Hello Boris/John
I am from NXP and currently working on enabling KTLS on NXP platforms via
openssl.
I see that you enabled KTLS support in openssl
3.0(https://www.openssl.org/news/changelog.html#openssl-30).
when I configure openssl 3.0 or 3.1.0 with enable-ktls and and try to run the
Hi Michael,
Thanks a lot for your analysis. I've fixed this issue as mentioned in previous
email.
Regards,
Allen
发件人: openssl-users 代表
openssl-users-requ...@openssl.org
发送时间: 2022年1月1日 15:48
收件人: openssl-users@openssl.org
主题: openssl-users Digest, Vol 86,
Hi Mark,
Thanks so much for your advice. You're right. This is truely caused by
signature_algorithms_cert extension not containing rsa_pkcs1_sha256 (0x0401).
Below solutions now works well regarding TLS handshake.
1.The ClientHello doesn't include signature_algorithms_cert extension.
2.The
> > But, considering that the man pages describe C API, wouldn't it be
> > nice to mention (even though it may be obvious that a number of order
> > 2^384 might not fit into 32 or even 64 bits) that the actual type is
> > BIGNUM?
>
> No, the type is not a BIGNUM. Please read "man OSSL_PARAM"
On Tue, 2022-01-04 at 17:02 +, Blumenthal, Uri - 0553 - MITLL
wrote:
> > > In other words, the man page says it's unsigned int, but in fact
> > it's
> > > BIGNUM? Because the pointer I gave was to "unsigned int", like
> > in the
> > > OP's code.
> >
> > The param is too big to fit into
> > In other words, the man page says it's unsigned int, but in fact it's
> > BIGNUM? Because the pointer I gave was to "unsigned int", like in the
> > OP's code.
>
> The param is too big to fit into int. If you were using some
> ridiculously small EC curve the call would succeed. The
On Tue, 2022-01-04 at 16:46 +, Blumenthal, Uri - 0553 - MITLL
wrote:
> On 1/4/22, 11:23, "Tomas Mraz" wrote:
>
> > > Theoretically, shouldn’t
> > >
> > > EVP_PKEY_get_int_param(pkey, OSSL_PARAM_EC_ORDER, &(unsigned
> > int)order)
> > >
> > > work? I verified that it does not seem to
On 1/4/22, 11:23, "Tomas Mraz" wrote:
> > Theoretically, shouldn’t
> >
> > EVP_PKEY_get_int_param(pkey, OSSL_PARAM_EC_ORDER, &(unsigned int)order)
> >
> > work? I verified that it does not seem to work, at least in the
> > obvious context.
>
> OSSL_PARAM_EC_ORDER is an unsigned integer
On Tue, 2022-01-04 at 14:17 +, Blumenthal, Uri - 0553 - MITLL
wrote:
> Now I became interested. ;-)
>
> Theoretically, shouldn’t
>
> EVP_PKEY_get_int_param(pkey, OSSL_PARAM_EC_ORDER, &(unsigned
> int)order)
>
> work? I verified that it does not seem to work, at least in the
> obvious
Now I became interested. ;-)
Theoretically, shouldn’t
EVP_PKEY_get_int_param(pkey, OSSL_PARAM_EC_ORDER, &(unsigned int)order)
work? I verified that it does not seem to work, at least in the obvious
context.
What is the purpose of that parameter and function call, and where/how can one
use
On Tue, 2022-01-04 at 02:33 +0100, Wolf wrote:
> Thank you for the answer!
>
> On 2022-01-03 10:11:19 +0100, Tomas Mraz wrote:
> > You're using the secp384r1 curve which is a prime field curve. The
> > OSSL_PKEY_PARAM_EC_CHAR2_M parameter can be obtained only for
> > binary
> > field curves.
> >
11 matches
Mail list logo
