Hi,
On Tue, Nov 02, 2021 at 12:40:50AM -0400, Selva Nair wrote:
> OpenSSL folks have merged their "fix" in the provider interface that I was
> waiting for. It will be in the 3.0.1 patch release. In the meantime, I have
> opened a matching version of this patch set as a PR for OpenVPN for
> comment
Hi,
OpenSSL folks have merged their "fix" in the provider interface that I was
waiting for. It will be in the 3.0.1 patch release. In the meantime, I have
opened a matching version of this patch set as a PR for OpenVPN for
comments/tests/bug-reports/nitpicks. I skipped v2 and this version is
tagge
Hi
Here is an update on this patch set to keep all in the loop.
Arne discovered that my patch broke ECDH key exchange in some cases. This
turns out to be due to the way providers are handled in OpenSSL especially
when used in a TLS context. It leads to the requirement that an external
provider h
>
> We can treat management-external key as special and optionally
> provide the digest to sign. OpenSSL 3.0 with provider always seem to
> call DigestSign and never Sign directly so we have the info.
>
>
> Turns out to be easier than I thought. I have added a patch to
> optionally
Hi,
On Fri, Sep 24, 2021 at 01:14:34PM -0400, Selva Nair wrote:
> PS. I'm supposed to be holidaying, but basking in LCD glow instead of sun..
Sometimes "I finally have time for hacking!" makes great holidays :-)
(The initial IPv6 patch set was a christmas present, sort of - my wife
let me hack a
Hi Arne,
On Fri, Sep 24, 2021 at 8:48 AM Selva Nair wrote:
> Hi,
>
> On Fri, Sep 24, 2021 at 7:13 AM Arne Schwabe wrote:
>
>> Am 24.09.21 um 00:54 schrieb Selva Nair:
>> > Hi,
>> >
>> >
>> > from the management interface. But I haven't found the right
>> > Signature
>> >
Hi,
On Fri, Sep 24, 2021 at 7:13 AM Arne Schwabe wrote:
> Am 24.09.21 um 00:54 schrieb Selva Nair:
> > Hi,
> >
> >
> > from the management interface. But I haven't found the right
> > Signature
> > method from java yet to actually sign it correctly:
> >
> > sig =
Am 24.09.21 um 00:54 schrieb Selva Nair:
> Hi,
>
>
> from the management interface. But I haven't found the right
> Signature
> method from java yet to actually sign it correctly:
>
> sig = Signature.getInstance(SHA256withRSA/PSS);
>
>
> SHA256withRSA/PSS may b
Hi,
> from the management interface. But I haven't found the right Signature
>> method from java yet to actually sign it correctly:
>>
>> sig = Signature.getInstance(SHA256withRSA/PSS);
>>
>
SHA256withRSA/PSS may be trying to first do Sha256 digest of the data and
then pad and sign. Instead try t
On Thu, Sep 23, 2021 at 4:21 PM Arne Schwabe wrote:
> Am 22.09.21 um 23:12 schrieb selva.n...@gmail.com:
> > From: Selva Nair
> >
> > The following series of patches implement a built-in
> > provider for interfacing OpenSSL 3.0 when external
> > keys are in use.
> >
> > Essentially, to intercept
Am 22.09.21 um 23:12 schrieb selva.n...@gmail.com:
> From: Selva Nair
>
> The following series of patches implement a built-in
> provider for interfacing OpenSSL 3.0 when external
> keys are in use.
>
> Essentially, to intercept the sign operation, the SSL_CTX
> object has to be created with pr
Hi
On Thu, Sep 23, 2021 at 11:27 AM Arne Schwabe wrote:
> Am 23.09.21 um 16:02 schrieb Selva Nair:
> >
> > Hi Arne,
> >
> >
> > So I have two options here:
> >
> > a) I finish my own implementation of the provider for OpenVPN3 to
> not be
> > influenced by this implementation and rev
Am 23.09.21 um 16:02 schrieb Selva Nair:
>
> Hi Arne,
>
>
> So I have two options here:
>
> a) I finish my own implementation of the provider for OpenVPN3 to not be
> influenced by this implementation and review this implementation
> after that
>
> b) you agree that I can t
Hi Arne,
> So I have two options here:
>
> a) I finish my own implementation of the provider for OpenVPN3 to not be
> influenced by this implementation and review this implementation after that
>
> b) you agree that I can take parts of your code for the OpenVPN3
> implementation, then I go direct
> So I have two options here:
>
> a) I finish my own implementation of the provider for OpenVPN3 to not be
> influenced by this implementation and review this implementation after that
>
> b) you agree that I can take parts of your code for the OpenVPN3
> implementation, then I go directly into
Am 22.09.21 um 23:12 schrieb selva.n...@gmail.com:
> From: Selva Nair
>
> The following series of patches implement a built-in
> provider for interfacing OpenSSL 3.0 when external
> keys are in use.
>
> Essentially, to intercept the sign operation, the SSL_CTX
> object has to be created with pr
From: Selva Nair
The following series of patches implement a built-in
provider for interfacing OpenSSL 3.0 when external
keys are in use.
Essentially, to intercept the sign operation, the SSL_CTX
object has to be created with properties string set to
prioritize our provider. In the provider we
17 matches
Mail list logo
