On 2012-05-23 13:26 +0900 (Wed), Curt Sampson wrote:
> The application I'm concerned with
Oh, one more thing I forgot about the application: we're using our own
means of certificate and CRL distrubution and storage, so in generally
we have DER representations of this stuff in memory, rather t
Is there some document around that discusses best practices for dealing
with memory management for OpenSSL objects? Most or all of the examples
in _Network Security with OpenSSL_ seem to rely on the program ending
to clean up any allocated objects left lying around, which of course is
not really an
Hi,
Is BIO_set_proxies() supported in 1.0.1? What is the proxy solution for OCSP
query?
Thanks,
-binlu
On 22/05/12 17:35, Li, David wrote:
Hi All,
I can't find this function in the source tree? It seems pointing to
FIPS_aes_256_gcm. All I see is:
grep -r FIPS_evp_aes_256_gcm .
./crypto/evp/evp_fips.c:const EVP_CIPHER *EVP_aes_256_gcm(void) {
return FIPS_evp_aes_256_gcm(); }
Anyone know
Hi All,
I can't find this function in the source tree? It seems pointing to
FIPS_aes_256_gcm. All I see is:
grep -r FIPS_evp_aes_256_gcm .
./crypto/evp/evp_fips.c:const EVP_CIPHER *EVP_aes_256_gcm(void) { return
FIPS_evp_aes_256_gcm(); }
Anyone know where it is?
David
Sorry one other point. Just noticed that in one of your other posts,
you have been provided with a previously existing private key. In that
case you need to find out what curve that private key was associated
with.
Matt
On 22 May 2012 17:04, Matt Caswell (fr...@baggins.org)
wrote:
> NID_ecdsa_wi
NID_ecdsa_with_SHA256 is not the name of a curve.
NID_secp256k1 is probably a good choice. Refer to the following
document for a discussion on recommended curves (appendix d), and then
find the related NID name for the curve you want in OpenSSL:
http://csrc.nist.gov/publications/fips/fips186-3/fip
Well, acording to the method EC_GROUP_new_by_curve_name that is referenced
by EC_KEY_new_by_curve_name():
"EC_GROUP* EC_GROUP_new_by_curve_name (int nid)
{
size_t i;
EC_GROUP *ret = NULL;
if (nid <= 0)
return NULL;
for (i=0; i wrote:
> Hi,
> I got a pr
Hi,
I got a problem with
EC_KEY_new_by_curve_name: it always return NULL. Here is how I used it:
EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_ecdsa_with_SHA256);
If(eckey == NULL)
{
printf("ERROR: NULL ECKEY!\r\n");
}
Do you happen to know the reason?
Hi Dave,
Thank you so much for your reply. I have been struggling with this issue
for while. And I tried your method, but I got a problem with
EC_KEY_new_by_curve_name: it always return NULL. Here is how I used it:
EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_ecdsa_with_SHA256);
If(eckey == NULL)
{
> -Original Message-
> From: Erwann Abalea
>
> Le 22/05/2012 10:57, Eisenacher, Patrick a écrit :
> >> -Original Message-
> >> From: Erwann Abalea
> >>
> >> Bonjour,
> >>
> >> Le 21/05/2012 14:10, Serge Emantayev a écrit :
> >>> Hello openSSL gurus,
> >>>
> >>> I faced an issue of p
Thanks Steve for your email and information.
It's appreciated.
Thanks..
John
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: 22 May 2012 13:02
To: openssl-users@openssl.org
Subject: Re: ECC and OpenS
On Tue, May 22, 2012, Simner, John wrote:
> Dear all,
>
> I am working on an embedded product which currently uses OpenSSL 0.9.8w with
> FIPS support.
>
> We have received a request to support ECC and in particular the following
> cipher suites for ECC certification TLS_ECDHE_ECDSA_WITH_AES_12
On Tue, May 22, 2012 at 9:55 AM, Simner, John
wrote:
> Dear all,
>
> I am working on an embedded product which currently uses OpenSSL 0.9.8w with
> FIPS support.
I'm curious: what product is this? I had a quick poke around and
couldn't find any mention of OpenSSL on Siemen's websites...
> We hav
Hi!
Has someone with domain knowledge of how OpenSSL works looked at the
UEFI implementation of AuthentiCode?
I am currently looking at this file in particular:
http://tianocore.git.sourceforge.net/git/gitweb.cgi?p=tianocore/edk2;a=blob;f=CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7.c;h=036412af
Hello,
Please advise me if you know this issue. I need to know how to sign a message
using ECDSA. I have a message which is a variable length unsigned char array.
And I have a private key which is a 32 byte unsigned char array. And I am
trying to figure out how to sign the message using my own p
Le 22/05/2012 10:57, Eisenacher, Patrick a écrit :
-Original Message-
From: Erwann Abalea
Bonjour,
Le 21/05/2012 14:10, Serge Emantayev a écrit :
Hello openSSL gurus,
I faced an issue of pathlen constraint checking by openSSL
when verifying the client certificate. I did few studies f
> -Original Message-
> From: Erwann Abalea
>
> Bonjour,
>
> Le 21/05/2012 14:10, Serge Emantayev a écrit :
> > Hello openSSL gurus,
> >
> > I faced an issue of pathlen constraint checking by openSSL
> when verifying the client certificate. I did few studies for
> how openSSL does that and I
Dear all,
I am working on an embedded product which currently uses OpenSSL 0.9.8w with
FIPS support.
We have received a request to support ECC and in particular the following
cipher suites for ECC certification TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA and
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA.
I ca
Folks,
While mopping up some residuals on CVE-2012-0654 I came across something which
looks like odd behaviour:
1) OpenSSL nicely verifies the authorityKeyIdentifier. Good.
2) It nicely rejects/fails if the SHA1 checksum is wrong.
BUT
3) It seems to NOT fail if the octedstring
20 matches
Mail list logo
