In the commit "Rewrite ssl_asn1.c using new ASN.1 code." (cc5b6a0) the
wrong ifdef is used to gaurd usage of PSK code.
---
Kurt Cancemi
>From 32533cb9cf698745171ff7d74413156bfef7036f Mon Sep 17 00:00:00 2001
From: Kurt Cancemi
Date: Thu, 9 Apr 2015 09:54:38 -0400
Subject: [PATCH] The wrong ifdef
Hi,
OpenSSL segfaults when trying to create an encrypted CMS data envelope
using subject key identifier and EC. Have tested this in version
1.0.2a and latest 1.1.0 release as of today (2015-04-09) with the same
result.
Example:
$ openssl version
OpenSSL 1.0.2a 19 Mar 2015
$ openssl ecparam -name
Hi all,
I was looking at the behavior of PKCS7_verify(). It seems that, if the
flags are set to 0, then the function will assume that the "smime_sign"
purpose is to be used when verifying the certificate, however, if the
PKCS7_NOCHAIN is actually used, it seems that the purpose is not
checked
On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote:
> I am affraid EC certs do not work in CMS openSSL 1.0.2. I just wrote a
> simple test procedure:
>
> void cmsTest()
> {
> //this RSA works
> //auto certFileBio = BIO_new_file("c:\\a\\simplersa_noPem.cer", "rb");
> //auto prvKeyFileBio = BIO_
Hi, please ignore my previous email I debugged it a bit deeper and it
turned out
that in case of EC certificates the ecdh_cms_set_shared_info() function
could not find "id-aes128-wrap" algo and I solved this by uncommenting
following lines:
OpenSSL_add_all_algorithms(void);
OpenSSL_add_all_ciphers
I am affraid EC certs do not work in CMS openSSL 1.0.2. I just wrote a
simple test procedure:
void cmsTest()
{
//this RSA works
//auto certFileBio = BIO_new_file("c:\\a\\simplersa_noPem.cer", "rb");
//auto prvKeyFileBio = BIO_new_file("c:\\a\\simplersa_pkey.openssl",
"rb");
//this EC not
This is a corner case, but an interesting one.
An empty OBJECT IDENTIFIER has no meaning, since it can't identify
anything. Therefore, one shouldn't be able to allocate such a thing,
even less encode it.
The CSR is of course invalid, but the previous one was also invalid; OID
0.0 does not id
On Thu, Apr 09, 2015, Pawe?? Ka??mierczak wrote:
> Hi,
>
> currently openssl in CMS supports only RSA based certificates but EC based
> certificates are supported in openssl TLS... so I assume that there is
> already a code that can sing/verify and perform key agreement (ECKA-EG
> ECKA-DH) using
On Thu, Apr 09, 2015, Juan Antonio Osorio wrote:
> Hi,
>
> I've recently encountered that OpenSSL is sending some unexpected errors
> when reading X.509 certificate requests, if the key is not specified, or
> the CSR is not signed.
>
Well if a key is not specified ot the CSR isn't signed then i
Hi,
currently openssl in CMS supports only RSA based certificates but EC based
certificates are supported in openssl TLS... so I assume that there is
already a code that can sing/verify and perform key agreement (ECKA-EG
ECKA-DH) using eliptic curves.
Can someone please tell me if this will be a
Hi,
I've recently encountered that OpenSSL is sending some unexpected errors
when reading X.509 certificate requests, if the key is not specified, or
the CSR is not signed.
Now, this seems to happen because it now will specify a length=0 in the
ASN.1 structure since the OID is not set (since the
11 matches
Mail list logo