It was meant for the second method only. The first method is using
different library contexts to distinguish FIPS algorithms. Using the
properties in addition is harmless and might prevent a future mistake
that breaks compliance.
Pauli
On 26/10/21 4:46 am, Jason Schultz wrote:
Thanks again.
Suppose the TLS layer is initialized in the form:
SSL_CTX *ctx = SSL_CTX_new(TLS_client_method());
BIO *r = BIO_new(BIO_s_mem());
BIO *w = BIO_new(BIO_s_mem());
SSL *ssl = SSL_new(ctx);
SSL_set_bio(ssl, r, w);
SSL_set_connect_state(ssl);
I want to use BIO so that I can control IO to/f
Thanks again. I think most of that makes sense. Going back to your initial
response, there is something I'm not clear on.
The second method you explained (which I don't plan to use) starting with
"Alternatively,..." included the calls to OSSL_PRIVIDER_load(), and then
discussed calling the foll
On 22/10/2021 21:02, Ken Goldman wrote:
I have X and Y as bignums. I create EVP_PKEY with this.
I suspect that I have to do another step to indicate that I supplied X
and Y and not a compressed
public key.
Unfortunately supplying x and y separately is not supported for import.
You have
On 25/10/2021 10:51, Alex Dankow wrote:
Hi everyone,
I'm writing a provider for Windows certificates.
It generally works like this
openssl x509 -in "myuri .." -provider mytest -text
OpenSSL fetches a DER encoded certificate from my STORE and prints it.
However it doesn't print the publi
Hi everyone,
I'm writing a provider for Windows certificates.
It generally works like this
openssl x509 -in "myuri .." -provider mytest -text
OpenSSL fetches a DER encoded certificate from my STORE and prints it.
However it doesn't print the public key itself.
The code in x_pubkey.c near OSS
Caveat: I've not tested or compiled the following...but something like this:
if (EVP_PKEY_is_a(evpKey, "RSA)) {
keysz = EVP_PKEY_get_bits(evpKey) / 8;
/* some code */
} else if (EVP_PKEY_is_a(evpKey, "EC")) {
char *name;
size_t namesize;
if (!EVP_PKEY_get_utf8_string_param(pk
Hi Matt,
Thanks for the reply. I need to replace the below code.
int keysz,ecGrpId;
switch(evpKey->type)
{
case NID_rsaEncryption:
{
if(evpKey->pkey.rsa)
{
On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:
Hi All,
I need get APIs for accessing the members of EVP_PKEY. Please
suggest APIs to get following members of EVP_PKEY
evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group.
EVP_PKEY_get_id() will get you the `evpkey->type`
On Sat, 2021-10-23 at 11:04 +0700, Alex Dankow wrote:
> Hi OpenSSL users and its glorious developers,
>
> Thank you very much for OpenSSL 3!
>
> My question is about writing a provider. I decided to start from a
> Windows certificate storage provider. It already works with "openssl
> storeutl" c
10 matches
Mail list logo
