?
I have a get_by_fingerprint function, but it never gets called.
--
Chris Bare
Thanks, I'll check those out.
On Tue, May 3, 2022 at 4:53 PM William Roberts
wrote:
> On Tue, May 3, 2022 at 3:18 PM Chris Bare wrote:
> >
> >
> > On Tue, May 3, 2022 at 3:10 PM William Roberts
> wrote:
> >>
> >> On Tue, May 3, 2022 at 1:14 PM
On Tue, May 3, 2022 at 3:10 PM William Roberts
wrote:
> On Tue, May 3, 2022 at 1:14 PM Chris Bare wrote:
> >
> > I'm converting some openssl 1.0 code to 3.0 and I don't know how to get
> the coordinates
> > in a 3.0 way.
> > The old code is:
> > BN_
x);
pubkey = EC_KEY_get0_public_key ((EC_KEY *) EVP_PKEY_get0 (pkey));
group = EC_KEY_get0_group ((EC_KEY *) EVP_PKEY_get0 (cvr->sm_pkey));
EC_POINT_get_affine_coordinates_GFp (group, pubkey, X, Y, ctx)
What would be the 3.0 way to get X and Y without using deprecated functions?
--
Chris Bare
false);
but after that the nmap script doesn't find any ciphers.
Any suggestions?
--
Chris Bare
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
et the
error:
SSL23_GET_SERVER_HELLO:unknown protocol
and BIO_do_connect fails as expected, but BIO_free gives this error:
SSL_shutdown:shutdown while in init
If I don't free it, I have a memory leak.
Is there something else I need to do to clean up the BIO?
I tried calling BIO_do_handshake, but that crashes (not surpr
a function that
will return just the digest algorithm?
I'm trying to be as flexible as possible, so I don't want to hard code this
or have my own limited lookup table.
On Thu, Jul 7, 2016 at 2:54 PM, Jakob Bohm wrote:
> On 07/07/2016 20:08, Chris Bare wrote:
>
>> EVP_get_di
HA256
OBJ_NAME_get = (nil)
EVP_get_digestbyobj failed
So it looks like my sig_alg_oid is good, but OBJ_NAME_get fails.
I am using openssl 1.0.2d-0ubuntu1.5 in ubuntu 15.10
Am I doing something wrong, or could this be a bug in the library?
Any suggestions appreciated.
--
Chris Bare
--
openss
Is there a public interface to access the X and Y elements of an Ecc public
key?
I tried:
EC_KEY *ecc;
BN_num_bytes (ecc->pub_key->X);
but get the compiler error:
error: dereferencing pointer to incomplete type ‘EC_KEY {aka struct
ec_key_st}’
--
Chris Bare
--
openssl-users mailing l
e/openssl
>
>
> --
> Rejoice,I Desire!
> ___
> openssl-users mailing list
> openssl-users@openssl.org
> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>
--
Chris Bare
__
r. Stephen Henson
wrote:
> On Fri, Nov 21, 2014, Chris Bare wrote:
>
> > Is there a way to query the BIO or SSL object to see which cipher is
> being
> > used?
> > I have a case where my openssl client's performance is significantly
> slower
> > wh
cious that Windows has
started to favor the slower ECC ciphers, but I need a way to prove it.
--
Chris Bare
to do this via openssl functions, can anyone enlighten me?
--
Chris Bare
Can anyone confirm my understanding that the FIPS 140-2 certified module is
NOT affected by the CVE 2014-0160 vulnerability?
--
Chris Bare
ow in CMS_verify.
If not, I have some experience working with the openssl source code, but
some pointers would be appreciated.
--
Chris Bare
On Mon, Sep 12, 2011, Stef Hoeben wrote:
> Hi,
>
> we have an SOD (a CMS for e-passports and e-ID cards) file that we can
read
> out and ver
.
--
Chris Bare
On Mon, Sep 12, 2011, Stef Hoeben wrote:
> Hi,
>
> we have an SOD (a CMS for e-passports and e-ID cards) file that we
can read
> out and verify nicely if the signature algo is RSA_PKCS1_PADDING.
>
> But if the algo is RSA_PKCS1_PSS_PADDING (see attached txt
openssl code, and could try to fix it
myself, but pointers would be helpful.
-- Chris Bare
On Mon, Sep 12, 2011, Stef Hoeben wrote:
> Hi,
>
> we have an SOD (a CMS for e-passports and e-ID cards) file that we can
read
> out and verify nicely if the signature algo is RSA_PKCS1_PADDING
expected behavior of the BIO_f_buffer on a read?
If so, is the only alternative to track a read and a write bio? I assume that
I can read from the bio under the BIO_f_buffer without causing problems, is
that correct.
--
Chris Bare
ch...@bareflix.com
ons may break other
applications that expect 0.9.8 data files. Also programs linked with 0.9.8
libraries will have to be rebuilt to use the 1.0.0 libraries since the major
version number has changed.
Let's hope debian or ubuntu packages 1.0.0 so
Has anyone seen .deb packages for openssl 1.0.0?
I took a quick stab at converting the 0.9.8 debian files, but I ran into a lot
of problems and it takes a long time to debug.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project
> On Thu, Jun 10, 2010, Chris Bare wrote:
>
> > I have 2 different certs with the same subject name in a CA dir:
> >
> > lrwxrwxrwx 1 chris chris 23 2010-06-10 14:35 0721e1e6.0 -> other.pem
> > lrwxrwxrwx 1 chris chris 18 2010-06-10 14:35 0721e1e6.1
onnect example.com:443 -CApath same_names
I get:
Verify return code: 18 (self signed certificate)
it appears to be choosing 0721e1e6.0, because if I delete that one, it works.
Since there is no requirement that Subject Names be unique, is there a way to
make this work?
--
Chris Bare
ch...@barefl
the code below works fine if signed = true.
If signed = false, i2d_CMS_bio_stream seg faults.
I've looked through the code inside CMS_sign and didn't see anything else
obvious that I should call.
any suggestions on what I'm missing for an unsigned CMS?
--
Chris Bare
ch.
> On Mon, 2010-05-10 at 14:43 -0400, Chris Bare wrote:
> > Is there a way get have X509_verify_cert retry it's path building after it
> > gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT?
> > My idea is to implement a verify callback that uses the AIA information to
> &
> On 05/10/2010 08:43 PM, Chris Bare wrote:
> > Is there a way get have X509_verify_cert retry it's path building after it
> > gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT?
> > My idea is to implement a verify callback that uses the AIA information to
> > download t
have to let X509_verify_cert error out and call
it again?
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openss
. Would it
be incorrect to look in the store also here? I'd be glad to work on a patch.
I understand I can make the command line tool with with -verify_other, but in
my code I have no handy way to do that. My users are going to dump all trusted
certs, regardless of pu
open the
directory.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Ma
Can I reuse an X509_STORE for multiple ssl connections, cert verifications
etc, or should I create a fresh one for each operation? If I reuse it will it
continue to grow as it pulls in more certificates?
--
Chris Bare
ch...@bareflix.com
ver go download the intermediaries?
Is there a way to hook in my own function to do this? It seems like you have
the info you need during the path building process, and I don't want to have
to duplicate that.
Any other suggestions on the best way to handle this?
--
Chris Bar
Is there a API to extract the X509 cert(s) from a CMS_ContentInfo object?
Looking at the implementation of CMS_add0_cert() I see how to reach them, but
that function depends on things defined in cms_lcl.h, so I can't re-implement
it in my code.
Any suggestions?
--
Chris Bare
ch...@barefli
ASN1_IMP_OPT(CVRequest, requestNonce, ASN1_OCTET_STRING, 1)
} ASN1_SEQUENCE_END(CVRequest)
IMPLEMENT_ASN1_FUNCTIONS(CVRequest)
Is the error complaining out the structure I have defined, or the der data it
is trying to process?
As far as I can tell the der data doesn't even contain a requestorRef.
Any s
econd call to i2d_CMS_bio_stream, but I also get 0
bytes output to the file. If I comment out the first call, it works fine.
Is there something else I need to reset, or once it's sent, do I have to start
all over with a new cms object?
--
Chris Bare
ch...@ba
What is the proper way to access this data:
data = cms->d.signedData->encapContentInfo->eContent->data;
length = cms->d.signedData->encapContentInfo->eContent->length;
The above only works if I include a private header: crypto/cms/cms
ailed
error:2E09A09E:CMS routines:CMS_SignerInfo_verify_content:verification failure
error:2E09D06D:CMS routines:CMS_verify:content verify error
If I pass the CMS_NO_CONTENT_VERIFY flag to CMS_verify, of course I don't get
the error.
Any suggestions on how to track this down?
--
Chr
> A fix has now been applied, please try the current 1.0.0 CVS, get the next
> snapshot or just manually apply:
>
> http://cvs.openssl.org/chngview?cn=18310
>
> Steve.
I built from the latest CVS and it now works fine. Thanks for the fix.
--
Chris Bare
other flag or function I need to use to prevent this?
> >
>
> Ouch, this is a nasty bug PR #1748 which has only been noticed when something
> non-trivial is attempted with SSL BIOs.
>
> I'll look into fixing it.
>
In further testing, I
intf ("ssl->rbio %p\n", ssl->rbio);
printf ("ssl->wbio %p\n", ssl->wbio);
output is:
ssl->rbio 0x1aadf60
ssl->wbio 0x1aadf60
i2d_CMS_bio_stream
ssl->rbio (nil)
ssl->wbio (nil)
So naturally, after that the next call to BI
er is sending back some data, but
BIO_read returns -1.
Any suggestions?
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-
eta2 and I've tried setting CMS_STREAM as well as
> > CMS_STREAM|CMS_PARTIAL, but I have not gotten any output with EOC.
> > Any idea what else I'm missing?
> >
>
> Use i2d_CMS_bio_stream() instead.
>
Thanks, that did the trick.
> On Wed, Jun 17, 2009, Chris Bare wrote:
>
> > I'm trying to use openssl to generate a signed CMS that matches the output
> > of
> > a windows program written with the BouncyCastle library. One of the
> > differences I've noticed is that my openssl
s a snipped of what my code is doing:
int flags = CMS_STREAM; // or 0
BIO *mem = BIO_new(BIO_s_mem());
// write stuff to mem
cms = CMS_sign(scert, skey, NULL, mem, flags);
if (!i2d_CMS_bio(out, cms))
Is there some other flag, or some mode I can set to make
extnValue OCTET STRING }
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated Li
e CMS.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager m
ng openssl code.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated Li
I'm trying to understand the ASN1 macros like:
ASN1_SEQUENCE
IMPLEMENT_ASN1_FUNCTIONS
etc to implement my own structures.
What examples in the code would be best to follow, especially for nested
structures with optional elements?
--
Chris Bare
ch...@barefli
ompress it etc, and it
looks like I can use CMS_data_create in that case, but then I just want to
write it to a socket in DER format, not base64.
Also I need to figure out how to build up other ASN1 structures to go inside
the ContactInfo. I hoped looking at the CMS code would give me an e
ample code or pointers would be appreciated.
--
Chris Bare
ch...@bareflix.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Auto
48 matches
Mail list logo