Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

Freeing of the values by the caller is not the issue. The issue is RSA_set0_key requires n and e to be none NULL. It the caller use RSA_get0_key to find the n and e then calculates a new d, than calls RSA_set0_key with the the same n and e pointers and the new d. RSA_set0_key will free n and e,

[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

The new routines in OpenSSL-1.1.0-pre5 RSA_get0_key and RSA_set0_key with their multiple arguments are not very user friendly requiring much more code being replaced and may lead to freeing an active pointers. Would not a set of routines like: BIGNUM* RSA_get0_key_n(RSA *rsa); int

Re: [openssl-dev] [openssl.org #4266] OpenSSL-1.1-pre2 cms can not use engine with parameters to sign cms msg

Any chance these changes to req.c and cms.c will make into 1.1-pre3? They fix a regression in functionality. req and cms worked in previous versions. req and cms are not usable in 1.1 with an engine for a smart card. The "See 4226" should be #4246 On 1/22/2016 7:29 PM, deeng...@gma

[openssl-dev] [openssl.org #4266] OpenSSL-1.1-pre2 cms can not use engine with parameters to sign cms msg

The inkey parameter of the cms command does not does not accept parameters for an engine to sign the message. P.S. Also attached are the changes for req.c. to use the key to hold engine parameters. See #4226 -- Douglas E. Engert diff --git a/apps/cms.c

Re: [openssl-dev] [openssl.org #4246] OpenSSL-1.1-pre2 openssl req fails to use engine

Yes, #458 is similar but for the pkeyutl.c I would have changed: {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"}, to {"keyform", OPT_KEYFORM, 'f', "Private key format - default PEM"}, The patch also adds an additional parameter, {"engine_impl", OPT_ENGINE_IMPL, '-', "Also

[openssl-dev] [openssl.org #4246] OpenSSL-1.1-pre2 openssl req fails to use engine

req.c (and many of the other apps) appear to have lost the ability to use an engine. The attached diff is against the github.com verison using Tag OpenSSL_1_1-pre2 In the req_options[] table: OPT_KEY is set to "S" so pre- checking of the parameters does not drop the string passed to the

Re: [openssl-dev] [openssl.org #4225] OpenSSL 1.1-pre2 EC_KEY_ex_data regression of functionality from 1.0.2 to 1.1

Thanks, Roumen's patches looks good and also include EC_KEY_set_method to replace the working ECDSA_set_method and ECDH_set_method in 1.0.2. Any idea when these will be in github? On 1/8/2016 11:30 AM, Salz, Rich via RT wrote: > There is a fix for this that is in the internal code-review

[openssl-dev] [openssl.org #4225] OpenSSL 1.1-pre2 EC_KEY_ex_data regression of functionality from 1.0.2 to 1.1

OpenSSL 1.1 (from github.com) Now combined ECDSA_METHOD and ECDH_METHOD into one method EC_KEY_METHOD. in 1.0.2 there were ECDSA_get_ex_new_index, ECDSA_set_ex_data and ECDSA_get_ex_data with the EC_KEY and an idx as parameters And there where ECDH versions to: ECDH_get_ex_new_index,