On Fri, Jul 19, 2024 at 4:55 PM tomasz bartczak wrote:
> If I use the crypto library I can provide desired properties like in
> EVP_ASYM_CIPHER_fetch function. However when I use the ssl library, how to
> make sure it calls the mentioned EVP_ASYM_CIPHER_fetch function with
> properties required b
> X509 cert = SSL_CTX_get0_certificate(ctx);
> EVP_PKEY pkey = X509_get_pubkey(cert);
>
*cert and *pkey ...
On Tue, Nov 2, 2021 at 3:42 PM Jason Schultz wrote:
> I thought I should start a new thread since this question was buried in my
> "FIPS" thread and I dont' think it has anything to do with FIPS and OpenSSL
> providers. I'm hitting another problem that I think is related to the
> migration to Ope
Hi,
Replying to self..
On Mon, Sep 13, 2021 at 10:08 PM Selva Nair wrote:
> Hi,
>
> When an EVP_PKEY is created with some custom data, provider's
> keymgmt_load() gets called. I want to keep a reference count on the keydata
> returned from it. But there is no call to keymgm
Hi,
When an EVP_PKEY is created with some custom data, provider's
keymgmt_load() gets called. I want to keep a reference count on the keydata
returned from it. But there is no call to keymgmt_free() or anything
similar when the EVP_PKEY is freed. How does one keep track of references
to keydata? I
Hi
>
>>
>> This is great, but limiting RSA signature to RSA-PKCS#1 v 1.5 is a major
>> limitation. It doesn't have to be that way as the OpenSSL engine interface
>> does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc.
>>
>
> Yes I agree the lack of support for RSA-PSS is signif
Hi,
On Thu, Jul 1, 2021 at 1:49 PM Reinier Torenbeek <
reinier.torenb...@gmail.com> wrote:
> Hi,
>
> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you
> may want to check out this new OpenSSL CNG Engine project on GitHub:
> https://github.com/rticommunity/openssl-cng-engine
On Tue, Jun 1, 2021 at 11:15 AM Selva Nair wrote:
>
> Hi Piotr,
>
> On Tue, Jun 1, 2021 at 10:57 AM Piotr Lobacz
> wrote:
>>
>> Hi,
>> i have managed to find the engine method static EVP_PKEY
>> *load_privkey(ENGINE *engine, const char *s_key_id, UI_MET
Hi Piotr,
On Tue, Jun 1, 2021 at 10:57 AM Piotr Lobacz
wrote:
> Hi,
> i have managed to find the engine method static EVP_PKEY
> *load_privkey(ENGINE *engine, const char *s_key_id, UI_METHOD *ui_method,
> void *callback_data) in libp11 package. I have also made a printf callback
> and i see the
Hi,
On Fri, May 28, 2021 at 1:44 PM Piotr Lobacz wrote:
>
> Ok, i have found out that dotnet OpenSsl library has it's own code for
> verification is key private. For this it needs the whole data of private key
> from which this method:
>
> static int HasNoPrivateKey(RSA* rsa)
>
> which is in .
Hi,
On Wed, May 26, 2021 at 4:45 PM Piotr Lobacz
wrote:
> Btw i have verified that in openssl command line tool if i switch order
> from the one that worked for me:
>
> OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/engines-1.1/libpkcs11.so
> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
> MODULE
Hi,
On Wed, May 26, 2021 at 9:25 AM Piotr Lobacz wrote:
>
> Hi all,
> I am trying to write a function which will load dynamic engine for pkcs11.
> What i intendt to do is not to use engine id pkcs11 but dynamic. The problem
> is that i get an error for ENGINE_ctrl_cmd_string with MODULE_PATH pa
Hi,
On Wed, Apr 10, 2019 at 10:11 AM Francois Gelis
wrote:
> Hi all,
>
> I have a working openvpn setup with client certificate and private key
> stored on my laptop. Then, I have loaded them into a smartcard (Yubico 5
> NFC), and modified accordingly the openvpn client config. But running the
>
On Tue, Oct 23, 2018 at 10:38 AM Richard Oehlinger via openssl-users
wrote:
>
> Hi!
>
> I'm trying to get a handle on the CAPI engine, because I need to have a
> secure Keystore on Windows. Furthermore I need it to work with Qt's
> QSslKey, which fortunately can be constructed by EVP_PKEY *.
>
> S
On Mon, Oct 22, 2018 at 1:51 PM Skip Carter wrote:
>
> Yes the macro is there, its just not being expanded by the pre-
> compiler.
All these tests say the same thing that you are picking up a wrong (old) header.
So do:
gcc -E your-program.c | grep opensslconf.h
Then check whether the one it pi
Hi,
On Mon, Oct 15, 2018 at 4:19 PM Dmitry Belyavsky wrote:
> Well, you can use opaque pointer and own structure containing a flag and
> switch between native and custom implementations depending on it.
>
> I've tried it and it works
>
We do store some state information in the method app_data,
Hi,
How to override the evp_pkey_sign method in EVP_PKEY_METHOD structure for a
specific key? This is to allow signing with PSS padding using Windows CNG
API. Using rsa_priv_enc() we can only get pre-padded data when PSS is in
use, but CNG does not seem to handle padding = none.
Also see issue
17 matches
Mail list logo