Hello!
I have a C++ programme, ECDSA key pair and some string to sign. The
programme generates signature and saves it into a file (signature.bin).
Then I check the validity of the signature via the following command:
openssl dgst -verify ec_public.pem -signature signature.bin ToSign.txt
the prob
Thank you for the hint, but it looks like the problem is somewhere else
I rewrote the piece of code in such a way:
char *Result = new char [SignatureLength];
EVP_DigestSignFinal(Ctx, reinterpret_cast(Result),
&SignatureLength);
TFile SignatureBin = {"/home/gc/signature.bin", ...};
Looks like there is some problem in higher-level EVP_ functions.
I completely rewrote the example using lower-level ECDSA_do_sign and it
started to work always.
Here is the code:
EVP_MD_CTX *Ctx = EVP_MD_CTX_create();
EVP_DigestInit(Ctx, EVP_sha256());
EVP_DigestUpdate(Ctx, dt.data(), dt
Hello!
I have x509 asn1_decode - ed ECC certificate, and trying to parse public key:
EC_KEY *key = NULL;
key = o2i_ECPublicKey(NULL, &pk.value, pk.len);
return error. :(
but if I use similar fuction for RSA public key:
RSA *rsa = NULL;
rsa = d2i_RSAPublicKey(NULL,&pk.value, pk.len);
return
-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
I have no idea what could be wrong. Any pointers?
Thanks in advance.
--
Dmitry Ivanov
KDE PIM developer (pim.kde.org)
partimage-ng dev
shot, current cvs HEAD or just apply this patch:
>
> http://cvs.openssl.org/chngview?cn=19261
>
> That should log the line causing the problem.
Thanks a lot! The patch showed the problem was in the config. I had
HOME right after [gost_section].
--
Dmitry Ivanov
KDE PIM developer (pim.
6D:configuration file routines:MODULE_RUN:module
> initialization error:conf_mod.c:235:module=engines, value=engine_section,
> retcode=-1
The error message looks similar to what I was getting with a engine
description in openssl.conf. Try this patch
http://cvs.openssl.org/chngview?cn=19261 t
m", but SOME HOW, SOME WAY, I'm still getting output when I
> run openssl rand -hex 8.
>
> How on earth to get OpenSSL to simply give up? I simply cannot have it
> use anything other than my TPM2 chip.
>
> Frederick
>
>
>
--
SY, Dmitry Belyavsky
On Wed, Oct 30, 2019 at 6:00 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
> > Did you try to create your own RAND_METHOD and set it as default on
> > loading the engine?
>
>
> No, I didn't try that.
>
> Note that I'm only using the OpenSS
On Wed, Oct 30, 2019 at 6:08 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
>
> >> It can be done via the engine code and config.
>
>
> Do you mean
>
> /etc/ssl/openssl.cnf
>
> ?
>
Yes, or any custom.
But the engine must provide the RAND_METH
On Wed, Oct 30, 2019 at 6:20 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote
>
> >> /etc/ssl/openssl.cnf
> >
> > Yes, or any custom.
> > But the engine must provide the RAND_METHOD and set it as default.
> >
> >
>
>
>
> But if my
On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote:
>
> >> You still have the OpenSSL built-in RNG.
>
>
>
> Is there a simple compiler flag to remove this?
>
> Or do I need to go into the source code and stick a "return -1;&quo
On Wed, Oct 30, 2019 at 6:58 PM Frederick Gotham
wrote:
> Dmitry Belyavsky wrote
> in
> news:cadqlbz+jctu_yqiw9w-fyo0o56mqua2nri6helr6pggxqdh...@mail.gmail.com:
>
> > On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham
> > wrote:
> >
> >> Dmitry Belyavsky
quot;
> calling "OPENSSL_init_crypto" because of the recursion.
>
>
--
SY, Dmitry Belyavsky
reset the EVP_CIPHER_CTX object and
theEVP_CIPHER_CTX_FLAG_WRAP_ALLOW stays untouched, so the behavior seems a
bit controversial (and undocumented, at least for the 1.1.1 branch).
Is this difference a desired one or an accidental one? Should it be
documented or fixed?
--
SY, Dmitry Belyavsky
orkthoughts on what could be blocked me from
> transferring the file? log attached.
>
> thank you!
> Krista
>
--
SY, Dmitry Belyavsky
uppose that you can't mix EVP_PKEY_METHOD and RSA_METHOD, but
you should wrap the RSA_METHOD callbacks in the EVP_PKEY callbacks.
I suggest you look at the https://github.com/gost-engine/engine as an
example of providing the EVP operations via the engine.
I also have an example of providing custom RSA_METHOD somewhere but it was
designed to work with 1.0 and may be incompatible with the 1.1.* because of
using the internal structures.
--
SY, Dmitry Belyavsky
Hello,
Does openssl have any function allowing OID parent-child comparison (is
"1.2.3.4.5" a descendant of "1.2.3") or such comparison should be
implemented as comparing OBJ_obj2txt?
Thanks!
--
SY, Dmitry Belyavsky
Hello,
How can I limit SignatureScheme (
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme)
announced by client when using TLS 1.3?
I'm interested in a solution either for 1.1.1 (preferred) or 3.
Many thanks!
--
SY, Dmitry Belyavsky
Hello,
-sigalgs does the trick.
On Thu, Jan 30, 2020 at 3:28 PM Dmitry Belyavsky wrote:
> Hello,
>
> How can I limit SignatureScheme (
> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme)
> announced by client when using TLS 1.3?
>
>
I'm missing something.
>
> If *EVP_PKEY_assign()*worked I will call *EVP_DigestSignInit(ctx, NULL,
> sha1(), engine, pkey)*.
>
> Thanks in advance.
>
--
SY, Dmitry Belyavsky
ertificate – for example,
> due to a signing authority mismatch, or due to the encryption cipher type
> mismatch, or maybe due to some other factors.
>
>
>
> Could you please help us in better understanding this issue – what else
> could be wrong or missing in the Server and Client certificates ?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Thanks,
>
> Vladimir Bashin
>
>
>
--
SY, Dmitry Belyavsky
7, 2020 at 11:18 PM Bashin, Vladimir
wrote:
> Thanks Dmitry!
>
> Do I need the server certificate in order to run those commands?
>
> Also , could you please point me to the exact commands that I’d need to
> execute in order to reproduce the tls handshake ?
>
>
>
> Regards
REAM, but I can't
> understand how I can add data as I described above or another way? I get
> data in unsigned char* every time. Any help would be appreciated. Thanks.
>
--
SY, Dmitry Belyavsky
ror /tmp/1.1/conf/ssl.crt/ca.crt: verification failed*
>>
>> # echo $?
>>
>> 2
>>
>>
>> why I'm getting this error? is this an expected behavior in OpenSSL 1.1.1?
>>
>> Please answer my question.
>>
>>
>>
>>
>> --
>> *With Best Regards*
>> *Shivakumar S*
>>
>
>
> --
> *With Best Regards*
> *Shivakumar S*
>
--
SY, Dmitry Belyavsky
> This seems like it would be a very common use case, yet I can't seem to
> find any examples or documentation anywhere.
>
> Am I doing something wrong or making some really off-base assumptions?
>
> Thanks for any help, pointers, or guidance,
> Andrew F
>
--
SY, Dmitry Belyavsky
is one.
>
> I have also tried to debug in ENGINE_load_private_key in eng_pkey.c file.
> I dont see this function getting invoked. In this function, the private key
> callback set above gets invoked.
>
> Please suggest if I am missing something here.
>
> Thanks
> Mahendra
>
--
SY, Dmitry Belyavsky
Dear Mahendra,
On Mon, Apr 20, 2020 at 7:27 PM Mahendra SP wrote:
> Hi Dmitry Belyavsky,
>
> Thank you for the inputs. If I understand correctly, the
> reference indicates loading the private key to engine instance.
>
> My requirement is to call the ENGINE_set_load_privke
Dear Mahendra,
On Mon, Apr 20, 2020 at 7:57 PM Mahendra SP wrote:
> Hi Dmitry Belyavsky,
>
> Thank you..To give more info, I am looking at something similar the engine
> in e_4758cca.c in engines folder where ENGINE_set_load_privkey_function
> is called.
> My understan
t;
> When OpenSSL is compiled without ktls, the client will print test
> infinitely, but when enable ktls, some data are corrupted and sometimes
> result in unexpected eof while reading.
>
> Even when you remove SSL_write(ssl, reply, strlen(reply)); in server and
> RecvPacket(); in cl
OS supported utilities like nslookup, gethostip etc?
> 2. Do we need a recursive dns server IP address to define in resolv.conf?
> 3. Can I know the APIs and files where I can start looking (for the dns
> resolution).
>
> Thank you for your time.
>
> Regards
> Simon
>
--
SY, Dmitry Belyavsky
for the functions dealing
with public keys.
For 3.0, the providers should do the same trick, I think.
--
SY, Dmitry Belyavsky
Dear Francesco,
I think this link is relevant:
https://github.com/OpenSC/libp11/blob/master/src/eng_front.c
On Sat, Oct 24, 2020 at 1:45 PM Francesco Pretto wrote:
> Hi Dmitry,
>
> thank you for the prompt answer. Are you able to provide me with a
> link to an example of creating
t; ";"
>>
>> ENGINES=engines/afalg.so engines/capi.so engines/dasync.so
>> engines/ossltest.so engines/padlock.so
>>
>> @
>>
>>
>> +
>>
>>
>> if i do any openssl operations it gives error ( core dumped )
>>
>>
>> *./openssl ciphers -V*
>>
>> * Segmentation fault (core dumped)*
>>
>>
>> *Can someone help me in resolving this issue ?*
>>
>>
>> If i don't use option* "**-enable-weak-ssl-ciphers " *then the above
>> issue is not seen but SSLv3 and weak ciphers do not get enable.
>>
>>
>> Thanks
>>
>> Satyam
>>
>
--
SY, Dmitry Belyavsky
Dear Satyam,
First of all, I'll suggest checking whether the libcrypto/libssl are those
you've built. It can be done, e.g., via running strace.
I also suggest building openssl with -ggdb (./config -ggdb should do the
trick).
On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra
wrote:
&
Are the /usr/local/lib64/libssl.so.1.1 and
/usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
If yes, you should try running via gdb to get a backtrace.
On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra wrote:
> Dear Dmitry,
>
> As suggested i have build the ope
It has nothing to do with the ciphers command...
On Mon, Oct 26, 2020 at 5:18 PM Satyam Mehrotra wrote:
> Dear Dmitry,
>
> >>Are the /usr/local/lib64/libssl.so.1.1 and
> /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
> Yes, they are same
>
6 PM Satyam Mehrotra wrote:
> Segmentation fault is not seen if i don't compile* ./config with*
> *-enable-weak-ssl-ciphers.*
>
> Is it something I am missing or some more options needs to be provided to
> ./config ?
>
> Thanks
> Satyam
>
> On Mon, 26 Oct 2020 at 20
Satyam Mehrotra wrote:
> Dear Dmitry,
>
> The below is the process i have followed
> - Downloaded the openssl-1.1.1h from the official OpenSSL site
> - ./config -ggdb -enable-weak-ssl-ciphers
>- make
>- make install
>- Execute openSSL
x27;t crash
>
> ./config -ggdb enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method
> no-shared
>
>
> What is the significance of no-shared ? why we have to use this option
>
>
> Thanks
>
> Satyam
>
> On Mon, 26 Oct 2020 at 22:59, Dmitry Belyavsky wrote:
>
>
all my
> approaches.
>
> Can someone give me brief hint on where to start and which API to look at
> first?
>
> Thanks a lot!
> Timo
>
>
--
SY, Dmitry Belyavsky
Would you mind to raise the issue on GitHub with the reproduction?
On Fri, 19 Feb 2021, 21:44 Alon Bar-Lev, wrote:
> Hi,
>
> I am trying to analyze openssl sources, and it looks like the resign
> is implemented in an naive path that does not handle all cases.
>
> In other words, the CMS resign i
server (nginx load
> balancer) and client with latest openssl certificate.
>
> Any idea to resolve this?
>
--
SY, Dmitry Belyavsky
response to a ClientHello.
It can be invisible for end-users because of downgrade dance, but I wonder
if we have any real-life cases.
The relevant GH issue is https://github.com/openssl/openssl/issues/16075
Many thanks!
--
SY, Dmitry Belyavsky
MZALKZeRFZ42991dGWJpnfC30xieXCMoD7zx5hhc5Uf5EbFtxeWaT2HTfs0
> h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyoSqhsmZ+9hvkUWylDYiXfm24T
> UwIDAQAB
> -END PUBLIC KEY-
>
>
> Thank you,
>
> Nestor Melo
>
>
>
--
SY, Dmitry Belyavsky
>>
>> static int bind_dasync(ENGINE *e){
>>
>> /* Setup RSA_METHOD */
>>
>> if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0))
>> == NULL
>>
>> || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
>>
>> || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
>>
>> || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc)
>> == 0
>>
>> || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec)
>> == 0
>>
>> ) {
>>
>>
>> return 0;
>>
>> }
>>
>>
>> /* Ensure the dasync error handling is set up */
>>
>>
>>
>> if (!ENGINE_set_id(e, engine_dasync_id)
>>
>> || !ENGINE_set_name(e, engine_dasync_name)
>>
>> || !ENGINE_set_RSA(e, dasync_rsa_method)
>>
>> ) {
>>
>> return 0;
>>
>> }
>>
>> return 1;
>>
>> }
>>
>>
>> static int bind_helper(ENGINE *e, const char *id){
>>
>> if (!bind_dasync(e)){
>>
>> printf("2_Error: Inside Bind helper\n");
>>
>> return 0;
>>
>> }
>>
>> return 1;
>>
>> }
>>
>>
>> IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
>>
>> IMPLEMENT_DYNAMIC_CHECK_FN()
>>
>>
>> =
>>
>>
>>
>>
>>
>> Thanks,
>>
>> Shariful
>>
>>
--
SY, Dmitry Belyavsky
e-new
==
to the end of your openssl.cnf
On Thu, Aug 26, 2021 at 6:20 PM Shariful Alam wrote:
> Dmitry,
> Thank you for your response.
>
> As you have suggested, I have changed my engine name to maintain with the
> configuration file
>
> /* Engine Id and Name */
> sta
Dear Shariful,
You can build your engine when it's feasible.
You can install it to the engine folder and get rid of dynamic_path, but
it's not necessary.
I prefer explicitly loading the engine via the config file.
On Thu, Aug 26, 2021 at 7:56 PM Shariful Alam wrote:
> Dear Dm
69393408:error:0D078079:asn1 encoding routines:asn1_item_embed_d2i:field
> missing:crypto/asn1/tasn_dec.c:425:Field=p, Type=RSAPrivateKey
>
> The above error is because field p is NULL, but with same p is NULL
> encoding is successful. Any idea why encode is Success but decode fails?
>
&
read mv
> librsa_engine.so rsa-engine-new.so sudo cp rsa-engine-new.so
> /opt/openssl/lib/engines-1.1/clean: rm -f *.o *.d *.so rsa-engine*
> ===
>
> My code compiles. When I try to do encryption using the following command,
> =
> *openssl rsautl -encrypt -inkey public.pem -pubin -in msg.txt -out msg.enc
> -engine rsa-engine-new*
> =
>
> I get a segmentation fault,
>
>
>
> *engine "rsa-engine-new" set.RSA Engine is encrypting using public
> keySegmentation fault (core dumped)*
>
>
> Do I need to Compile this sample engine with the OpenSSL in order for it
> to work?
>
> Regards,
> Shariful Alam
>
>
>
--
SY, Dmitry Belyavsky
>56.
>57. static int bind_helper(ENGINE *e, const char *id){
>58. if (!bind_dasync(e)){
>59. printf("2_Error: Inside Bind helper\n");
>60. return 0;
>61. }
>62. return 1;
>63. }
>64.
>65. IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
>66. IMPLEMENT_DYNAMIC_CHECK_FN()
>
>
> ==
>
> Regards,
> Shariful Alam
>
>
--
SY, Dmitry Belyavsky
Dear Shariful,
Yes. You have to provide all the RSA_METHO functions your app is going to
use.
On Tue, Sep 28, 2021 at 5:46 PM Shariful Alam wrote:
> Dear Dmitry,
> Thank you for your response.
>
> Here is the stack trace
>
>
> I was trying using gdb to debug the
Dear Shariful,
Could you please try the patch from
https://github.com/openssl/openssl/pull/16734?
On Wed, Sep 29, 2021 at 6:59 PM Dmitry Belyavsky wrote:
> Dear Shariful,
>
> Yes. You have to provide all the RSA_METHO functions your app is going to
> use.
>
> On Tue, Sep 2
ECX_KEY isn't public nor does it have any METHOD or ex data.
>
> My question is how to support ed25519/ed448 keys?
>
> /Bengt
>
--
SY, Dmitry Belyavsky
Isn't it a fix for this issue?
https://github.com/php/php-src/issues/8369
On Thu, 19 May 2022, 21:17 Frederic Leclercq, wrote:
> Hi all,
>
> Apologies for just popping in here, but since I installed ubuntu 22.04 LTS
> I often come across the error
> "file_get_contents(): SSL operation failed wi
ave a rsa and a ecc certificate in my keystore already.
>
> I don’t know with which certificate (rsa or ecc) a client comes during
> handshake of a tls connection.
>
> How can this technically work?
>
>
>
--
SY, Dmitry Belyavsky
tory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.005'
> make: *** [tests] Error 2
>
>
>
>
> --
> Dennis Clarke
> RISC-V/SPARC/PPC/ARM/CISC
> UNIX and Linux spoken
> GreyBeard and suspenders optional
>
--
SY, Dmitry Belyavsky
argetting the new OpenSSL 3 APIs.
>
> Are any of you aware of any such existing work/project? Or if someone
> is interested in helping in any way (coding, testing, documenting,
> etc.) feel free to contact me.
>
> Thanks,
> Timo
>
--
SY, Dmitry Belyavsky
was thinking was to provide an ENGINE implementation,
> but that seemed a bit more complicated (probably mostly because I have
> never had to implement the interface...).
>
> Thank you for your help and have a wonderful day!
> Cheers,
> Max
>
> --
> Best Regards,
> Massimiliano Pala, Ph.D.
> OpenCA Labs Director
> [image: OpenCA Logo]
>
--
SY, Dmitry Belyavsky
Hi,
I’d like to give you a heads-up about the release distribution changes
we’re making at OpenSSL. The main source of OpenSSL releases will be
OpenSSL GitHub at https://github.com/openssl/openssl. OpenSSL Source at
https://openssl.org/source/ will remain only for backward compatibility and
will re
Hi!
Sorry, when I try to click the links, I am offered to download something.
Is it intentional?
On Tue, 21 May 2024, 19:48 Kajal Sapkota, wrote:
> *Hi All,*
>
>
>
>
>
>
>
>
> * We are pleased to announce our upcoming webinar, Getting Started with
> QUIC and OpenSSL. In this brief yet comprehen
We are announcing a change in how communication and collaboration will take
place within
the OpenSSL community. Effective August 1st, 2024, the OpenSSL mailing
lists will migrate
to Google Groups. This transition is designed to streamline communication
channels and
simplify our infrastructure.
##
d add some encryption algorithm?
>
> Thanks in advance.
>
>
--
SY, Dmitry Belyavsky
ine. I followed the instructions as
> mentioned in readme file. But I can't see the ciphers in the list. What
> else should I do?
>
>
> On Saturday, February 8, 2014 5:06 PM, Dmitry Belyavsky <
> beld...@gmail.com> wrote:
>
> Hello!
>
> You can take the ccgo
stablish a secure
> connection between s_server and s_client involving gost engine in order to
> get more familiar with gost as a written engine. What should I do?
>
>
> On Sunday, February 9, 2014 10:38 AM, Dmitry Belyavsky <
> beld...@gmail.com> wrote:
>
> Hello!
&g
;
> IM: rs...@jabber.me Twitter: RichSalz
>
>
>
--
SY, Dmitry Belyavsky
gt; We're going to be spending almost all of the three days in internal WG
> meetings. We have a big agenda. There will definitely be updates coming
> out of those meetings.
>
> --
> Principal Security Engineer, Akamai Technologies
> IM: rs...@jabber.me Twitter: RichSalz
>
>
--
SY, Dmitry Belyavsky
have. We're not even officially on the agenda yet, because we haven't
> figured out when to meet.
>
> We'll try, tho.
>
> --
> Principal Security Engineer, Akamai Technologies
> IM: rs...@jabber.me Twitter: RichSalz
>
--
SY, Dmitry Belyavsky
t; Principal Security Engineer, Akamai Technologies
> IM: rs...@jabber.me Twitter: RichSalz
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
--
SY, Dmitry Belyavsky
your own asynchronous timer code and
datagram socket code.
Regards,
Dmitry Sobinov
On Wed, Dec 3, 2014 at 11:14 AM, John Lane Schultz <
jschu...@spreadconcepts.com> wrote:
> I’m using OpenSSL’s DTLS implementation to protect communication over a
> soft real time, nearly reliable, ou
nd then the SSL_CTX.. commands
> clear them out?
>
>
> I've looked around a lot so any help would be greatly appreciated!
>
>
> Thanks,
>
>BW
>
> ___
> openssl-use
nd_method()
> what causes default_RAND_meth to change.
>
> Thanks,
>BW
>
> On Tue, Dec 9, 2014 at 1:52 PM, Dmitry Belyavsky
> wrote:
>
>> Hello!
>>
>> Do you set your RNG as default when the engine is loaded?
>>
>> On Tue, Dec 9, 2014 at 10:44 PM
Hello,
is there any simple way to check that the private key matches the
certificate using command line utility? Now I use pair of smime -sign/smime
-verify commands.
If there is no such a way, please consider this letter as a feature request
:-)
Thank you!
--
SY, Dmitry Belyavsky
m the
rsa_pkcs1_eay_meth, as other engines do. But the rsa_pkcs1_eay_meth does
not provide a rsa_sign callback.
What is the correct way to implement the rsa_sign callback?
Thank you!
--
SY, Dmitry Belyavsky
___
openssl-users mailing list
To unsubscribe:
Hello all,
Any suggestions?
On Thu, Apr 30, 2015 at 1:06 PM, Dmitry Belyavsky wrote:
> Hello all!
>
> I'm implementing a custom engine providing its own RSA method.
>
> I need to provide the rsa_sign callback, which is required to call my own
> code in case when ex
et_sign_setup/ECDSA_METHOD_set_sign for your
own callback?
--
SY, Dmitry Belyavsky
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
l?
>
I did not find a way shorter then provide own EVP_PKEY_METHOD. But it works
for me this way.
--
SY, Dmitry Belyavsky
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello Reinier,
No, I do not. And may be for your purposes you can use this or that
ECDSA_METHOD setting it into the EC_KEY struct.
On Fri, Jun 26, 2015 at 9:09 PM, Reinier Torenbeek <
reinier.torenb...@gmail.com> wrote:
> Hi Dmitry,
>
> Thanks for the response. I suppose I have
f = 4, funct_ref = 3, and it seems strange
to me.
It also seems to me that it should be a call to ENGINE_free at the end of
openssl app call to free the resources (e.g. engine error strings), but
there is no one.
Could you explain my mistakes?
Thank you!
--
SY, Dmitry Bely
Dear Rich,
> Just to emphasize one important point: Our next release is planned to be
> Beta-1, in about a month. After that, no new API's or features will be
> added to OpenSSL 1.1
>
>
If so, could you take a look at RT#4267?
Thank you!
--
SY, Dmitry Belyavsky
--
o
ger then the
input.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Dear Matt,
On Mon, Apr 18, 2016 at 6:00 PM, Matt Caswell wrote:
>
>
> On 18/04/16 15:55, Dmitry Belyavsky wrote:
> > Hello,
> >
> > Could anybody explain how to deal with the output length in the
> > EVP_EncryptUpdate?
> >
> > The function EVP_Encry
Hello Verify
Request after receiving Client Hello on the existing association.
However, OpenSSL just returns WANT_READ after passing Client Hello to
SSL_read without actually sending back anything.
What is the proper way to fix this behaviour?
Thanks,
Dmitry Sobinov
--
openssl-users mailing list
To
mIEJlbGdp
> dW0xITAfBgNVBAsT
>
> GERhdGEgU2VjdXJpdHkgTWFuYWdlbWVudDEcMBoGA1UEAxMTTkJCIFNlY3Vy
> ZSBFbWFpbCBDQTEc
>
> MBoGCSqGSIb3DQEJARYNZHNtb3BzQG5iYi5iZQICAKgwCQYFKw4DAhoFAKCB
> sTAYBgkqhkiG9w0B
>
> CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA3MDEwODI2MTVa
> MCMGCSqGSIb3DQEJ
>
> BDEWBBRs4Ik9waWLNU/4OZ9TfT4yZZ0EljBSBgkqhkiG9w0BC
> Q8xRTBDMAoGCCqGSIb3DQMHMA4G
>
> CCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDAH
> BgUrDgMCBzANBgkq
>
> hkiG9w0BAQEFAASCAQCSP5/h1v6feRr+ekK19tlI4zvm1Wy7hUtN+
> XmbWLJHOxSU4wJUBRj6ptph
>
> Mb7AOm1JYy8+wWRQhgOcIegD74eXZoYfws+O3ADZ//feXYJAF/
> jqAyhs0r9CoGw2eUUeZR4KYILy
>
> ZG5I3lcFJLDPHcElSe3NgRBOmfuFWD/mSLE2B2S+PqbnbugYPSN7mCSOqMZODPBlop9wcz
> BUD1BI
>
> K+kM1fP28541RfCFS6tGUXamWnKOdbxoHbPmnQDT1zzcbRIUvnLCV6MZ4KFNAX
> f5YxwggV3jjPiQ
>
> vyzr8EdFzmaWpoOFEtCLmQw4hpSEPJO8yGxQ5/29MWg6Ypy62bjMfs54
>
> --=_Part_1_6142443.1467361575963--
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Sorry, my fault.
I think you should use the openssl smime command, but it doesn't work with
PKCS12, so you will have to extract the private and public keys using the
openssl pkcs12 command.
28 окт. 2016 г. 2:34 PM пользователь "Lander Bulckaen"
написал:
> Dear Dmitry,
>
gt;
> The latter.
>
> We have seen some more reports of this recently, and are increasing the
> logging to determine the cause. Interestingly, it's all from gmail.com
> addresses.
>
I confirm the receiving the similar message.
--
SY, Dmitry Belyavsky
--
openssl-users mai
e IANA
> name 'TLS_GOSTR341001_WITH_28147_CNT_IMIT'
> -- OpenSSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
> match
> -- Failed to set restricted TLS cipher list: GOST2001-GOST89-GOST89
> -- Exiting due to fatal error
>
> Please help with this problem
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello,
What happens if I call the ERR_add_error_data twice? Will it add the
arguments or replace them?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello,
Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick
googling does not show good results.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Dear Matt,
On Wed, Sep 6, 2017 at 11:16 AM, Matt Caswell wrote:
>
>
> On 06/09/17 09:12, Dmitry Belyavsky wrote:
> > Hello,
> >
> > Is there a way to convert ASN1_TIME to time_t or smth compatible? Quick
> > googling does not show good results.
>
> In mas
TH = /usr/local/lib/yubihsm_pkcs11.dylib
>
>init = 0
>
>
>
>
>
> Thanks!
>
> --
>
> Regards,
>
> Uri Blumenthal
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
with it after that.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
tring
functions.
Is there any way to distinguish whether engine is configured via the config
file or via direct calls to ENGINE_ctrl* functions?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Dear Stephen,
On Tue, Oct 3, 2017 at 12:16 AM, Dr. Stephen Henson
wrote:
> On Mon, Oct 02, 2017, Dmitry Belyavsky wrote:
>
> > Hello,
> >
> > I have a question regarding engine configuration.
> >
> > We need to implement such behaviour:
> > - on load
unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
ssl
> github project to notice them? that's really suboptimal
>
Totally agree.
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
the proposed way ( ./config; make; make test; make install) does
not work?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Dear Richard,
On Thu, Feb 15, 2018 at 11:48 AM, Richard Levitte
wrote:
> In message gmail.com> on Thu, 15 Feb 2018 11:00:00 +0300, Dmitry Belyavsky <
> beld...@gmail.com> said:
>
> beldmit> Hello,
> beldmit>
> beldmit> I get problems building and installing
Dear Richard,
On Fri, Feb 16, 2018 at 12:26 PM, Richard Levitte
wrote:
> In message gmail.com> on Fri, 16 Feb 2018 10:59:04 +0300, Dmitry Belyavsky <
> beld...@gmail.com> said:
>
> beldmit> But doesn't it make sense to explicitly add invocation of
> ldconfig to
Hello,
Has anybody tried to build OpenSSL using ARM C compiler (armcc/armclang)
and got a success?
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
1 - 100 of 189 matches
Mail list logo
