Hi Matt,
I am making the changes that you suggested, I think I can get the X and Y by
using
EVP_PKEY_get_bn_param() with OSSL_PKEY_PARAM_EC_PUB_X and _PUB_Y.
What I cannot figure out is how to get R and S. If I had an ECDSA_SIG, I would
call ECDSA_SIG_get0_r() and _s().
Are there EVP_PKEY p
On 28/10/2021 18:33, Jason Schultz wrote:
Thanks Matt. I think I have what I need as far as loading providers. I
also did the test you suggested with EVP_MD_fetch() and things failed as
expected, the fetch did not work.
One other question on providers, given how I load everything, it seems
Thanks Matt. I think I have what I need as far as loading providers. I also did
the test you suggested with EVP_MD_fetch() and things failed as expected, the
fetch did not work.
One other question on providers, given how I load everything, it seems like
before application exit, the cleanup shou
> From: openssl-users On Behalf Of Thiagu
> Mohan
> Sent: Thursday, 28 October, 2021 07:31
> Openssl Version 1.1.1l
> I am trying to compile openssl in Aix 7.2 OS ( ./Configure aix64-cc )
I don't recall seeing these, but I think the latest version of AIX we're
building on is 7.1. And it lo
On 28/10/2021 14:49, Jason Schultz wrote:
A call to OSSL_PROVIDER_available() says the "default" provider is
available; however, I'm wondering if I should be loading the default
provider via *load_config() as well? I would have to uncomment the
"activate = 1" in the default section of my co
Thanks Matt. I actually had this working (loading the fips_libctx using the
*load_config() API) but I was hitting other issues and thought I was doing
something wrong (more on that later).
So to review, I have my own config file, /usr/local/ssl/openssl-fips, with the
relevant contents(some comm
Openssl Version 1.1.1l
I am trying to compile openssl in Aix 7.2 OS ( ./Configure aix64-cc )
While running make, receiving error
"*Undeclared identifier RTLD_MEMBER" *
and
*"ldinfo_next" is not a member of "struct ld_info". *
Any pointers will be much helpful.
*Log:*
*cc -I.
On 28/10/2021 14:16, Felipe Gasper wrote:
On Oct 28, 2021, at 03:52, Matt Caswell wrote:
On 27/10/2021 18:53, Felipe Gasper wrote:
Support for secure renegotiation is a “good thing”, right? That being
the case, why would the newer OpenSSL version report no support for it while
> On Oct 28, 2021, at 03:52, Matt Caswell wrote:
>
>
>
> On 27/10/2021 18:53, Felipe Gasper wrote:
>> Support for secure renegotiation is a “good thing”, right? That being
>> the case, why would the newer OpenSSL version report no support for it while
>> the older one supports it?
>
Hi Matt,
Ok, we'll proceed by another way.
Thank you for your fast answer
Kinbd regards,
Patrice.
Matt Caswell a écrit :
On 28/10/2021 10:06, Patrice Guérin wrote:
Hi all,
The output of pkcs12 command differs between release 1.0.2 and 1.1.1.
The command used is
openssl pkcs12 -passi
On 28/10/2021 10:06, Patrice Guérin wrote:
Hi all,
The output of pkcs12 command differs between release 1.0.2 and 1.1.1.
The command used is
openssl pkcs12 -passin pass: -nokeys -in signedcert.bin
In the bag attributes, if the subject (and probably the issuer) contains
bytes out
On 28/10/2021 05:50, Paramashivaiah, Sunil wrote:
ssl->session
SSL_get0_session():
https://www.openssl.org/docs/man3.0/man3/SSL_get_session.html
Although beware: TLSv1.3 changes how sessions are established - they are
created post-handshake. Read the NOTES section on the man page carefull
Hi all,
The output of pkcs12 command differs between release 1.0.2 and 1.1.1.
The command used is
openssl pkcs12 -passin pass: -nokeys -in signedcert.bin
In the bag attributes, if the subject (and probably the issuer) contains
bytes outside ASCII range,
I get a different result and
On 27/10/2021 19:04, Kory Hamzeh wrote:
Hi,
I am upgrading some 3RD party code which performs FIPS ECDSA AVS testing for
FIPS 140-2 certification. The code uses FIPS_escda_sign(), which in
Openssl-fips-2.0.5 is define as:
ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
co
On 27/10/2021 18:53, Felipe Gasper wrote:
Support for secure renegotiation is a “good thing”, right? That being
the case, why would the newer OpenSSL version report no support for it while
the older one supports it?
Probably TLSv1.3 is being negotiated with the newer version. In TL
On 27/10/2021 17:28, Jason Schultz wrote:
With these config files and the code above, the
OSSL_PROVIDER_load(fips_libctx, "fips") call fails. Here are the
messages from the ERR_print_errors_fp() call:
2097C692B57F:error:1C8000D5:Provider routines:(unknown
function):missing config data:
16 matches
Mail list logo
