In my verify callback (for 1.0.2, mind you), I use
X509_STORE_CTX_get_app_data(ctx) to get the SSL* pointer.
X509_STORE_CTX_get_app_data(ctx) is a macro in OpenSSL's "x509_vfy.h"
header file that maps to X509_STORE_CTX_get_ex_data(ctx,0) (why doesn't
it use SSL_get_ex_data_X509_STORE_CTX_idx()
> For an application linked to FIPS capable OpenSSL,
> 1) After calls to FIPS_mode_set() and FIPS_mode() both succeed, is it good
> practice to call FIPS_selftest()? Or is this redundant call?
>
> 2) Did come across documentation which only hinted that FIPS_mode_set() calls
> FIPS_selftest() i
Hi,
For an application linked to FIPS capable OpenSSL,
1) After calls to FIPS_mode_set() and FIPS_mode() both succeed, is it good
practice to call FIPS_selftest()? Or is this redundant call?
2) Did come across documentation which only hinted that FIPS_mode_set()
calls FIPS_selftest() internall
On 8/7/19, 10:57 AM, "openssl-users on behalf of Matt Caswell"
wrote:
> >> ../test/recipes/15-test_ec.t (Wstat: 256 Tests: 5
Failed: 1)
> >
> > Assuming you are building with enable-ec_nistp_64_gcc_128 then the fix
for this
> > issue is here:
> >
> > http
On 07/08/2019 15:49, Matt Caswell wrote:
>
>
> On 07/08/2019 15:48, Blumenthal, Uri - 0553 - MITLL wrote:
>> Test Summary Report
>>
>> ---
>>
>> ../test/recipes/15-test_ec.t (Wstat: 256 Tests: 5
>> Failed: 1)
>>
>> Failed test: 2
>>
>> Non-zero exit st
On 07/08/2019 15:48, Blumenthal, Uri - 0553 - MITLL wrote:
> Test Summary Report
>
> ---
>
> ../test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed:
> 1)
>
> Failed test: 2
>
> Non-zero exit status: 1
>
> Files=174, Tests=1660, 122 wallclock secs
Test Summary Report
---
../test/recipes/15-test_ec.t (Wstat: 256 Tests: 5 Failed: 1)
Failed test: 2
Non-zero exit status: 1
Files=174, Tests=1660, 122 wallclock secs ( 1.27 usr 0.34 sys + 81.53 cusr
29.91 csys = 113.05 CPU)
Result: FAIL
Does it s
On 07/08/2019 12:19, Chitrang Srivastava wrote:
> Hi Matt,
>
> I tried following code but it is crashing @ *SSL_CTX_set_ciphersuites*
> s_ctx = SSL_CTX_new(TLS_method());
> SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION |
> SSL_OP_CIPHER_SERVER_PREFERENCE);
> SSL_CTX_set_min_proto_version(
Hi Matt,
I tried following code but it is crashing @ *SSL_CTX_set_ciphersuites*
s_ctx = SSL_CTX_new(TLS_method());
SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION |
SSL_OP_CIPHER_SERVER_PREFERENCE);
SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION);
SSL_CTX_set_ciphersuites(s_ctx,
"TLS_AES_
On 07/08/2019 01:36, Salz, Rich via openssl-users wrote:
>>Due to this I have to remove the usage of OPENSSL_thread_stop(), want to know
> the equivalent call in OpenSSL 1.0.2s? if applicable.
>
> 1.0.2 has no concept/support for threads, so you probably don’t need to do
> anything.
That's n
Now I've got it.
Thank you very much.
-Ursprüngliche Nachricht-
Von: Thulasi Goriparthi
Gesendet: Mittwoch, 7. August 2019 09:42
An: Heinz, Johannes
Cc: openssl-users@openssl.org
Betreff: Re: EVP_KEY_cmp and -_parameters issues
RSA keys wouldn't have parameters that are separated from
On 06/08/2019 17:16, Matt Caswell wrote:
> sig->r = BN_bin2bn(r, rlen, NULL);
> sig->s = BN_bin2bn(s, slen, NULL);
As a slight amendment to my earlier answer - a better way to do the above two
lines would be to use the ECDSA_SIG_set0() function to set the r and s
components rather than
RSA keys wouldn't have parameters that are separated from key
components. So, EVP_PKEY_cmp() is applicable, but not
EVP_PKEY_cmp_parameters().
DH keys, which are generally used for key exchange, are short lived,
though the group parameters can be comparatively valid for longer
duration (let's say
13 matches
Mail list logo
