Re: Own HW Supported RSA provider

2024-07-20 Thread Selva Nair
On Fri, Jul 19, 2024 at 4:55 PM tomasz bartczak wrote: > If I use the crypto library I can provide desired properties like in > EVP_ASYM_CIPHER_fetch function. However when I use the ssl library, how to > make sure it calls the mentioned EVP_ASYM_CIPHER_fetch function with > properties required b

Re: X509_get_pubkey() in OpenSSL 3.0?

2021-11-02 Thread Selva Nair
> X509 cert = SSL_CTX_get0_certificate(ctx); > EVP_PKEY pkey = X509_get_pubkey(cert); > *cert and *pkey ...

Re: X509_get_pubkey() in OpenSSL 3.0?

2021-11-02 Thread Selva Nair
On Tue, Nov 2, 2021 at 3:42 PM Jason Schultz wrote: > I thought I should start a new thread since this question was buried in my > "FIPS" thread and I dont' think it has anything to do with FIPS and OpenSSL > providers. I'm hitting another problem that I think is related to the > migration to Ope

Re: On reference counting keydata returned from keymgmt_load()

2021-09-13 Thread Selva Nair
Hi, Replying to self.. On Mon, Sep 13, 2021 at 10:08 PM Selva Nair wrote: > Hi, > > When an EVP_PKEY is created with some custom data, provider's > keymgmt_load() gets called. I want to keep a reference count on the keydata > returned from it. But there is no call to keymgm

On reference counting keydata returned from keymgmt_load()

2021-09-13 Thread Selva Nair
Hi, When an EVP_PKEY is created with some custom data, provider's keymgmt_load() gets called. I want to keep a reference count on the keydata returned from it. But there is no call to keymgmt_free() or anything similar when the EVP_PKEY is freed. How does one keep track of references to keydata? I

Re: CNG engine on GitHub

2021-07-02 Thread Selva Nair
Hi > >> >> This is great, but limiting RSA signature to RSA-PKCS#1 v 1.5 is a major >> limitation. It doesn't have to be that way as the OpenSSL engine interface >> does allow using EVP_PKEY_METHOD callbacks instead of rsa_priv_dec etc. >> > > Yes I agree the lack of support for RSA-PSS is signif

Re: CNG engine on GitHub

2021-07-02 Thread Selva Nair
Hi, On Thu, Jul 1, 2021 at 1:49 PM Reinier Torenbeek < reinier.torenb...@gmail.com> wrote: > Hi, > > For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you > may want to check out this new OpenSSL CNG Engine project on GitHub: > https://github.com/rticommunity/openssl-cng-engine

Re: CSR creation using pkcs11 dynamic engine

2021-06-01 Thread Selva Nair
On Tue, Jun 1, 2021 at 11:15 AM Selva Nair wrote: > > Hi Piotr, > > On Tue, Jun 1, 2021 at 10:57 AM Piotr Lobacz > wrote: >> >> Hi, >> i have managed to find the engine method static EVP_PKEY >> *load_privkey(ENGINE *engine, const char *s_key_id, UI_MET

Re: CSR creation using pkcs11 dynamic engine

2021-06-01 Thread Selva Nair
Hi Piotr, On Tue, Jun 1, 2021 at 10:57 AM Piotr Lobacz wrote: > Hi, > i have managed to find the engine method static EVP_PKEY > *load_privkey(ENGINE *engine, const char *s_key_id, UI_METHOD *ui_method, > void *callback_data) in libp11 package. I have also made a printf callback > and i see the

Re: CSR creation using pkcs11 dynamic engine

2021-05-28 Thread Selva Nair
Hi, On Fri, May 28, 2021 at 1:44 PM Piotr Lobacz wrote: > > Ok, i have found out that dotnet OpenSsl library has it's own code for > verification is key private. For this it needs the whole data of private key > from which this method: > > static int HasNoPrivateKey(RSA* rsa) > > which is in .

Re: dynamic engine load

2021-05-26 Thread Selva Nair
Hi, On Wed, May 26, 2021 at 4:45 PM Piotr Lobacz wrote: > Btw i have verified that in openssl command line tool if i switch order > from the one that worked for me: > > OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/engines-1.1/libpkcs11.so > -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre > MODULE

Re: dynamic engine load

2021-05-26 Thread Selva Nair
Hi, On Wed, May 26, 2021 at 9:25 AM Piotr Lobacz wrote: > > Hi all, > I am trying to write a function which will load dynamic engine for pkcs11. > What i intendt to do is not to use engine id pkcs11 but dynamic. The problem > is that i get an error for ENGINE_ctrl_cmd_string with MODULE_PATH pa

Re: Issue with smartcard authentication for openvpn

2019-04-10 Thread Selva Nair
Hi, On Wed, Apr 10, 2019 at 10:11 AM Francois Gelis wrote: > Hi all, > > I have a working openvpn setup with client certificate and private key > stored on my laptop. Then, I have loaded them into a smartcard (Yubico 5 > NFC), and modified accordingly the openvpn client config. But running the >

Re: [openssl-users] CAPI-Engine doc

2018-10-23 Thread Selva Nair
On Tue, Oct 23, 2018 at 10:38 AM Richard Oehlinger via openssl-users wrote: > > Hi! > > I'm trying to get a handle on the CAPI engine, because I need to have a > secure Keystore on Windows. Furthermore I need it to work with Qt's > QSslKey, which fortunately can be constructed by EVP_PKEY *. > > S

Re: [openssl-users] What to do with deprecation errors

2018-10-22 Thread Selva Nair
On Mon, Oct 22, 2018 at 1:51 PM Skip Carter wrote: > > Yes the macro is there, its just not being expanded by the pre- > compiler. All these tests say the same thing that you are picking up a wrong (old) header. So do: gcc -E your-program.c | grep opensslconf.h Then check whether the one it pi

Re: [openssl-users] overriding EVP_PKEY method callbacks for a specific key only

2018-10-15 Thread Selva Nair
Hi, On Mon, Oct 15, 2018 at 4:19 PM Dmitry Belyavsky wrote: > Well, you can use opaque pointer and own structure containing a flag and > switch between native and custom implementations depending on it. > > I've tried it and it works > We do store some state information in the method app_data,

[openssl-users] overriding EVP_PKEY method callbacks for a specific key only

2018-10-15 Thread Selva Nair
Hi, How to override the evp_pkey_sign method in EVP_PKEY_METHOD structure for a specific key? This is to allow signing with PSS padding using Windows CNG API. Using rsa_priv_enc() we can only get pre-padded data when PSS is in use, but CNG does not seem to handle padding = none. Also see issue