In message <571fccee.8010...@roumenpetrov.info> on Tue, 26 Apr 2016 23:17:50
+0300, Roumen Petrov said:
openssl> Hello Richard,
openssl>
openssl> Richard Levitte wrote:
openssl> > In message <571f2941.4040...@openssl.org> on Tue, 26 Apr 2016
09:39:29
openssl> > +0100, Matt Caswell said:
opens
This is the way GCM works. Perhaps you need something else, like CBC mode.
Closing this ticket.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
See inline. Look for Praveen.
On Mon, Apr 25, 2016 at 7:20 PM, Brian Smith wrote:
> Praveen Kariyanahalli via RT wrote:
>
>> Is there is a reason why openssl has restriction of auth before encrypt
>> order ? I dont believe there is an algo restriction, was wondering why
>> openssl has this.
>>
> The change
>
> https://github.com/openssl/openssl/commit/5384d1e4ebd58f31a06b2f5d1f6c4b28f63d72ed
>
> introduced a typo in the last line of file crypto/camellia/build.info.
Fixed. Thanks for report.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4520
Please log in as guest wi
Hello Richard,
Richard Levitte wrote:
In message <571f2941.4040...@openssl.org> on Tue, 26 Apr 2016 09:39:29 +0100, Matt
Caswell said:
[SNIP]
I've seen no other opinion, so I went with it. Would you mind having
a look at GH#995? I did a bit of change in the docs, but could need
some help ex
On 4/26/2016 1:20 PM, Salz, Rich wrote:
Look. If Doug noticed this, programmers less intimate with this API are much
more likely to get stung by it. The protection against such a misunderstanding
is cheap.
Is it? And what is that protection? Without introducing memory leaks.
In RSA_set0_
On 4/26/16, 15:15 , "openssl-dev on behalf of Viktor Dukhovni"
wrote:
>On Tue, Apr 26, 2016 at 12:55:28PM -0500, Douglas E Engert wrote:
>> Adding the test "if (n != rsa->n)" before the BN_free in the
>>RSA_set0_key
>> would catch this.
>
>The correct test is to return an error in that case, not
On Tue, Apr 26, 2016 at 12:55:28PM -0500, Douglas E Engert wrote:
> Adding the test "if (n != rsa->n)" before the BN_free in the RSA_set0_key
> would catch this.
The correct test is to return an error in that case, not to skip
the free. The caller is doing the wrong thing, and we should not
sile
On 4/26/16, 14:20 , "openssl-dev on behalf of Salz, Rich"
wrote:
>> Look. If Doug noticed this, programmers less intimate with this API are
>>much
>> more likely to get stung by it. The protection against such a
>>misunderstanding
>> is cheap.
>
>Is it?
I think it is. See Doug’s post.
>And w
> Look. If Doug noticed this, programmers less intimate with this API are much
> more likely to get stung by it. The protection against such a misunderstanding
> is cheap.
Is it? And what is that protection? Without introducing memory leaks.
--
openssl-dev mailing list
To unsubscribe: https://
On 4/26/16, 14:03 , "openssl-dev on behalf of Salz, Rich via RT"
wrote:
>That code is still wrong. Once you "get0" something you can only look at
>it. You cannot pass it off to a "set0" function. Get0 gives you a
>pointer that *you do not own* and *set0* takes a pointer that you DO own
>and ar
That code is still wrong. Once you "get0" something you can only look at it.
You cannot pass it off to a "set0" function. Get0 gives you a pointer that
*you do not own* and *set0* takes a pointer that you DO own and are giving
away. You can't give away something that isn't yours :)
The erro
On 4/26/16, 13:56 , "openssl-dev on behalf of Douglas E Engert"
wrote:
>...
>RSA_get0_key(rsa, &my_n, &my_e, NULL); /* note this is a GET0 */
>
>/* my_n now points to the BIGNUM as does rsa->n */
>/* my_e now points to the BIGNUM as does rsa->e */
>
>/* other stuff done, such as calculating d */
OK there was an error in my example. The get needed 2 "&":
RSA_get0_key(rsa, &my_n, &my_e, NULL); /* note this is a GET0 */
/* my_n now points to the BIGNUM as does rsa->n */
/* my_e now points to the BIGNUM as does rsa->e */
/* other stuff done, such as calculating d */
RSA_set0_key(rsa, my_
Yes, there was an error in my example, the first line should have read:
RSA_get0_key(rsa, &n, &e, NULL);
The rsa was created in a different routine, so n and e were already set.
I am not the one freeing it is your RSA_set0_key that is doing the free.
Adding the test "if (n != rsa->n)" before t
> On Apr 25, 2016, at 11:18 PM, Alex Hultman wrote:
>
> Thanks for the answer. I actually found a working solution just a couple of
> minutes after I posted but I still wanted to hear what you recommended. I
> just did ssl->references++; and also the same on the attached BIO's before
> SSL_se
Hi,
I'm working on a tool that checks various things related to X509
certificates. I want to check that the encoding is actually
correct DER. With things like ASN1_TIME is seems easy to get to
the raw data, it just seems to contain it. But when I try it with
an ASN1_INTEGER it doesn't seem to c
On 4/26/16, 11:43 , "openssl-dev on behalf of Tomas Mraz"
wrote:
>On Út, 2016-04-26 at 10:16 -0500, Douglas E Engert wrote:
>> Let me update my response.
>> If I am reading GH#995 correctly it still has an issue if a user
>> does:
>>
>> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */
>>
On Út, 2016-04-26 at 10:16 -0500, Douglas E Engert wrote:
> Let me update my response.
> If I am reading GH#995 correctly it still has an issue if a user
> does:
>
> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */
> /* other stuff done, such as calculating d */
> RSA_set0_key(rsa, n, e, d
On 04/25/2016 10:18 PM, Alex Hultman wrote:
> Hi Benjamin,
>
> Thanks for the answer. I actually found a working solution just a
> couple of minutes after I posted but I still wanted to hear what you
> recommended. I just did ssl->references++; and also the same on the
> attached BIO's before SSL_s
On 4/26/16, 11:21 , "openssl-dev on behalf of Salz, Rich via RT"
wrote:
>> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */
>> /* other stuff done, such as calculating d */
>>RSA_set0_key(rsa, n, e, d);
>>
>> rsa is left with n and e pointing to unallocated storage.
>
>That code is incor
On 26/04/16 16:16, Douglas E Engert wrote:
> Let me update my response.
> If I am reading GH#995 correctly it still has an issue if a user does:
>
> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */
> /* other stuff done, such as calculating d */
> RSA_set0_key(rsa, n, e, d);
>
> rsa is
> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */
> /* other stuff done, such as calculating d */ RSA_set0_key(rsa, n, e, d);
>
> rsa is left with n and e pointing to unallocated storage.
That code is incorrect.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518
Please
> I can live with it.
> The only solution without some type of change was :
>
> RSA_set0_key(rsa, n, e, NULL);
> /* other stuff done, such as calculating d */
> n_new = BN_dup(n);
> e_new = BN_dup(e);
> RSA_set0_key(rsa, n_new, e_new, d);
>
> It is really gross, and is no
Let me update my response.
If I am reading GH#995 correctly it still has an issue if a user does:
RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */
/* other stuff done, such as calculating d */
RSA_set0_key(rsa, n, e, d);
rsa is left with n and e pointing to unallocated storage.
On 4/2
I can live with it.
The only solution without some type of change was :
RSA_set0_key(rsa, n, e, NULL);
/* other stuff done, such as calculating d */
n_new = BN_dup(n);
e_new = BN_dup(e);
RSA_set0_key(rsa, n_new, e_new, d);
It is really gross, and is not intuitive.
Since you
On Út, 2016-04-26 at 13:46 +0200, Richard Levitte wrote:
>
> I've seen no other opinion, so I went with it. Would you mind having
> a look at GH#995? I did a bit of change in the docs, but could need
> some help expressing it in a better manner.
>
> Also, I'd like to hear from Douglas and Tomas
IMO, go ahead.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Richard Levitte
Sent: Tuesday, April 26, 2016 07:46
To: openssl-dev@openssl.org
Reply To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre
> Thanks for registering, when I can expect first your feedback on this bug?
This is a mostly volunteer open source project. So hopefully soon is the best
you can expect.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4519
Please log in as guest with password guest if prompted
In message <571f2941.4040...@openssl.org> on Tue, 26 Apr 2016 09:39:29 +0100,
Matt Caswell said:
matt>
matt>
matt> On 26/04/16 08:26, Richard Levitte wrote:
matt> > [temporarly taking this thread away from RT]
matt> >
matt> > Basically, I can see two solutions:
matt> >
matt> > - Allow calls
Hi,
I've asked my colleague to try this solution and it worked.
I've seen, that the file "m_ecsda.c" had been removed from the source tree.
Since my changes are based on this file, I assume, that my patch is not
necessary.
Once again, thanks for your help.
BTW: We get the signature not with
Thanks for registering, when I can expect first your feedback on this bug?
-Original Message-
From: Salz, Rich via RT [mailto:r...@openssl.org]
Sent: Monday, April 25, 2016 6:38 PM
To: Jaan Murumets
Cc: openssl-dev@openssl.org
Subject: RE: [openssl-dev] [openssl.org #4519] [openssl.org b
On 26/04/16 10:39, Gäckler Martin (EXT) wrote:
> Hi Matt,
>
> Thanks for the reply. According to my colleague the PHP function
> opens_verify uses EVP_get_digestbyname to retrieve the EVP_MD. This
> does not work for the digest name "ecdsa-with-SHA256".
Hmmm. No. Well "ecdsa-with-SHA256" is not
Hi,
I'm trying to build Openssl as a static library and use it in my projects.
Have you guys put any thought to port the Openssl library to UWP(Universal
Windows 10 Platform)?
Can you provide me any guidelines or useful information that i can use to
port the libraries unless ported already?
Any
Hi Matt,
Thanks for the reply. According to my colleague the PHP function opens_verify
uses EVP_get_digestbyname to retrieve the EVP_MD. This does not work for the
digest name "ecdsa-with-SHA256".
Nevertheless, I will try to create a new branch.
Thanks again.
Martin
-Original Message--
On 26/04/16 09:43, Gäckler Martin (EXT) wrote:
> We’re currently developing a system that uses OAuth protocol to identify
> the users. The service provider is developed in PHP and uses OpenSSL to
> verify the access token. Unfortunately the identity provider, which is
> managed by another company
Hello,
We're currently developing a system that uses OAuth protocol to identify the
users. The service provider is developed in PHP and uses OpenSSL to verify the
access token. Unfortunately the identity provider, which is managed by another
company, uses ecdsa with sha256 to sign the access to
On 26/04/16 08:26, Richard Levitte wrote:
> [temporarly taking this thread away from RT]
>
> Basically, I can see two solutions:
>
> - Allow calls like RSA_set0_key(rsa, NULL, NULL, d);
>
> That's what's implemented in GH#995, except it doesn't check if the
> input parameters are NULL befo
[temporarly taking this thread away from RT]
Basically, I can see two solutions:
- Allow calls like RSA_set0_key(rsa, NULL, NULL, d);
That's what's implemented in GH#995, except it doesn't check if the
input parameters are NULL before setting the corresponding fields,
so that call ends up
39 matches
Mail list logo
