Re: [openssl-users] i2d_X509_SIG() in FIPS mode

2015-02-02 Thread Gayathri Manoj
Hi Steve, Viktor, I have tried with len also, But this also causing seg fault. my requiremnt is to store max 2048 bit keys. Hence I used length as 512 +1. currently i ma getting len value = 28514. X509_SIG sig; X509_ALGOR algor; ASN1_OCTET_STRING digest; ASN1_TYPE parameter; ASN1_item_dige

Re: [openssl-users] ECDHE-ECDSA certificate returning with no shared cipher error

2015-02-02 Thread Rajeswari K
Hello Dave, Thanks for responding. Following is the output printed by openssl ./openssl req -in csr.csr -noout -text Certificate Request: Data: Version: 0 (0x0) Subject: CN=eccert/unstructuredName= Subject Public Key Info: Public Key Algorithm: id-ecPu

Re: [openssl-users] ECDHE-ECDSA certificate returning with no shared cipher error

2015-02-02 Thread Dave Thompson
> From: openssl-users On Behalf Of Rajeswari K > Sent: Sunday, February 01, 2015 21:18 > Am facing an issue of "no shared cipher" error during SSL Handshake, > when tried to negotiate ECDHE cipher suite. > *Feb 2 01:00:47.894: SSL_accept:error in SSLv3 read client hello C > *Feb 2 01:00:47.89

Re: [openssl-users] i2d_X509_SIG() in FIPS mode

2015-02-02 Thread Viktor Dukhovni
On Mon, Feb 02, 2015 at 07:15:12PM +0530, Gayathri Manoj wrote: > unsigned char *ptr, *tmp=NULL; > X509_SIG sig; > How is "sig" initialized? > len=i2d_X509_SIG(sig,NULL); > tmp = (unsigned char*) malloc(513); Why 513 and not len? What is the value of len? > ptr=tmp; > i2d_X509_SIG(&sig,

Re: [openssl-users] i2d_X509_SIG() in FIPS mode

2015-02-02 Thread Dr. Stephen Henson
On Mon, Feb 02, 2015, Gayathri Manoj wrote: > Hi Steve, > > unsigned char *ptr, *tmp=NULL; > X509_SIG sig; > > len=i2d_X509_SIG(sig,NULL); > tmp = (unsigned char*) malloc(513); > ptr=tmp; > i2d_X509_SIG(&sig, &ptr); // here causing problem. > Well you should really malloc 'len' bytes as

Re: [openssl-users] What is the best practise for shutdown SSL connections?

2015-02-02 Thread Viktor Dukhovni
On Mon, Feb 02, 2015 at 09:23:19AM +0300, Serj wrote: > > http://tools.ietf.org/html/rfc5246#section-7.2.1 > > I read RFC. Have read "7.2.1. Closure Alerts" once again. > But this is the normative document. I ask: what in practise in terms of > OpenSSL API? > > As I already said some servers do

Re: [openssl-users] i2d_X509_SIG() in FIPS mode

2015-02-02 Thread Gayathri Manoj
Hi Steve, unsigned char *ptr, *tmp=NULL; X509_SIG sig; len=i2d_X509_SIG(sig,NULL); tmp = (unsigned char*) malloc(513); ptr=tmp; i2d_X509_SIG(&sig, &ptr); // here causing problem. Thanks, Gayathri On Mon, Feb 2, 2015 at 6:38 PM, Dr. Stephen Henson wrote: > On Mon, Feb 02, 2015, Gayathri

Re: [openssl-users] Specify algorithm for openssl smime decrypt

2015-02-02 Thread Fred
On 06/01/2015 12:38, Dr. Stephen Henson wrote: On Tue, Jan 06, 2015, Fred wrote: I need to decrypt some S/MIME content with an invalid key length for the AlgOID specified in the PCKS7 content. AES-256 is specified as the AlgOID, but a key length of 192 bits is being used. Is there anyway to g

Re: [openssl-users] i2d_X509_SIG() in FIPS mode

2015-02-02 Thread Dr. Stephen Henson
On Mon, Feb 02, 2015, Gayathri Manoj wrote: > Hi All, > > Please let me know shall I need to take care the memory separately for the > fips mode. > Only in FIPS mode i am getting the below error while calling i2d_x509_sig(). > I'm not sure how that can happen. The function i2d_X509_SIG isn't pa

Re: [openssl-users] i2d_X509_SIG() in FIPS mode

2015-02-02 Thread Gayathri Manoj
Hi All, Please let me know shall I need to take care the memory separately for the fips mode. Only in FIPS mode i am getting the below error while calling i2d_x509_sig(). Program received signal SIGSEGV, Segmentation fault. 0x00d9d045 in __memcpy_ssse3_rep () from /lib/libc.so.6 Thanks, Gayathri

[openssl-users] ECDSA private key load error

2015-02-02 Thread Rajeswari K
Hello Openssl users, Am facing following issue while am loading ECDSA private key using EVP_PKCS82PKEY(). I hope am missing some initialization in this regard. Can you please point me what am i doing wrong. Steps followed : Have generated CSR and signed using openssl commans. Following are the