Re: [openssl-users] Two questions on OpenSSL EVP API

On Wed, 2018-12-19 at 08:57 +0300, Dmitry Belyavsky wrote: > > I would have thought that the true maximum would be round-up(inl, > > cipher_block_size); that is, for inl values 1-15 you'd get 16 > > bytes, and for inl values 16-31 you'd get 32 bytes, etc. (I'm not > > actually sure whether inl of 1

[openssl-users] EVP_DecryptUpdate: why is this failing when out == in?

As I understand it, it's legal to provide the exact same input and output buffer to EVP_EncryptUpdate and EVP_DecryptUpdate, but it's not legal to provide pointers into different parts of the same buffer. That's a good check. However, my implementation is getting triggered by this code in EVP_Dec

Re: [openssl-users] Two questions on OpenSSL EVP API

Hello Paul, On Wed, Dec 19, 2018 at 6:02 AM Paul Smith wrote: > Hi all; I'm working with OpenSSL 1.1.1a, using the EVP interface to > encrypt/decrypt with various ciphers/modes. > > I had a couple of questions: > > > First, the encrypt update docs say: > > > the amount of data written may be any

[openssl-users] Two questions on OpenSSL EVP API

Hi all; I'm working with OpenSSL 1.1.1a, using the EVP interface to encrypt/decrypt with various ciphers/modes. I had a couple of questions: First, the encrypt update docs say: > the amount of data written may be anything from zero bytes to > (inl + cipher_block_size - 1) Is that really true?

Re: [openssl-users] Openssl async support

Read this: https://www.openssl.org/docs/man1.1.0/crypto/ASYNC_start_job.html Usually async operations happen in engines when they need to talk to hardware but you can still utilize async mechanism in pure software if you have th

[openssl-users] Support for CAdES Basic Electronic Signatures (CAdES-BES)

Hi everyone, the patch discussed in this pull request https://github.com/openssl/openssl/pull/7893 adds support for adding ESS signing-certificate[-v2] attributes to CMS signedData. Although it implements only a small part of the RFC 5126 - CMS Advanced Electronic Signatures (CAdES), it is suffici

Re: [openssl-users] FIPS module v3

There are no committed to dates of any kind at present. The project is underway but it is too early to set a schedule, yet alone a completion date. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Alibek Jorajev via open

[openssl-users] Fwd: SSL_free Segmentation Fault

Hi, I am using openssl for ARM based target and I have cross compiled OpenSSLv1.0.2l from sources with FIPS. I have implemented the DTLSv1.2 based Server using OpenSSL APIs and able to run it on my target. Issue I am facing is when there is network failure I try to clean up the current DTLS sessi

Re: [openssl-users] A script for hybrid encryption with openssl

On Tue, Dec 18, 2018 at 3:18 AM Nick wrote: > I should add that I don't really care about the format, or even the use of > openssl - just the ability to tackle large files with the benefits of public > key encryption, in a self-contained way without needing fiddly work deploying > the keys (as

[openssl-users] does -subj suppress challenge Password prompt

From my colleague Peter. Peter is attempting to generate a variety of CSR requests for use in examples for an IETF ACE WG on coap-est. Below my problem: the standard openssl.cnf file is attached. The openssl version is 1.0.1f. When I do the following shell script: ___

Re: [openssl-users] A script for hybrid encryption with openssl

On 17/12/2018 22:02, Jakob Bohm via openssl-users wrote: > A simpler way is to realize that the formats used by SMIME/CMS (specifically > the PKCS#7 formats) allow almost unlimited file size, and any 2GiB limit is > probably an artifact of either the openssl command line tool or some of the > under

Re: [openssl-users] Openssl async support

Hi all, I truly understand that everyone might be busy with your work and didn't found time to reply. That's okay, but incase you have accidendly forgot to reply, please accept this as a gentle reminder. On Mon, Dec 17, 2018 at 6:11 PM ASHIQUE CK wrote: > Hi all, > > I have some queries reg

[openssl-users] FIPS module v3

Hi everyone, I have been following OpenSSL blog and know that work on new OpenSSL FIPS module has started. Current FIPS module (v.2) has end of life (December 2019) and I assume that new FIPS module will be by that time.  but can someone tell me - is there are approximate dates -  will it be ava

[openssl-users] Sending empty renegotiaion_info

Hello, Is it possible to send empty renegotiation_info extension instead of TLS_EMPTY_RENEGOTIATION_INFO_SCSV using openssl s_client? If yes, is it possible to test secure renegotiation afterward? Thank you! -- SY, Dmitry Belyavsky -- openssl-users mailing list To unsubscribe: https://mta.ope