oct 2020 at 21:59, Dmitry Belyavsky wrote:
>
>> Dear Satyam,
>>
>> Do I correctly understand that
>> - you built openssl-1.1.1h from scratch with -enable-weak-ssl-ciphers
&g
wrote:
> Segmentation fault is not seen if i don't compile* ./config with*
> *-enable-weak-ssl-ciphers.*
>
> Is it something I am missing or some more options needs to be provided to
> ./config ?
>
> Thanks
> Satyam
>
> On Mon, 26 Oct 2020 at 20:21, Dmitry Belyavsky wr
17471 22",
> days=140728317048610, batch=-581372099, verbose=-581372056,
> req=0x7ffddd58f77b,
>
> ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/",
> lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489,
> default_op=-58137018
0x7f304680a000, 35929) = 0
>
> set_tid_address(0x7f3046806a10) = 47865
>
> set_robust_list(0x7f3046806a20, 24) = 0
>
> rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[],
> sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0
&g
;
> Core was generated by `openssl ciphers -V'.
>
> Program terminated with signal 11, Segmentation fault.
>
> #0 0x0041c53d in do_body.isra.3 ()
>
> (gdb) bt
>
> #0 0x0041c53d in do_body.isra.3 ()
>
> (gdb)
>
>
>
>
> Thanks
>
> S
" ";"
>>
>> ENGINES=engines/afalg.so engines/capi.so engines/dasync.so
>> engines/ossltest.so engines/padlock.so
>>
>> @
>>
>>
>> +
>>
>>
>> if i do any openssl operations it gives error ( core dumped )
>>
>>
>> *./openssl ciphers -V*
>>
>> * Segmentation fault (core dumped)*
>>
>>
>> *Can someone help me in resolving this issue ?*
>>
>>
>> If i don't use option* "**-enable-weak-ssl-ciphers " *then the above
>> issue is not seen but SSLv3 and weak ciphers do not get enable.
>>
>>
>> Thanks
>>
>> Satyam
>>
>
--
SY, Dmitry Belyavsky
uire more boilerplate code than really necessary.
>
> Cheers,
> Francesco
>
> [1] https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_METHOD.html
> [2]
> https://github.com/openssl/openssl/blob/d1fb6b481b1d70932a1435f83eae10cc68edbe36/crypto/cms/cms_sd.c#L269
>
>
> On Sat,
aling
with public keys.
For 3.0, the providers should do the same trick, I think.
--
SY, Dmitry Belyavsky
OS supported utilities like nslookup, gethostip etc?
> 2. Do we need a recursive dns server IP address to define in resolv.conf?
> 3. Can I know the APIs and files where I can start looking (for the dns
> resolution).
>
> Thank you for your time.
>
> Regards
> Simon
>
--
SY, Dmitry Belyavsky
t; When OpenSSL is compiled without ktls, the client will print test
> infinitely, but when enable ktls, some data are corrupted and sometimes
> result in unexpected eof while reading.
>
> Even when you remove SSL_write(ssl, reply, strlen(reply)); in server and
> RecvPacket(); in client,
Dear Mahendra,
On Mon, Apr 20, 2020 at 7:57 PM Mahendra SP wrote:
> Hi Dmitry Belyavsky,
>
> Thank you..To give more info, I am looking at something similar the engine
> in e_4758cca.c in engines folder where ENGINE_set_load_privkey_function
> is called.
> My under
Dear Mahendra,
On Mon, Apr 20, 2020 at 7:27 PM Mahendra SP wrote:
> Hi Dmitry Belyavsky,
>
> Thank you for the inputs. If I understand correctly, the
> reference indicates loading the private key to engine instance.
>
> My requirement is to call the ENGINE_set_load_p
t this one.
>
> I have also tried to debug in ENGINE_load_private_key in eng_pkey.c file.
> I dont see this function getting invoked. In this function, the private key
> callback set above gets invoked.
>
> Please suggest if I am missing something here.
>
> Thanks
> Mahendra
>
--
SY, Dmitry Belyavsky
be a very common use case, yet I can't seem to
> find any examples or documentation anywhere.
>
> Am I doing something wrong or making some really off-base assumptions?
>
> Thanks for any help, pointers, or guidance,
> Andrew F
>
--
SY, Dmitry Belyavsky
ror /tmp/1.1/conf/ssl.crt/ca.crt: verification failed*
>>
>> # echo $?
>>
>> 2
>>
>>
>> why I'm getting this error? is this an expected behavior in OpenSSL 1.1.1?
>>
>> Please answer my question.
>>
>>
>>
>>
>> --
>> *With Best Regards*
>> *Shivakumar S*
>>
>
>
> --
> *With Best Regards*
> *Shivakumar S*
>
--
SY, Dmitry Belyavsky
REAM, but I can't
> understand how I can add data as I described above or another way? I get
> data in unsigned char* every time. Any help would be appreciated. Thanks.
>
--
SY, Dmitry Belyavsky
Bashin, Vladimir
wrote:
> Thanks Dmitry!
>
> Do I need the server certificate in order to run those commands?
>
> Also , could you please point me to the exact commands that I’d need to
> execute in order to reproduce the tls handshake ?
>
>
>
> Regards,
>
> VB
>
icate – for example,
> due to a signing authority mismatch, or due to the encryption cipher type
> mismatch, or maybe due to some other factors.
>
>
>
> Could you please help us in better understanding this issue – what else
> could be wrong or missing in the Server and Client certificates ?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Thanks,
>
> Vladimir Bashin
>
>
>
--
SY, Dmitry Belyavsky
g something.
>
> If *EVP_PKEY_assign()*worked I will call *EVP_DigestSignInit(ctx, NULL,
> sha1(), engine, pkey)*.
>
> Thanks in advance.
>
--
SY, Dmitry Belyavsky
Hello,
-sigalgs does the trick.
On Thu, Jan 30, 2020 at 3:28 PM Dmitry Belyavsky wrote:
> Hello,
>
> How can I limit SignatureScheme (
> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme)
> announced by client when using TLS 1.3?
>
Hello,
How can I limit SignatureScheme (
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme)
announced by client when using TLS 1.3?
I'm interested in a solution either for 1.1.1 (preferred) or 3.
Many thanks!
--
SY, Dmitry Belyavsky
Hello,
Does openssl have any function allowing OID parent-child comparison (is
"1.2.3.4.5" a descendant of "1.2.3") or such comparison should be
implemented as comparing OBJ_obj2txt?
Thanks!
--
SY, Dmitry Belyavsky
uppose that you can't mix EVP_PKEY_METHOD and RSA_METHOD, but
you should wrap the RSA_METHOD callbacks in the EVP_PKEY callbacks.
I suggest you look at the https://github.com/gost-engine/engine as an
example of providing the EVP operations via the engine.
I also have an example of providing custom RSA_METHOD somewhere but it was
designed to work with 1.0 and may be incompatible with the 1.1.* because of
using the internal structures.
--
SY, Dmitry Belyavsky
e workthoughts on what could be blocked me from
> transferring the file? log attached.
>
> thank you!
> Krista
>
--
SY, Dmitry Belyavsky
the EVP_CIPHER_CTX object and
theEVP_CIPHER_CTX_FLAG_WRAP_ALLOW stays untouched, so the behavior seems a
bit controversial (and undocumented, at least for the 1.1.1 branch).
Is this difference a desired one or an accidental one? Should it be
documented or fixed?
--
SY, Dmitry Belyavsky
> calling "OPENSSL_init_crypto" because of the recursion.
>
>
--
SY, Dmitry Belyavsky
On Wed, Oct 30, 2019 at 6:58 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote
> in
> news:cadqlbz+jctu_yqiw9w-fyo0o56mqua2nri6helr6pggxqdh...@mail.gmail.com:
>
> > On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham
> > wrote:
> >
> >> Dmitry Belyavsky
On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
> >> You still have the OpenSSL built-in RNG.
>
>
>
> Is there a simple compiler flag to remove this?
>
> Or do I need to go into the source code and stick a "return -1;&quo
On Wed, Oct 30, 2019 at 6:20 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote
>
> >> /etc/ssl/openssl.cnf
> >
> > Yes, or any custom.
> > But the engine must provide the RAND_METHOD and set it as default.
> >
> >
>
>
>
> But if
On Wed, Oct 30, 2019 at 6:08 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
>
> >> It can be done via the engine code and config.
>
>
> Do you mean
>
> /etc/ssl/openssl.cnf
>
> ?
>
Yes, or any custom.
But the engine must provide the RAND_METH
On Wed, Oct 30, 2019 at 6:00 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
> > Did you try to create your own RAND_METHOD and set it as default on
> > loading the engine?
>
>
> No, I didn't try that.
>
> Note that I'm only using the OpenSSL binary,
W, SOME WAY, I'm still getting output when I
> run openssl rand -hex 8.
>
> How on earth to get OpenSSL to simply give up? I simply cannot have it
> use anything other than my TPM2 chip.
>
> Frederick
>
>
>
--
SY, Dmitry Belyavsky
ithub.com/openssl/openssl but
> not the sources for command line utility. Are the sources available?
>
> Or as an option is there a guide how I could write a simple pkcs7
> envelopedData reader to debug the library function?
>
You can build openssl using the following steps:
./config -ggdb
make
and then debug
LD_LIBRARY_PATH=. gdb --args apps/openssl ...
--
SY, Dmitry Belyavsky
Hello,
Well, some more diving into the code and I got the point.
We already have the corresponding control ASN1_PKEY_CTRL_CMS_ENVELOPE
On Tue, Oct 1, 2019 at 4:13 PM Dmitry Belyavsky wrote:
> Dear all,
>
> I don't see anywhere except parsing any mention of
> the KeyAgreeRecipientIn
to the derivation
procedure?
--
SY, Dmitry Belyavsky
uested structure,
> who can help, I will be grateful !!
>
>
> Att,
>
> *JAYRON ALBERTH COSTA CASTRO*
> *Network Infrastructure Engineer*
> *Kstros Treinamento e Tecnologia Ltda*
>
> Cel.: +55 (85) 98162-3076
> skype: jayron_castro
> jacas...@kstros.com
>
> [image: rodape]
>
>
--
SY, Dmitry Belyavsky
Great!
The CBC implementation was rather limited. If you have any specific
requirements, fill free to fill a bug report in the engine repo.
пн, 22 июля 2019 г., 21:16 Blumenthal, Uri - 0553 - MITLL :
> Are there any other parts of the openssl.cnf that could be related to this
> issue, or help
Hello,
пн, 22 июля 2019 г., 19:58 Blumenthal, Uri - 0553 - MITLL :
> Is this a full configuration file?
>
>
>
> It certainly isn’t – but I figured I’d post only the relevant part of it,
> rather than “crowding” the mailing list with something unnecessary.
>
>
>
> Are there any other parts of the
Dear Uri,
Is this a full configuration file?
пт, 19 июля 2019 г., 21:09 Blumenthal, Uri - 0553 - MITLL :
> MacOS Mojave 10.14.5, OpenSSL-1.1.1c (Macports-installed).
>
> Engines defined in the openssl.cnf file:
>
> #
> [engine_section]
> pkcs11 = pkcs11_section
> gost =
;
>
99,9% you'll have to fix your openssl calls. Most of data structures became
opaque and you'll need to fix access to separate fields if any.
If you used algorithm-specific methods instead of EVP, you probably have to
rewrite this calls.
It's only a part of the changes happened since 0.9.7.
--
SY, Dmitry Belyavsky
It's worth trying to run make update before running make.
пт, 14 июн. 2019 г., 20:13 Giovanni Fontana :
> A little bit further...with my problem in trying to build a tailored
> version of openSSL.
>
> If I do make I get at the end of building (trying to make .map file
> before the .so files )
>
h different flag combination as well. But all in vain. Please help
>
> Thanks
> Subrata
>
--
SY, Dmitry Belyavsky
3 -CAfile cert.pem -key key.pem -cert cert.pem -trace
--
SY, Dmitry Belyavsky
cert.pem
Description: application/x509-ca-cert
key.pem
Description: application/x509-ca-cert
Does the strace (in Linux) command report, that the config file and the
engine is read?
Still am getting same error as store not found when I run my application.
>
>
>
> Thanks and Regards,
>
> *SWAMY J S*
>
>
>
> *From:* Dmitry Belyavsky
> *Sent:* Thursday, April 25, 2
th? I copied my
> library in /lib/x86_64-linux-gnu still am getting same error.
>
> Please let me know the right path where i have to copy this engine?
>
>
>
> Thanks and Regards,
>
> *SWAMY J S*
>
>
>
--
SY, Dmitry Belyavsky
Dear Victor,
The below worked for me:
>
> subjectName = @alts
> [alts]
> otherName =
> 1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8String:виктор@например.рф
>
Thank you! It works, though it should be subjectAltName instead of
subjectName
>
> --
SY, Dmitry Belyavsky
Hello,
On Tue, Apr 23, 2019 at 12:21 AM Dmitry Belyavsky wrote:
> Dear Victor,
>
> On Mon, Apr 22, 2019 at 9:23 PM Viktor Dukhovni <
> openssl-us...@dukhovni.org> wrote:
>
>> On Sun, Apr 21, 2019 at 06:58:53PM +0300, Dmitry Belyavsky wrote:
>>
>> &
Dear Victor,
On Mon, Apr 22, 2019 at 9:23 PM Viktor Dukhovni
wrote:
> On Sun, Apr 21, 2019 at 06:58:53PM +0300, Dmitry Belyavsky wrote:
>
> > When I use a command
> >
> > openssl asn1parse -genstr "UTF8String:ф" -out content
> >
> > I get a 6-b
'ф' I want. But the encoding of it is not UTF8, as the utf8 encoding of a
cyrillic letter is 2 bytes long.
Am I wrong? If the behavior I see is desired one, how can I convert the
result of the encoding to UTF8 using openssl internal API?
--
SY, Dmitry Belyavsky
extracting from memory/swap/etc? Am I wrong?
Many thanks in advance!
--
SY, Dmitry Belyavsky
Hello Andreas,
I used smth like
===
RSA_METHOD my_rsa_method = {
"My RSA method",
0, /* pub_enc */
0, /* pub_dec */
0, /* priv_enc */
my_priv_dec, /* priv_dec */
0, /*
ttr(&(p8->attributes), attr) != NULL, 0,
CRYPTOCOM_R_NO_MEMORY);
}
==
The code is intended to add a custom attribute to PKCS8 attributes.
How do I do it in 1.1.1?
Thank you!
--
SY, Dmitry Belyavsky
On Mon, Feb 25, 2019 at 5:23 PM Matt Caswell wrote:
>
>
> On 25/02/2019 13:28, Dmitry Belyavsky wrote:
> > Hello,
> >
> > We've started porting our 1.0.2 application to 1.1.1.
> > What is a way to get an engine reference? I did not find a function like
&
Hello,
We've started porting our 1.0.2 application to 1.1.1.
What is a way to get an engine reference? I did not find a function like
EVP_PKEY_get1_engine
Thank you!
--
SY, Dmitry Belyavsky
t; Pauli
> --
> Dr Paul Dale | Cryptographer | Network Security & Encryption
> Phone +61 7 3031 7217
> Oracle Australia
>
>
>
> On 25 Feb 2019, at 5:02 pm, Dmitry Belyavsky wrote:
>
>
>
> On Sun, Feb 24, 2019 at 11:31 PM Viktor Dukhovni <
> openssl-us
ly_ external users. But sometimes, providing new
algorithms,
there appear some parts that should go into the core part. And regulation
creates similar problems.
All other users can call OBJ_obj2nid() or OBJ_txt2nid() to get a NID,
> and we can figure out how to allocate things dynamically if this makes
> sense. I don't know which APIs are currently NID-only.
AFAIK, no external API, but there are some cases when external API does not
cover all.
--
SY, Dmitry Belyavsky
gt; NIDs in the private space at runtime. The key question is whether
> such NIDs are global or valid only if returned to the same engine
> (provider, ...). If not global, the allocation might be static
> within the engine, and not require any locks.
>
Totally agree. OBJ_create() and similar functions exist, but do not solve
our problems.
--
SY, Dmitry Belyavsky
Dear Richard,
On Sat, Feb 23, 2019 at 8:47 AM Richard Levitte wrote:
> On Thu, 21 Feb 2019 17:20:53 +0100,
> Matt Caswell wrote:
> > On 21/02/2019 15:02, Dmitry Belyavsky wrote:
> > > Dear Matt
> > >
> > >
> > >
> > > On Wed, Feb 13, 2
s a patch to extend
3-5 internal lists.
If it could be done dynamically, it will be great.
3. Do you have plans to make some callback structures created by providers?
I mean such structures as SSL key exchange/authentication methods, X.509
extensions etc.
Thank you very much!
--
SY, Dmitry Belyavsky
Dear Hubert,
On Mon, Feb 4, 2019 at 6:52 PM Hubert Kario wrote:
> On Thursday, 31 January 2019 11:09:00 CET Dmitry Belyavsky wrote:
> > Hello,
> >
> > What is best practice to add own object identifiers to the
> crypto/objects/*
> > files?
> >
> > I
branch
usually cause numerous merge conflicts. So any advice is appreciated.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello
вс, 6 янв. 2019 г., 21:55 Antonio Iacono ant...@gmail.com:
> Hi,
>
> I sign a text file with:
> openssl cms -sign -signer cert.pem -inkey 01 -keyform engine -engine
> pkcs11
> in openssl.cnf
> [pkcs11_section]
> engine_id = pkcs11
> dynamic_path = /path/pkcs11.so
> MODULE_PATH =
Hello,
On Wed, Jan 2, 2019 at 12:41 PM Matt Caswell wrote:
>
>
> On 27/12/2018 08:37, Dmitry Belyavsky wrote:
> > Hello,
> >
> > Am I right supposing that local variables tmp1, tmp2, iv1, and iv2 are
> unused in
> > this function?
>
> Looks that way
Dear Jakob,
On Wed, Jan 2, 2019 at 1:14 PM Jakob Bohm via openssl-users <
openssl-users@openssl.org> wrote:
> On 02/01/2019 10:41, Matt Caswell wrote:
> >
> > On 27/12/2018 08:37, Dmitry Belyavsky wrote:
> >> Hello,
> >>
> >> Am I right supposi
Hello,
Am I right supposing that local variables tmp1, tmp2, iv1, and iv2 are
unused in this function?
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
as I would have expected) "unsigned int". Is there a
> possibility that EVP would set to a negative value and if so,
> what would that mean? Do I need to check for this in my code? Same
> with inl; why isn't it "unsigned int"? Is there ever a reason to pass
> in a
Hello,
Is it possible to send empty renegotiation_info extension instead of
TLS_EMPTY_RENEGOTIATION_INFO_SCSV using openssl s_client?
If yes, is it possible to test secure renegotiation afterward?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https
here isn't a cipherlist property that specifically selects CBC, so to
>>> get *only* CBC, you need to exclude AESGCM (and perhaps also AESCCM).
>>>
>>> --
>>> Viktor.
>>>
>>> --
>>> openssl-users mailing list
>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>>
>> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello,
https://github.com/openssl/openssl/pull/7614
On Thu, Nov 8, 2018 at 4:57 PM Dmitry Belyavsky wrote:
>
>
> On Thu, Nov 8, 2018 at 4:02 PM Matt Caswell wrote:
>
>>
>>
>> On 08/11/2018 12:44, Dmitry Belyavsky wrote:
>> > Hello,
>> >
>>
On Thu, Nov 8, 2018 at 4:02 PM Matt Caswell wrote:
>
>
> On 08/11/2018 12:44, Dmitry Belyavsky wrote:
> > Hello,
> >
> > can anybody clarify what for the abbreviations AVA and RDN stand for?
>
> RDN == Relative Distinguised Name
> AVA == Attribute
characters. If no field separator is specified then sep_comma_plus_space is
used by default.
=
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Well, you can use opaque pointer and own structure containing a flag and
switch between native and custom implementations depending on it.
I've tried it and it works
пн, 15 окт. 2018 г., 23:13 Selva Nair :
> Hi,
>
> How to override the evp_pkey_sign method in EVP_PKEY_METHOD structure for
> a
Hello,
Sorry, I've just found similar checks in all _CGM functions.
On Fri, Sep 14, 2018 at 1:30 PM Dmitry Belyavsky wrote:
> Dear Paul,
>
> Could you please clarify?
> The code seems to be related to s390 platform. Do I miss something?
>
> On Thu, Sep 13, 2018 at 1:55 A
ng the check down into the algorithm implementations
> makes sense. A more generic mechanism at the EVP would.
>
>
>
>
>
>
>
> Pauli
>
> --
>
> Oracle
>
> Dr Paul Dale | Cryptographer | Network Security & Encryption
>
> Phone +61 7 3031 7217
>
>
be avoided
- the limitation has been made too generic
- the implementation seems to be AEAD-specific.
So does not it make sense to provide this limitation at least at the
ciphersuite level? It can provide more straightforward way to manage such
limitations.
Thank you!
--
SY, Dmitry Belyavsky
Hello,
Is there any description how to use openssl macros describing the necessary
ASN1 structures?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
use that pointer to reference the composite_pkey_st (at least for the
>user-space implementation) ?
>
> Yes.
>
>
> Thanks for any help for understanding all these details... :D
>
> Cheers,
> Max
> --
> Best Regards,
> Massimiliano Pala, Ph.D.
> OpenCA
routines:tls_construct_cke_gost:library
bug:ssl/statem/statem_clnt.c:2436:
The error does not occur when using the master openssl branch.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
catched by existing regression testing.
>
> I'll open a proper PR to fix this as soon as we finish to test the
> alternative implementation.
>
Thank you very much!
>
> In the meantime you might open a proper issue in Github for this problem
> so that the bug will be properly
1 - 100 of 163 matches
Mail list logo