Re: [openssl-users] What is the best practise for shutdown SSL connections?

Hi, Viktor.  02.02.2015, 18:04, "Viktor Dukhovni" :It should be sufficient for the server to send its close notifywithout waiting for a client response.  If the server destroys theSSL connection without calling SSL_shutdown() I am not sure whetherthe session remains cached. I mean, can CLIENT then

Re: [openssl-users] i2d_ d2i_ b2i_ i2b_ functions and EVP_PKEY

Hi, Michael. Thank you very much for your answer. Now it's clear.  03.02.2015, 16:08, "Michael Wojcik" :Lots of things in OpenSSL aren't documented. It's not strange at all - programmers tend to write code first, documentation second (or later). This is true of a great many open-source projects, an

[openssl-users] The evolution of the 'master' branch

As we've already said, we are moving to making most OpenSSL data structures opaque. We deliberately used a non-specific term. :) As of Matt's commit of the other day, this is starting to happen now. We know this will inconvenience people as some applications no longer build. We want to work with

[openssl-users] Windows Embedded Compact 7 OpenSSL

I am trying to get OpenSSL to build for Windows Embebbed Compact 7 using Visual Studio 2008. Is there a write up some wheres that I have missed for doing this? I am having troubles finding much of anything in the way of support for doing this. ___ openssl

[openssl-users] OpenSSL FIPS Object Module 1.* is vulnerable to CVE-2014-3570?

CVE-2014-3570 is fixed in 0.9.8ze. Does the BN_sqr implementation in FIPS Object Module 1.* also need to be fixed? If I run 0.9.8ze on FIPS mode with using FIPS Object Module 1.x, am I vulnerable to the CVE-2014-3570 attacks? ___ openssl-users mailing li

Re: [openssl-users] Certificate verification fails with latest commits (ECDSA)

Hi Steve, thanks a lot for your quick response and for the clarification. > Von: "Dr. Stephen Henson" > The MSB is effectively a sign bit but the explanation in the standard isn't > very clear. If you take your example of GTS001.pem and do: > > openssl asn1parse -in GTS001.pem -strparse 367

Re: [openssl-users] i2d_ d2i_ b2i_ i2b_ functions and EVP_PKEY

"i" is an abbreviation for "internal", meaning OpenSSL's internal format. "2" means "to". "d" means "DER". "b" means "blob", and refers to a "key blob" format used by Microsoft. (That's based on the OpenSSL source code; I haven't looked into the actual provenance of this blob format.) It appears

[openssl-users] Support of HMAC-Based ciphersuites (RFC6367) in openssl 1.0.1l

Hello everybody, today i tried to rework the cipher suites of my system and I wanted to integrate the Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2. I tried to find out, which ciphers are supported within the newest openssl version 1.0.1l, but openssl did not have any cipher

Re: [openssl-users] Certificate verification fails with latest commits (ECDSA)

On Tue, Feb 03, 2015, jan.w...@ptb.de wrote: > > This check fails for some of our certificates and the reason is that > openssl adds a padding byte for BIGNUMs in crypto/asn1/x_bignum.c if the > MSB is set. Our encoding does not contain these padding bytes and, > consequently, the re-encoded v

Re: [openssl-users] i2d_ d2i_ b2i_ i2b_ functions and EVP_PKEY

 I have found some info and now some questions more clear for me. But still have 2 questions... i2d_ functions write the DER representation of the object into a buffer.d2i_ functions read the DER representation of the object from a buffer and creates the appropriate object in memory. 1. What is b2i

[openssl-users] i2d_ d2i_ b2i_ i2b_ functions and EVP_PKEY

Hello. I see many functions have prefixes: i2d_ d2i_ b2i_ i2b_ For example: i2d_PublicKey i2d_PrivateKey d2i_PublicKey d2i_PrivateKey b2i_PublicKey b2i_PrivateKey i2b_PublicKey_bio i2b_PrivateKey_bio I think these letters: 'i', 'd', 'b' have some meaning. Can somebody help me to understand

Re: [openssl-users] "openssl dgst" computes wrong HMAC?

On 03.02.2015 11:16, Billy Brumley wrote: >> $ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc >> (stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c > > This gets posted every once in a while -- google around. Something > about the hmac switch not doing what you thin

Re: [openssl-users] "openssl dgst" computes wrong HMAC?

> $ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc > (stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c This gets posted every once in a while -- google around. Something about the hmac switch not doing what you think it's doing. $ echo -n foobar | openssl dgst -sh

[openssl-users] Certificate verification fails with latest commits (ECDSA)

Hi, we have noticed that with the latest Debian wheezy-security update of the libssl1.0.0 package sudenly the verification of some of our ECDSA-signed certificates failed. I've looked into this and I've traced it down to the following patch https://github.com/openssl/openssl/commit/684400ce192

Re: [openssl-users] "openssl dgst" computes wrong HMAC?

On 03.02.2015 10:00, Johannes Bauer wrote: > when I use OpenSSL I suspect some funny business going on with the HMAC > computation of "openssl dgst" command line tool. Consider: Damn, I'm sorry. Forgot to include the version: OpenSSL 1.0.1f 6 Jan 2014 Regards, Johannes _

[openssl-users] "openssl dgst" computes wrong HMAC?

Hi list, when I use OpenSSL I suspect some funny business going on with the HMAC computation of "openssl dgst" command line tool. Consider: $ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc (stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c But #include #include

[openssl-users] Openssl 1.0.2 evp_test core dumps on Sparc T4, solaris 11

I am building openssl 1.0.2 on a number of platforms, and I am having problems on a virtual Solaris 11.0 machine running on a Sparc T4. The code builds fine, but the evp_test core dumps. Here are the last lines of output from the command (test/evp_test test/evptests.txt): Testing cipher id-aes256-