On Wed, Apr 24, 2013 at 10:35:04PM -0400, Dave Thompson wrote:
> > I am assuming RSA though I would like to do ECDSA.
>
> These APIs will use any privatekey for which a signature
> scheme is available; that's RSA DSA ECDSA (or pedantically
> EC; openssl uses the same EC_KEY struct for ECDSA and
> From: owner-openssl-us...@openssl.org On Behalf Of redpath
> Sent: Wednesday, 24 April, 2013 18:10
> I saw the CMS but I did not see how to store raw data which I need to
> extract?
> Lets assume the data was a JPG and I created signature from
> the MD (SHA1)
> how can I get the JPG use it and
First poster:
> We are currently analyzing and understanding the security strength of
> the openSSL internal implementation to certify the products.
> In version 0.9.8d, TLSv1.0 alone is supported. Can you please answer
> the following or provide me with the documentation reference
>
> 1. D
X509_CRL_free().
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Shawn Webb
Sent: Tuesday, April 23, 2013 11:29 AM
To: openssl-users@openssl.org
Subject: Destroying X509_CRL Object
Hey All,
I'm trying to figure out how to properly destroy an X509_CRL s
Hello,
I have some code which I am using to generate a CSR and some code which I
am using to generate a cert using my cert authority.
If I view the CSR, I can see that my alt names were added correctly. If I
view the cert itself, the altnames are not there. I had kind of thought
that if I had a C
Hi,
Can I do CRL checking by adding both the base and delta CRLs with
X509_STORE_add_crl() or should I construct a complete CRL with the base and
delta CRLs and then add it to the store?
Thanks,
-binlu
I saw the CMS but I did not see how to store raw data which I need to
extract?
Lets assume the data was a JPG and I created signature from the MD (SHA1)
how can I get the JPG use it and validate it. I looked at the PKCS7 and no
mention of adding
objects.
Any example is best to learn assuming
dat
2013/4/24 redpath
> I have a piece of data like a JPG and a MD from it and a signature PKCS#1
> from the MD.
>
>int rc= RSA_sign(NID_sha1, md, 20, sigret, &siglen, rsapriv)
>
> I send the data and the signature to someone to verify the data and they
> use
> it.
> Now maybe there is standard m
On Wed, Apr 24, 2013 at 01:55:36PM -0700, d...@deadhat.com wrote:
> > On Wed, Apr 24, 2013 at 03:18:45PM +, Nikola Vassilev wrote:
> >
> >> We are currently analyzing and understanding the security strength
> >> of the openSSL internal implementation to certify the products.
> >> In version 0.
> On Wed, Apr 24, 2013 at 03:18:45PM +, Nikola Vassilev wrote:
>
>> We are currently analyzing and understanding the security strength
>> of the openSSL internal implementation to certify the products.
>> In version 0.9.8d, TLSv1.0 alone is supported. Can you please
>> answer the following or p
I have a piece of data like a JPG and a MD from it and a signature PKCS#1
from the MD.
int rc= RSA_sign(NID_sha1, md, 20, sigret, &siglen, rsapriv)
I send the data and the signature to someone to verify the data and they use
it.
Now maybe there is standard measure to package the data and the
Looking at the xts128.c code, it looks like the "tweak" is recalculated from
scratch every time CRYPTO_xts128_encrypt() is called:
memcpy(tweak.c, iv, 16);
(*ctx->block2)(tweak.c,tweak.c,ctx->key2);
It seems like this would break the chaining between successive calls to
EVP_Cip
On Wed, Apr 24, 2013, Cipher wrote:
> Hi,
>
> I complied and installed FIPS capable OPENSSL 1.0.1c and OPENSSH 6.1p1 with
> FIPS.
> While debugging i found that SSH fails for *ctr* mode of cipher operation.
> Here is what i get when i connect using aes256-ctr or aes128-cbc
>
>
> FIPS mode ini
> From: Salz, Rich
>
> OpenSSL does nothing about this. It’s an interesting question. As for as
> TLS/SSL is concerned,
> it is only using the certificate at the time the connection is initially
> established, and therefore
> expiration (or revocation) during the application’s use of the certif
OpenSSL doesn't take care of the expiration of your certificate
automagically in the background and call some function in your
application to asynchronously tell that the certificate you received
several seconds ago has now expired.
Identically, OpenSSL doesn't take care of external events that
On Tue, Apr 23, 2013 at 10:17:54AM -0700, Vijaya Venkatachalam wrote:
> So at the time of openssl connection establishment, the certificate is valid.
> But while the connection is still up, the certificate expires.
The certificate was valid at the time it was verified, this is sufficient.
> Is t
OpenSSL does nothing about this. It's an interesting question. As for as
TLS/SSL is concerned, it is only using the certificate at the time the
connection is initially established, and therefore expiration (or revocation)
during the application's use of the certificate is up to the application
Hi,
given the point this was posted in 2011, i hope this is resolved and i can
get some help with my problem!
I have a similar problem with openssl 1.0.1c compiled with FIPS 2.0.2 and
OPENSSH 6.1p1.
Here is the debug mode of sshd with aes256-ctr cipher
FIPS mode initialized
debug1: inetd sockets
Hi,
I complied and installed FIPS capable OPENSSL 1.0.1c and OPENSSH 6.1p1 with
FIPS.
While debugging i found that SSH fails for *ctr* mode of cipher operation.
Here is what i get when i connect using aes256-ctr or aes128-cbc
FIPS mode initialized
debug1: inetd sockets after dupping: 3, 3
Conn
I found the solution, it has nothing to do with forking. Here is what i did-
I was writing IN FIPS MODE message to *stdout*. When sshd forks
child process to handle scp, this stdout was being passed over the pipe
causing the issue.
My issue got resolved after writing the FIPS mode message
Hello Folks !
I have a question that I hope you can help me with.
A server with OpenSSL 0.9.8k installed can be upgraded to OpenSSL 1.0.x without
break any dependencies?
I mean compile from the source and install the new version.
Regards
Sincerely
Víctor Martínez.
This email and any files tr
Hi
I am new to openssl application development.
I had a question on how to handle expired certificates.
So at the time of openssl connection establishment, the certificate is valid.
But while the connection is still up, the certificate expires.
Is the application supposed to handle this or do
On Wed, Apr 24, 2013 at 03:18:45PM +, Nikola Vassilev wrote:
> We are currently analyzing and understanding the security strength
> of the openSSL internal implementation to certify the products.
> In version 0.9.8d, TLSv1.0 alone is supported. Can you please
> answer the following or provide
-Original Message-
From: Venkataragavan Narayanaswamy
Sender: owner-openssl-us...@openssl.org
Date: Tue, 23 Apr 2013 00:29:17
To: openssl-...@openssl.org;
openssl-users@openssl.org
Reply-To: openssl-users@openssl.org
Subject: MD5 in openSSL internals
Hi,
We are currently analyzing an
24 matches
Mail list logo
