Hello,
I have been unable to prevent CMS_SignerInfo_sign() to add a signing time
attribute even though I used CMS_NOATTR. I think the issue is here:
if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
if (!cms_add1_signingTime(si, NULL))
goto err;
}
This is around line 648 of cr
Hi
I have a embedded board P1010 RDB running openssl on VXWORKS 5.4 .
I am generating RSA 2048 and 3072 bit key pairs.
I am providing entropy to openssl by using RAND_seed from a HW RNG.
My average generation time for RSA 2048 key pair is 2 Minutes and 3072 is
8 minutes.
Is there a way to reduc
I tested the master branch that adds this capability, but I’m apparently not
using the right combination of flags to turn it off – when I attempt
s_client/s_server in the 1.1.1dev branch, I’m still seeing the ETM extension
offered and negotiated for CBC suites. What would be the correct method t
> On Jan 16, 2017, at 4:35 AM, Matt Caswell wrote:
>
> OpenSSL only supports ECDH (for key exchange) and ECDSA (for digital
> signatures) for elliptic curve keys, i.e. there are no ec encryption
> algorithms available.
That said, IIRC CMS supports EC public keys, by performing off-line
ECDH:
c
On 16/01/2017 17:05, Tedd Weyman wrote:
I ran a Secunia update (set for auto update), and got a request to
manually go to OpenSSL to update. But OpenSSL does not provide updates
for end users. Anyone have an idea why such an update would not be
automatic from the downstream vendor, and how migh
I ran a Secunia update (set for auto update), and got a request to manually
go to OpenSSL to update. But OpenSSL does not provide updates for end
users. Anyone have an idea why such an update would not be automatic from
the downstream vendor, and how might I get the update myself?
Thanks
--
opens
On 16/01/17 14:14, Michael Shirley wrote:
> It appears that starting with OpenSSL 1.1.0, it is not possible to
> disable the Encrypt-Then-MAC (ETM) TLS extension for CBC ciphers. Is
> there an undocumented method to do this, which would also allow me to
> use the built-in s_server/s_client test m
It appears that starting with OpenSSL 1.1.0, it is not possible to disable the
Encrypt-Then-MAC (ETM) TLS extension for CBC ciphers. Is there an undocumented
method to do this, which would also allow me to use the built-in
s_server/s_client test mechanism?
Thanks,
-Mike
Michael Shirley
Senior
On 15/01/17 03:47, Norm Green wrote:
> Is there a way to encrypt a file using the openssl command with an
> elliptic curve public key? Here's what I get when I try using OpenSSL
> 1.1.0c :
OpenSSL only supports ECDH (for key exchange) and ECDSA (for digital
signatures) for elliptic curve keys,
