Hi,
I have written a sample few years ago that performs PSS signature using
SHA256 like what you need.
You can get it from
https://www.idrix.fr/Root/Samples/openssl_pss_signature.c
It uses the maximum salt length. You should check that the server
expects this as well.
Cheers,
--
Mounir IDRASSI
behavior unless it causes security issues for them (but I
can't imagine how).
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/14/2014 10:02 PM, Gilles Vollant wrote:
Microsoft just published a patch on their SChannel component (KB 2992611 )
https://technet.microsoft.com/library
.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 9/24/2014 6:27 PM, Jeffrey Walton wrote:
I've got a program that repeatedly calls BN_rand_range. Valgrind is
reporting 2.4 MB of leaks.
If I comment out the loop that generates the range value, then the
leak summary drops to 0
Pentium III
M it takes 1 second on average.
I don't if there are many people who need use RSA SFM parameters but
having such conversion functionality inside OpenSSL can be interesting.
In such case, I can send a patch for it.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Hi,
There was a similar question years ago. Here is a link to its answer :
http://marc.info/?l=openssl-usersm=123357572413547
I don't know if it is still relevant.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/20/2012 8:38 PM, Alona Rossen wrote:
Hello,
We need OpenSSL ECCN
these limitations by implementing my own version
of RSA_padding_add_PKCS1_OAEP that accepts any hash and any MGF
implementation. I guess you should do the same.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/16/2012 11:27 PM, Martin Kaiser wrote:
Dear all,
I'd like to encrypt some bytes
Hi,
Your browser is unzipping the archive on the fly. The file you are
getting is the TAR and not the gzipped TAR.
Try clicking save as on the link to see if you get the real gzipped file.
By the way, all the ckecksums on the page are correct.
Cheers,
--
Mounir IDRASSI
IDRIX
http
Hi,
The following blog post explains different mitigation techniques for
this vulnerability and among them is Rate Limiting :
http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html#rate_limiting_ssl_handshakes
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.5887rep=rep1type=pdf
: a 2006 paper discribing the attack and the OpenSSL countermeasure.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 9/21/2011 4:48 PM, Thomas J. Hruska wrote:
The Register published an article yesterday that some people
Yes, this the target configuration for debug under Windows VC++.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 6/22/2011 7:38 AM, ml.vladimbe...@gmail.com wrote:
Is “debug-VC-WIN32” option of configuration an answer to my question
these processes under Windows 7?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 5/4/2011 7:02 AM, Ashwin Chandra wrote:
I generate an RSA key using RSA_generate_key in one process. I then
take the RSA structure that is generated and serialize it and send it
to another process via an RPC mechanism
this mechanism more expensive than previous Windows versions. So,
this issue won't be solved unless there is a major change to OpenSSL
entropy gathering architecture, which doesn't appear to be coming any
time soon.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 5/4/2011 6:14 PM, Ashwin
is to implement
an engine that exports its own RNG implementation through a custom
RAND_METHOD structure.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 5/4/2011 7:02 PM, carlyo...@keycomm.co.uk wrote:
Start second process as a daemon so it only does the entropy gathering
at process
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-END CERTIFICATE-
==
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http
are not aware of this
update...This issue should not have existed at the first place!
Good luck,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 4/26/2011 7:07 PM, James Chase wrote:
You've got the wrong chain file. I understand that NetSol
switched to a new
EV Issuing CA a few months
specific PRNG helper functions.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 3/26/2011 10:05 AM, Vladimir Belov wrote:
Hello,
What Random number generator is used in the OpenSSL library?
__
OpenSSL Project
just modified the usr_cert section in the default
one in order to add extendedKeyUsage = critical,timeStamping and set
keyUsage to nonRepudiation, digitalSignature.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/23/2011 3:32 PM, Yessica De Ascencao wrote:
Hello!
Thanks for your help
Yes, you should open a ticket on the issue tracker. However, I'm not
sure if Dr. Stephen Henson will agree to add this change to the current
stable versions (0.9.8x and 1.0.0x) as he usually delays header changes
till the 1.1.0 release.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/23
://rsaconverter.sourceforge.net/ .
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/24/2011 5:48 AM, Victor Duchovni wrote:
On Wed, Feb 23, 2011 at 09:03:13PM -0600, Shaheed Bacchus (sbacchus) wrote:
Just to be clear, below is not the actual code, but what I would *like*
to be able to do
that the problem is coming
from the certificate Key Usage : it MUST NOT contain Key Encipherment.
So, to resolve your problem, set the Key Usage to ONLY Digital
Signature, Non Repudiation.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/22/2011 2:40 PM, Patrick
certificate) that I used. Can you see if it is working for you?
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/22/2011 3:11 PM, Yessica De Ascencao wrote:
Hi Mounir IDRASSI!
I generated the certificate with ONLY Digital Signature, Non
Repudiation but I still have the same problem
. That explains why you are getting the compile error.
I don't know why it was done like this, but if you really need this
structure then you'll have to copy its definition from the header I
mentioned above.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/22/2011 6:14 PM, Kent Yoder
files.
I hope this will help,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/18/2011 4:59 AM, David Henry wrote:
I've written a bare bones enveloping example that takes a string,
seals it in an envelope, and then goes about opening it. Everything
works just fine if I generate my RSA keys
Hi,
Add -leay32 to the end of the gcc command line of order to suppress the
link errors you are seeing. This will help the gcc linker find the
missing symbols exported by libeay32.a.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/16/2011 8:07 PM, Rui Fernandes wrote:
I've
of the verify callback. That being said, I
remember vaguely a post by Dr Stephen Henson related to this where he
mentioned a planned change in this direction, but I can't find a link to it.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/10/2011 4:46 PM, Lou Picciano wrote:
Matthias
elsewhere (for example in
/usr/local/ssl)
On the other hand, if it is /etc/ssl, then you need just to update the
CAs hashs in /etc/ssl/certs. For that, issue the following command :
c_rehash /etc/ssl/certs.
I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/10/2011 5:07 PM
(oldCertificate),
caKey,
clientCert);
With these modifications, everything will be OK.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 1/20/2011 2:36 PM, Bret McDanel wrote:
I am trying to load an old certificate, take the subject line and make a
new certificate signed
Hi,
The function EVP_BytesToKey is used internally by this command (and
others) in order to create a key from a password. The iteration count is
set to 1. Look at the following link for more information :
http://www.openssl.org/docs/crypto/EVP_BytesToKey.html
Cheers,
--
Mounir IDRASSI
Hi,
SHA1_Init is indeed defined in sha_locl.h as HASH_INIT, whereas
SHA1_Update and SHA1_Final are defined in md32_common.h (under crypto
folder) as HASH_UPDATE and HASH_FINAL respectively.
Happy hacking,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 1/10/2011 4:40 PM, Stan Joyner wrote
Hi,
Use IMPLIB on the OpenSSL Dlls (e.g implib.exe -a libeay32.lib
libeay32.dll) in order to create OMF export libraries instead of the
COFF ones produced by VC++.
With them, the link will be successful.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/23/2010 11:30 PM, hpenaguz
Take a look at :
http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm
exponent1 = dp
exponent2 = dq
coefficient = qInv
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/23/2010 9:48 PM, Mike Mohr wrote:
Good afternoon,
When generating an RSA key, several components
Start at function rsa_builtin_keygen in file crypto/rsa/rsa_gen.c.
Good hack,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/24/2010 12:35 AM, Mike Mohr wrote:
Thanks much for the clarification. I'm interested in re-implementing
RSA for my own education; can someone point me
));
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/19/2010 8:47 AM, akdin wrote:
I am a new user of openssl. If anybody post basic C code to generate ecc key
pairsusing openssl it will give me an insight to produce further .
Ur help will be highly appreciable.,
regards
akdin
Hi,
There is no problem with the archive.
If you are under Windows, use the latest 7zip (version 9.20). You will
get a warning but the decompression is OK. The previous version of 7zip
had a limitation for tar support.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/3/2010 2:28 PM
,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/3/2010 6:21 PM, Fili, Tom wrote:
Ok, so I realized if I run Configure with no-static-engine I'll get the
separate dlls. These are the commands I run
C:\Documents and Settings\tfili\Desktop\openssl-0.9.8kperl Configure
VC-WIN32 --prefix=c:\temp
Hi,
What compiler are you using under Windows?
From my side, I have compiled and tested binaries produced by VC++ 2008
SP1 (cl version 15.00.30729.01) and the latest standalone native MinGW
(gcc 4.5.0), and in both cases everything is OK (no crash and all tests
succeed)
--
Mounir IDRASSI
http://www.openssl.org/news/secadv_20101202.txt
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/2/2010 9:03 PM, Erik Tkal wrote:
Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864
was the reason 1.0.0b was released, but I cannot find any references
OpenSSL with this interesting engine.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/26/2010 10:11 AM, flavio vella wrote:
Hello,
we are a team of the department of Computer Science at the University
of Perugia (Italy).
Recently, we have developed an engine that implements AES
as described on his 1976
paper).
By the way, is this kind of functionality interesting enough to be
integrated into OpenSSL code?
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/25/2010 1:32 PM, Chir wrote:
Hi guys,
i want to create a RSA structure to pass
.
I'll start a discussion about this on the dev list.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
that this solves the failures you are seeing?
Here is the link on RT with the description of the issue and the patch :
http://rt.openssl.org/Ticket/Display.html?id=2240user=guestpass=guest
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/24/2010 11:37 PM, Victor Duchovni wrote:
I see
Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But
under Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error.
I don't see anything OS specific in the changes introduced in t1_lib.c
or s3_srvr.c. Could it be a gcc bug?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/16
. Maybe you have some malformed key. Can you please check that?
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/14/2010 8:57 PM, Marcus Carey wrote:
I tried the latest snap shot before I sent the first email.
OpenSSL 1.0.1-dev xx XXX .
Also, when I ran the test, they all passed
for the
intermediate CA programs offered by commercial CAs. This involves being
audited and vetted and this comes with some limitations. Of course, the
price for such a program can be very high depending on your needs.
I hope this clarifies things for you.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Hi Ariel,
The simple answer to your questions is no. There is no way to workaround
this. Others have already explained why.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Well, I'm trying to do SSL Client Authentication for my website. So I
bought
a wildcard cert from GoDaddy and it works
openssl-dev to be kept updated.
That being said, I understand your frustration but the others certainly
thought you were aware of their discussion in the other list.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 10/19/2010 1:20 PM, Jakob Bohm wrote:
On 19-10-2010 12:32, per frykenvall
problems can arise because conflicting versions of
the OpenSSL dlls exist on different directories belonging to the PATH.
try checking if the machine where the problem exists has only the
version of dlls you are targeting.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 10/13/2010 11:23
of their own, like in any normal PKI architecture.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 10/13/2010 7:11 PM, Stefan Bauer wrote:
Dear Openssl-Users,
i recently came across a problem with the offered ssl-cert on
www.mastersnet.de
It's a self signed cert and all of the nokia
and then configure your webserver to accept only
client certificates issued by your CA.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 10/12/2010 5:41 AM, Ariel wrote:
Hi again,
I could enable my site to use SSL with a wildcard certificate bought to
GoDaddy by concatening the mysite.com.crt
Hi,
Your sample runs perfectly here: compiled using VC++ 2008 against 1.0.0a
in Release and Debug modes and ran on Windows 7 system (hardware DEP
enabled).
What compiler are you using? Can you perform a debug build and give us a
crash trace?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
and
from there copy the CA that signed your certificate to a file (Base64
encoded). You can then transfert this file to your Linux box.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Your
On 9/20/2010 12:45 PM, Sergey Sedov wrote:
Hi,
My ISP provides to me .p12 file
Hi,
The code is a generic OpenSSL C source that will compile using the
favorite compiler of your platform.
Did I understand your question correctly?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Hi
Thanks for your response. In which lplatform do I compile/execute the below
CODE?
I only have
Hi,
The code is a generic OpenSSL C source that will compile using the
favorite compiler of your platform.
Did I understand your question correctly?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Hi
Thanks for your response. In which platform do I compile/execute the below
CODE?
I only have
Hi,
The error says that it didn't find the expected start line for a
certificate which is -BEGIN CERTIFICATE- .
So, check that your certificate is indeed BASE64 encoded and that the
first line is -BEGIN CERTIFICATE- and the last is -END
CERTIFICATE- .
Cheers,
--
Mounir
Hi,
It hangs because it is waiting for the input certificate that has to be
put with the given key inside the PKCS#12 file. Replace the -certfile
option with -in and everything will be OK. Actually -certfile is for
adding additional certificate, not the main one.
--
Mounir IDRASSI
IDRIX
http
at the start of your program. Which means in
your case that you should dlsym for OPENSSL_add_all_algorithms_noconf and
then call it.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Hello,
For certain reasons I want to load the OpenSSL libraries at run-time
(rather
n)
{
EVP_PKEY* pRsaKey = EVP_PKEY_new();
RSA* rsa = RSA_new();
rsa-e = e;
rsa-n = n;
EVP_PKEY_assign_RSA(pRsaKey, rsa);
return pRsaKey;
}
else
{
if (n) BN_free(n);
if (e) BN_free(e);
return NULL;
}
}
/CODE
Cheers,
--
Mounir
Primary Root CA to Thawte Premium Server CA.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 9/14/2010 3:32 AM, Paul B. Henson wrote:
On Mon, 13 Sep 2010, Tim Hudson wrote:
Try gnutls without the TLS extensions processing occurring and you will
see that the server is not sending back
. Concerning the specific issue here, it's clear
that OpenSSL is too restrictive compared to other major libraries since
this is a minor deviation from the BER specs (i.e. minimal bytes
representation) and thus hurts deployments of real-world certificates.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/28/2010 10:43 PM, Goran Rakic wrote:
Hi all,
I have two X.509 certificates MUPCAGradjani.crt and MUPCARoot.crt
downloaded from http://ca.mup.gov.rs/sertifikati-lat.html
Certificate path is MUPCARoot MUPCAGradjani and I would like to
validate
);
goto end;
}
A more correct version would be to change || in the if test by ,
and thus there will be no misleading error.
I hope this clarifies things.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/20/2010 4:25 PM, Ingo Naumann wrote:
Vladimir,
To me, your key
able to open it using this password.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/11/2010 5:14 PM, Sashi Dutt wrote:
Hello,
I was wondering if any of you guys ran into the below error and provide some
guidance/assistance?
8980:error:23076071:PKCS12 routines:PKCS12_parse:mac verify
and the other is called CRT). The RSA size is actually the size of the
modulus.
I encourage you to read more about RSA before trying to use OpenSSL
resources for this.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
yes ..i am not able to find the 128 byte RSA key.. how should get
those information
Well, your question was who i must do request for... that's why we gave
you links for outside CAs.
If you are dealing with your own CA, then using a wildcard character in
the DN will do the job.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Le vendredi 23 juillet 2010 22:06:44, Kyle Hamilton
-certificates/
- http://www.verisign.com/ssl-certificates/wildcard-ssl-certificates/
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 7/24/2010 2:02 AM, Luis Daniel Lucio Quiroz wrote:
Just wondering
who i must do request for a wildcard cert, for example to accept all the
*.mydomain.com
Regards
of padding to your data before feeding it to
RSA_private_encrypt.
The other option is to use a standard padding by calling
RSA_private_encrypt with RSA_PKCS1_PADDING.
I hope this clarifies things to you.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 7/19/2010 2:51 PM, anhpham wrote:
Hi all
SNI under XP and that surprises me because it's supposed to work
starting from 2.0 and up, independently from the OS. What version of
Firefox are using under XP?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 7/16/2010 3:31 PM, Richard Buskirk wrote:
I sent this situation off to the help
will decrypt your
string.
I hope this clarifies things to you.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Hi,
Thanks for the reply Phillip. One quick question. Is the
randomly-generated
key PUBLIC? I know the public RSA key to encrypt the key is public, but is
the randomly-generated key PUBLIC
Hi,
libcrypto is enough for basic cryptographic operations like
encryption/decryption with DES, AES, ...etc
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Hello all,
I have a C Code which is making use of DES.h in a JNI Environment.
I wanted to know if compiling this code
Hi,
Just add a call to *OpenSSL_add_all_algorithms* at the beginning of your
main and the certificate verification will be OK.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Hi, I'm a newbie user of OpenSSL.
I want to create a simple C program that verify a certificate chain like
Hi Andrei,
What about building the modified OpenSSL as static libraries and then
link your apps with libcrypto.a and libssl.a?
This way you will have no external dependency.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 6/24/2010 12:24 PM, Andrei Dumitrescu wrote:
Hello,
I have
Hi Robert,
Take a look at the OpenSSL.NET project on SourceForge :
http://openssl-net.sourceforge.net/
They have implemented a managed wrapper around libeay32.dll and
ssleay32.dll.
I think this is what you are looking for.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 6/23/2010 8
other give
their hints.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 6/22/2010 3:26 AM, 芦翔 wrote:
Hi all,
Could anybody please tell me the support status of RSASSA-PSS in openssl with
the version after 0.9.8l. If there is the implementation, could you please
tell me which functions
Hi,
I have written a small program that demonstrates how an RSA public key can
be extracted from an OpenPGP public key file and used in OpenSSL.
You can get the source from the following link :
http://www.idrix.fr/Root/Samples/pgp_pubkey.c
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
file is either PEM or DER
encoded and that the encoded object is an ASN.1 Sequence.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 6/3/2010 10:48 AM, Arunkumar Manickam wrote:
Hi,
Given a CRL file, how to detect its format. whether it is in PEM encoded
format or ASN1.
Thanks,
Arun
handler using the
function _set_invalid_parameter_handler.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Thomas J. Hruska schrieb:
Running 'openssl s_client' on 0.9.8n without any additional arguments
crashes openssl.exe.
There is very different behavior between 0.0.8 and 1.0.0 on WinXP Pro
Hi,
Try adding the switch /Zi to the CFLAG in the makefile and rebuild the
dlls. This is mandatory to create a full program database.
I come across the same problem and I solved it with this. The perl
scripts should be updated to include this flag for the debug build.
Cheers,
--
Mounir
Hi,
Remove the unecessary call to RSA_new and the memory leak will
disappear!! (The variable p est allocated by PEM_read_RSA_PUBKEY)
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 4/19/2010 11:07 PM, Stuart Weatherby wrote:
Hi List,
I am trying to figure out why there is a memory
Bon courage pour la suite!
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 4/14/2010 3:01 PM, Rémi Després-Smyth wrote:
Merci beaucoup, Mounir,
but I got the same error.
Given the time constraints I have, I think my path moving forward is to try
another library or two to see if I can find one
certificate.
The first solution is the easiest because you can simply use the OPENSSL
command line utility in order to extract the private key and its
certificate from the PKCS#12 file as PEM files and then give them as
input to your python module.
I hope this will help.
--
Mounir IDRASSI
IDRIX
to perform
your client authentication.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 4/13/2010 6:45 PM, Rémi Després-Smyth wrote:
Mounir,
Thank you so much for your answer.
I did extract the key into a pem file (using command: c:\openssl\bin\openssl
pkcs12 -in cert.pfx -nocerts -out
(NULL, ptr, inlen);
I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 4/3/2010 3:06 AM, sean wang wrote:
Hello,
I have a pkcs7 encoded cert which i want to load. the following code block
works fine: ( I am doing a base64 decoding first, will explain the reason
Hi John,
I have already answered your question twice on the list but it seems
that you didn't receive them for an unknown reason.
Look at the link below of OpenSSL list archive to reader what I wrote :
http://marc.info/?t=12690119749r=1w=2
Have a nice day,
--
Mounir IDRASSI
IDRIX
http
-password pass:1234 instead.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 3/22/2010 3:00 PM, John Chen wrote:
Hi Dr Stephen Henson,
I really could not solve this issue and need your help.
When I run openssl pkcs12 -in new.crt -inkey new.key -certfile .CA/cacert.pem
Hi John,
To avoid the password prompt, you can add the argument -password pass:
to the command line. This will use an empty password for the PKCS12 file.
For a non empty value, for example 1234, use -password pass:1234 instead.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http
are using by the value of the corresponding public
exponent.
If my guess is correct, then you should be able to verify the signature
correctly.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/27/2010 3:00 AM, Paul Suhler wrote:
Hi, everyone.
In Openssl 0.9.8i, I'm trying to take
lines 534 and 539).
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/8/2010 10:12 AM, JB Van Puyvelde wrote:
Hi,
I would like to import and use in OpenSSL RSA key pairs generated by
an other program.
This program can export public and private keys to PEM files
it will access your
private key.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 1/12/2010 12:35 PM, Anton Xuereb wrote:
Hi,
I'm trying to create a private CA with openssl for my enterprise. I
have generated the CA private key and certificate. I have created a
key pair and a certificate signing
this will help.
Cheers
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Gaurav Kumar wrote:
Hi,
I want to port few MS Crypto Api's on Linux.
Here are api's which i want to port.
CryptSetKeyParam
CryptDecrypt
CryptEncrypt
CryptGetKeyParam
CryptHashData
CryptCreateHash
I want to use the same parameters
of the
ssl2_state_st structure. This member is set in the function
ssl23_get_client_hello in the file s23_srv, depending on the options of
the SSL options.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
barcaroller wrote:
Michael S. Zick wrote in message
The padding is added to the **plain text
,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
barcaroller wrote:
Mounir IDRASSI wrote in message ...
You simply can't guess the padding mode if you don't know it in advance.
Imagine the security consequences if this was possible : it would mean
that an attacker can have information about the clear
. Is this
correct?
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Jim Welch wrote:
Hello Again,
The code is there to check for a non-null pkey. It wasn't copied to
keep the original message shorter. I've now made sure that I've
Base64'd the xml string and Base64'd the signature string
Hi,
You simply can't guess the padding mode if you don't know it in advance.
Imagine the security consequences if this was possible : it would mean
that an attacker can have information about the clear text without
having access to the private key!!
Cheers,
--
Mounir IDRASSI
IDRIX
http
. Most of the work is done by the macros
DECLARE_PEM_rw_const and IMPLEMENT_PEM_rw_const. You can get the source
code from the following link :
http://www.idrix.fr/Root/Samples/custom_pem.c
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
denot...@libero.it wrote:
Hi all
SHA-256
instead for this purpose.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
himas wrote:
Hello, I wrote a source for encrypting and decrypting some text data
with aes_256_cbc:
-- CODE --
void aes256cbc_encrypt(char *text, char *hkey)
{
int
into the chash parameter without converting it to ASCII and
never call printf directly on byte arrays.
Once you have done these changes and if you still have errors, post your
code and we will try to help you.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
himas wrote:
Mounir IDRASSI wrote
linked to the MS CRT and so they don't require any
reditribuable on the target machine.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Max Terentiev wrote:
Hi,
I suspect BC will have its own runtime libraries to provide similar
generic C runtime functionality
Hi,
There is no explicit function for this but you can use the function
BN_GF2m_add to perform the XOR of two BIGNUMs : for GF2m polynomials,
the addition is a simple bitwise XOR.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
jaze lee wrote:
I want to implement xor function of large
.
I have been using it for a year now and it was easy to modify it to
accommodate my own requirements (like supporting SHA1 instead of the
default MD5 and adding new templates). I hope it can be useful for you
as it is for me.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
jehan procaccia wrote
the same variables of your code :
BIO* keyBio = BIO_new_mem_buf(TESTING_PUBLIC_KEY,
sizeof(TESTING_PUBLIC_KEY));
public_key = d2i_PUBKEY_bio(keyBio, NULL);
That's it!
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Jeremy R. wrote:
I'm trying to make a simple application
1 - 100 of 121 matches
Mail list logo