C K KIRAN-KNTX36 wrote:
Hi All,
Is there any crypto function similar to the below one,
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key);
for EC,
int EC_set_private_key(const unsigned char *userKey, const int bits,
EC_KEY *key);
int
Carles Fernandez i Julia wrote:
En/na Nils Larsch ha escrit:
Carles Fernandez i Julia wrote:
...
That's the point : I have the private key certificate stored in the
smartcard, not located in a plain file. That's why I commented the line
above.
the engine doesn't support using certificates
Carles Fernandez i Julia wrote:
...
That's the point : I have the private key certificate stored in the
smartcard, not located in a plain file. That's why I commented the line
above.
the engine doesn't support using certificates stored on smart cards
(and I don't even think that this extremly
Valient Gough wrote:
My previous mail doesn't seem to have appeared on the list, so sending
again:
Hello,
As the maintainer of a package which uses OpenSSL, I've received some
reports
of 0.9.8e failing to decrypt data which was encrypted by previous
versions of
OpenSSL.
Attached is a
[EMAIL PROTECTED] wrote:
Hi all,
I try to ask an ocsp responder for the status of some certificates using
openssl as ocsp client.
Doing that the client produces the following Messages:
---
Hellstern, Thomas (LfSt) wrote:
...
[exec] d2i_AutoPrivateKey returned a key at 0x
[exec] ERR_get_error()=218783872 (0x0d0a6080)
[exec] ERR_lib_error_string(rc)=asn1 encoding routines
[exec] ERR_func_error_string(rc)=LONG_C2I
[exec]
jimmy wrote:
...
you see, as Nils, pointed out your blob is not in asn.1 der format (not
starting with 0x30..). since ecdsa_sig is BIGNUM *r, *s; you can try
using the BN_bin2bn() function to directly convert your blob to BIGNUM.
you'll need to do this twice, once for r once for s. Since
Nils Larsch wrote:
Moin Jürgen,
Jürgen Heiss wrote:
Hi everybody,
I try to verify a xml file which was signed with ecdsa-sha1.
I alredy read to SignatureValue from the xmlfile. which is.
724PlFGHTTL1cFlLFU6g6UetcPVBEAN6oNpogAUx3rgELFH86gA+NqvjVf316zek
are you _really_ sure
Moin Jürgen,
Jürgen Heiss wrote:
Hi everybody,
I try to verify a xml file which was signed with ecdsa-sha1.
I alredy read to SignatureValue from the xmlfile. which is.
724PlFGHTTL1cFlLFU6g6UetcPVBEAN6oNpogAUx3rgELFH86gA+NqvjVf316zek
are you _really_ sure that this is a
James Walker wrote:
I'm wondering why the sigbuf parameter of RSA_verify is declared as
unsigned char* rather than const unsigned char*. It's not going to
change the signature, is it?
it should not change the signature input and in openssl = 0.9.8
it is const.
Nils
Geoffrey Coram wrote:
I'm using the OpenSSL DLLs to go along with my e-mail client,
nPOP/nPOPuk, for Windows CE. For myself, I've
successfully compiled 0.9.8d under Windows CE 2.11 for ARM (as well as
MIPS and SH4); I can't find binaries for CE2.11 anywhere on the web.
Some other nPOPuk
Xiaoyu Ruan wrote:
Greetings All,
I have two questions on OpenSSL:
1. How to have the DLLs or SO’s export functions that are not
exported by default, such as ECDSA etc?
don't know a function ECDSA ;-) Seriously, there (normally) is a reason
why certain functions are not
William Lachance wrote:
Hi, I'm using the ASN1_item_d2i method for getting extension info out of an
x509 certificate. It _appears_ that it's changing the dereferenced address of
the 'in' parameter, even though it's supposed to be const.
...
ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const
Jordi Jaen Pallares wrote:
...
Anyway, I will need to extract (sooner or later) the respective EC keys
from the certificate,
use X509_get_pubkey() + EVP_PKEY_get1_EC_KEY() (note: both
function increase the reference count of the object)
...
[EMAIL PROTECTED]:~/Work/test$ ./opencert
Opened
Bill Colvin wrote:
To add to the list:
openssl version
OpenSSL 0.9.7m-fips 23 Feb 2007
openssl prime 2
2 is not prime
I've committed a patch [1] for this problem only in
openssl = 0.9.8
Nils
[1] http://cvs.openssl.org/chngview?cn=14780
Victor Duchovni wrote:
On Fri, Mar 02, 2007 at 05:56:24PM -0500, Xiaoyu Ruan wrote:
Thanks. Refer to the sample test given in PKV.txt in
http://csrc.nist.gov/cryptval/dss/ecdsatestvectors.zip.
I tried EC_KEY_check_key() against six NIST recommended EC curves P-192
P-224 K-163 K-233 B-163
Xiaoyu Ruan wrote:
Hi dear fellows,
I would like to know if there is any function(s) in OpenSSL that handles
public key validation for ECDSA.
Given a point (public key) and a curve, I would like to test if this
point is a valid public key for this curve.
have a look at
WCR wrote:
Hi All
I need to sign a text using RSA-SHA1. (
http://www.w3.org/2000/09/xmldsig#rsa-sha1
http://www.w3.org/2000/09/xmldsig#rsa-sha1 as per XML-Signature
specification http://www.w3.org/TR/xmldsig-core/)
I'm a newbie and want to sign a RSA-SHA1 from the command line?
I've tried:
Kaushalye Kapuruge wrote:
Hi List,
I need to sign a text using RSA-SHA1. (
http://www.w3.org/2000/09/xmldsig#rsa-sha1
http://www.w3.org/2000/09/xmldsig#rsa-sha1 as per XML-Signature
specification http://www.w3.org/TR/xmldsig-core/)
I found a set of EVP_ functions to do this.
i.e.
Steffen Lips wrote:
Hi Kyle,
I am using version 0.9.8c. I know that the verifying is ok when using
-inform DER, because the format is DER. But when using -inform SMIME,
OpenSSL normally exits normally with some error messages. But with this
file openssl crashes.
This happens in
Schifman, Jon wrote:
I'm using OpenSSL 0.9.8d to work on generating X.509 certificates for
use with ECDSA using the SECP384R1 curve. When I generate a certificate,
the public key created is 97 bytes, but I know it should be 96 bytes (2
384 bit parameters for the x,y points on the curve). It
Hagai Yaffe wrote:
Hello,
I am using PKCS7_sign for applying Digital Signature to files, when I am
creating an enveloped PKCS#7 file that contains also the signed file
content all the signed file data is being loaded to memory (this would
be a problem with large files), I know that I can
[EMAIL PROTECTED] wrote:
Hi all,
I've created a method to generate ECDH Key, based on ecdhtest.c, available
at /openssl/test directory.
But I'm facing some trouble to compile it.
I've inserted the following code in the begining of the file, acording
ecdhtest.c,
static const int KDF1_SHA1_len =
Ulrich Matejek wrote:
Hi everybody,
when experimenting with OpenSSL v0.9.9 (since that version allows
choosing the digest algorithm when creating a PKCS#7 structure) I
encountered an odd behaviour: no matter what argument was specified for
the -md parameter, the resulting PKCS#7 structure had
Ulrich Matejek wrote:
Hi everybody,
when experimenting with OpenSSL v0.9.9 (since that version allows
choosing the digest algorithm when creating a PKCS#7 structure) I
encountered an odd behaviour: no matter what argument was specified for
the -md parameter, the resulting PKCS#7 structure had
[EMAIL PROTECTED] wrote:
Hi all,
here I come again.
I'm testing the ECDSAtest.c approach to make my own test and I saw one
thing that I don't really know if it's right.
I'm sorry about taking your time, but I'm really trying to learn EC!
01 int main() {
02 const char message[] = abc;
03
[EMAIL PROTECTED] wrote:
Hi all,
I'm a new user trying to use the EC_DH benefits on key sharing.
But I'm having some problems to understand how it works...
First, in(ecdhtest.c),
aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
it generates the following key in both
Michal Trojnara wrote:
Dear OpenSSL users,
When performing stress-testing of stunnel with session cache
disabled I receive core dumps on concurrent SSL_connect() calls.
Here is an example stack backtrace:
#0 0xa7e60d41 in BN_ucmp (a=0x80a28fc, b=0x80a1f08) at bn_lib.c:662
662
Marek Marcola wrote:
Hello,
I woud like my public key to be embedded in my source code
as static char*, cause later I want to verify my licence
with that key.
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
pkey = X509_get_pubkey(x509);
//Serialization
for(i=0; i sizeof(*pkey); i++){
Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Tue, 10 Oct 2006 11:35:30 +0200, Daniel Diaz
Sanchez [EMAIL PROTECTED] said:
dds Hello,
dds
dds Some source code to generate attribute certificates using OpenSSL can be
dds found at:
dds
dds
Abhishek Tripathi wrote:
Hi Nils,
Now you got my point but the code on which I am working uses
the too much internals of those structures .That why I needed the change
log.In old OpenSSL code for the EC_KEY_METH_DATA they used some
ECDSA_DATA_new() as follows
EC_KEY *key ;
Abhishek Tripathi wrote:
Hi Friends,
Presently I am working on some code which uses the Openssl
0.9.8-dev version in which ECC support was provided first time.
0.9.8d has already been released
Can anybody help me out from where I can get the
change log which tells me
Abhishek Tripathi wrote:
Hi Nils ,
Thanks for your guidance but I kindly bring to your notice that
0.9.8-dev doesn't stands for 0.9.8d .It's the first version in 0.9.8
series before 0.9.8a.that's why I asked for change log
because a lot of changes are made in latest
[EMAIL PROTECTED] wrote:
Is there already a stable version of OpenSSL in the field that supports SHA256?
yep, 0.9.8
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing
Max Pritikin wrote:
(Hello, I'm asking again. Please let me know if you think this would be
more appropriately addressed to the openssl-dev list or something.)
In summary: Is it possible to use sha256 when generating an ecdsa
certificate?
I'm currently working on it so please have a
Olga Kornievskaia wrote:
...
Ok. Thanks. I was hoping that a leading zero was the answer to my real
problem which is. I'm using the above p and a generator g = 2 (both
are well-known group 2 DH parameters described in the RFC 2412). I
initialize the DH structure with them and the then call
Olga Kornievskaia wrote:
Hi, can anyone tell me how to fix the leading zero in BIGNUM. I have the
following code:
unsigned char pkinit_1024_dhprime[128] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
0xC4, 0xC6, 0x62, 0x8B, 0x80,
Michael Stephan wrote:
Hallo, I try to verify an ECDSA signature, which is by definition given
as the concatenation of 2 octet-streams (BIGNUM r and BIGNUM s), the
base64 encoded version is:
449afHAqHfJZmkET0a0hYVpaj+n1bbe4eTmHRAQsA+Zsl/px3AWzb5fWGjRzWWtz
(This is part of an xmldsig-ecdsa
Hon Hwang wrote:
Hi all,
I am attempting to understand how to create ASN.1 data structure in
OpenSSL.
First off, a simple ASN.1 structure that I want to create as the
starting point.
VersionInfo := SEQUENCE {
major INTEGER,
minor INTEGER
}
From looking through the posts in this mailing
[EMAIL PROTECTED] wrote:
Hi Team,
Is there any API available in OPENSSL to convert the DER formatted file
to Base64 formatted file? Please let me know your thoughts. Thank you.
have a look at what openssl base64 ... does (or openssl enc -base64 ...).
Cheers,
Nils
[EMAIL PROTECTED] wrote:
Nils,
The basic succession of calls are as follows. I think the program waits
for an ssl_read or ssl_write to implicitly trigger the handshake process.
meth = TLSv1_client_method()
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
SSL_CTX_new(meth);
ssl =
[EMAIL PROTECTED] wrote:
Excellent, excellent idea. Is ssldump an API call?
it's an application to analyze a ssl connection
(see http://www.rtfm.com/ssldump/ )
Cheers,
Nils
__
OpenSSL Project
[EMAIL PROTECTED] wrote:
Nils,
Yes, 0.9.6b is the exact version. Please help!
hmm, did you read the rest of my mail ? Do you have the source code ?
Cheers,
Nils
__
OpenSSL Project
Frank Büttner wrote:
Hello, knows anyone the letter codes of the function SSL_state_string()?
The the doc I only can read:
RETURN VALUES
Detailed description of possible states to be included later. :(
try SSL_state_string_long() for a more detailed description of the
current state.
Cheers,
Grégory Starck wrote:
Hi all,
I'm experiencing reproductable segv in ERR_error_string. I've reduced my
original code to a simpler test code wich show this ; see at end.
It's reproductable on ubuntu and debian. If I use ERR_error_string_n
then I've no problem.
some infos about the ubuntu
[EMAIL PROTECTED] wrote:
Hi,
I'm using openssl, (I think the slimmed down engine version), and
openssl 0.9.6 ? since there's no separate engine verion for openssl = 0.9.7
attempting to support a program written by someone else. The server that
I'm talking to recently moved to a new ISP
Frank Büttner wrote:
So now I think it is an bug in the version 0.9.8b. Because with lib
0.9.8a it will not happened. Can some one verify it?
I've just tested openssl ciphers trash with openssl 0.9.8a, 0.9.8b
and the cvs version (openssl ciphers calls SSL_CTX_set_cipher_list())
and all
Alfred Thomas wrote:
Hi all
Is the following supposed to work if testcert.pem is a selfsigned cert that
failes with error 18 when I do openssl verify testcert.pem
I want to ignore the fact that it is an untrusted cert and read the public
key regardless.
X509 * x509;
EVP_MD_CTX md_ctx;
Alfred Thomas wrote:
Hi
Can anyone please teel me why the attached PEM file gets an unknown message
digest algorithm when I use openssl verify fail.pem
The PEM file was a X509 certificate containing a ECDSA public key using the
B-163 curve
Any ideas would be appreciated.
[EMAIL
Bhat, Jayalakshmi Manjunath wrote:
Hi All,
Where do I find the definition for GENERAL_NAME_free? There are few
files using this function.
But I am not anle find the definition for this function. Please can any
one help me.
it's defined in crypto/x509v3/v3_genn.c through the
Alfred Thomas wrote:
Hi all
I need to read a DER encoded X509 certificate from file to get the public
key to verify an ECDSA signature. Can anyone please give me a pointer as to
what to do?
What I need is to:
Read the X509 certificate
use d2i_X509() to decode the DER encoded certificate
Alfred Thomas wrote:
Can anyone please help me to generate a ECDSA signature and verify it.
I am using openssl 0.9.8b which I compiled for Windows CE and I am using
embedded Visual C++. The problem is that I cannot find the definitions of
NID_sect163r2 (Which is used in all the demos) anywhere.
Alfred Thomas wrote:
Hi Nils
Sorry, I am still very new to OpenSSL, thanks for your quick response. I
found the definition in obj_mac.h thanks, and I got the application to sign
and verify the data.
I am using low-level ECDSA_sign.
We receive the public key as a binary file (not in a PKCS12 or
Alfred Thomas wrote:
did you try d2i_PUBKEY() ? In this functions doesn't work it would be
interesting to know what format the public key
has.
Not yet, I will have a look at it now. I actually need an EC_KEY and
d2i_PUBKEY() returns an EVP_PKEY, how can I get the EC_KEY needed?
Erik Leunissen wrote:
I've run under valgrind an application which has been linked to
libcrypto.a from the openssl0.9.8b release. Valgrind reports some
warnings which all relate to uninitialized values. I really do not
know whether that's significant, but just in case I attach the valgrind
孙 金龙 wrote:
when i watch the
EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
{
int ok=0;
EC_KEY *ret=NULL;
EC_PRIVATEKEY *priv_key=NULL;
if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
{
孙 金龙 wrote:
thanks! i only want to read ec privatekey
my ec privatekey is below
-BEGIN EC PRIVATE KEY-
MGACAQEEGAu0lmj+Fgurl8m7Tpwi4+wZk9GRSgdyjKALBgkqgRzXYwEBAgGhNAMy
AQS0/wY++sZk+W3QERcmJ+5m1l+PKkaFhJelGBfWaDN4vmSZg7ltf8YtRaUVvyaS
m1I=
-END EC PRIVATE KEY-
so i use
Marek Marcola wrote:
Hello,
Erik Leunissen wrote:
I've run under valgrind an application which has been linked to
libcrypto.a from the openssl0.9.8b release. Valgrind reports some
warnings which all relate to uninitialized values. I really do not
know whether that's significant, but just in
hao chen wrote:
Hi,
I highly appreciate if any one can tell me if openssl
is able to generate EMV Certificate.
no, you need to create them manually using the basic hash and RSA
operations.
Cheers,
Nils
__
OpenSSL Project
puneet batura wrote:
Hi,
I am trying to generate a 163 bit key in openssl using ECC but was not
been able to do so. I am using openssl-0.9.8a version can anyone show me
a example how to do that?
for example openssl ecparam -name sect163k1 -out eckey.pem -genkey -noout
should work ...
puneet batura wrote:
Hi Nils,
Yes i have tried that but it says that 'ecparam' is not a valid
argument.i am using openssl-0.9.8a version. Is this supported for this
version or i have to go with some other version.
it should be supported in 0.9.8a but perhaps it has been disabled
in your
Marko Asplund wrote:
On 2006-04-14, at 12.26, Nils Larsch wrote:
try a recent snapshot from the stable branch and let openssl
build shared libraries (see first problem mentioned in the
PROBLEM file).
i tried the workaround described in the PROBLEMS file with
openssl-0.9.8-stable-SNAP
[EMAIL PROTECTED] wrote:
hi
i'm having problems trying to build OpenSSL 0.9.8a on an Intel based Mac OS X
10.4.6.
if i've understood correctly, building goes fine up to the point where the openssl binary is
being linked. at that point i get lots of errors about undefined symbols and the
John Russell wrote:
./Configure darwin-i386-cc --prefix=/usr/webtools05/apache2
--openssldir=/usr/webtools05/apache2/
Install on mac (intel) fails with
collect2: ld returned 1 exit status
make[2]: *** [link_app.] Error 1
make[1]: *** [openssl] Error 2
make: *** [build_apps] Error 1
This is
Fukuba, Yoshiki wrote:
Hi,
After multiple calls to ERR_load_crypto_string(),
we cannot get error message using ERR_error_string().
A short sample is as follows:
=
#include openssl/err.h
int main()
{
ERR_load_crypto_strings();
printf(%s\n,ERR_error_string(101163138,NULL));
Julien Demoor wrote:
Hello,
I'm getting an error with the DSA_sign() function : data too large for
key size. I have inputed a 40-byte-long string representing a
hexadecimal SHA-1 digest. I can't find what the correct digest format
is, nor if anything else may lead to that error.
DSA_sign()
Jagannadha Bhattu G wrote:
Hi,
Can I call SSL_library_init multiple times in my code under different
threads?
as SSL_library_init() initializes global tables it should only
be called from one thread a time and of course no other thread
should use the global data while SSL_library_init() is
Konark wrote:
Hi All ,
I found in ssl.h header file that error codes repeats many times like.
#define SSL_R_BAD_ECDSA_SIGNATURE 1112
#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_BAD_ECDSA_SIGNATURE
Bob Mearns wrote:
...
DSA, with its 320-bit sigs, is out for this application. I've played
with RSA a bit, but I run into problems with the digest being too
long when using RSA keys shorter than 384 bits. I thought I'd read
that the RSA signature should be the same length as the number of bits
Victor Duchovni wrote:
On Tue, Feb 14, 2006 at 02:50:19PM -0800, Bob Mearns wrote:
Sorry - more details: This isn't a comm aplication - it amounts to
authentication of application data files. The signer is an utility which
exists solely in a vendor's environment. The verifier is an
Steffen Lips wrote:
Hi,
We have already some leaks in our application.
I found out, that for STACK_OF(X509) there are two cleanup functions.
sk_X509_free to free only the 'stackframe', and sk_509_pop_free for
freeing the whole stack.
Is there something for X509_STORE, too? X509_STORE_free
Steffen Lips wrote:
Hi everybody,
we have written a server application wich uses openssl. now we found
out, that memory increases rapidly.
Then we found out, that there are memory leaks in openssl. so try this
little program:
#include openssl/bio.h
#include openssl/err.h
#include string.h
Hines, Philip D. wrote:
Using the C API. I am working on a plugin for GAIM which uses ECDH for
establishing encrypted sessions. I think I figured out most of
it...right now I can make it work locally, but the public and private
keys are in structures with many pointers and I am having
Cornelius Koelbel wrote:
...
But I'd like to load the engine from the config file, so that I can add
the openssl command to a script.
--snip--
[ openssl_init ]
engines = engine_section
[ engine_section ]
pkcs11 = pkcs11_engine_section
[ pkcs11_engine_section ]
init= 1
Patrick Guio wrote:
...
I think there is a typo in the code snippet on the webpage
http://www.openssl.org/docs/crypto/BIO_f_base64.html#
The statement while((inlen = BIO_read(bio, inbuf, 512) 0)
should read
while((inlen = BIO_read(bio, inbuf, 512)) 0)
I've committed a fix for the underlying
Lloyd Brown wrote:
Hello all,
I'm struggling to get some openssl elliptic curve based file
digest/digital sig work done. I'm able to generate both ec and rsa keys
without a problem, and am trying to digest a file using the openssl
dgst command. However, I get something like this:
[EMAIL
Lloyd Brown wrote:
...
[EMAIL PROTECTED]:~$ openssl dgst -ecdsa-with-SHA1 -hex -sign
ec.key.prime192v2.pem -out ec.test.sig.hex.sha512 .viminfo
[EMAIL PROTECTED]:~$ openssl dgst -ecdsa-with-SHA1 -hex -verify
ec.key.prime192v2.pem.pub -signature ec.test.sig.hex.sha512 .viminfo
Error Verifying
by OpenSSL_add_all_digests etc.
Cheers,
Nils
--
Nils Larsch [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~nils/
__
OpenSSL Project http://www.openssl.org
User Support
On Wed, Oct 12, 2005, Adam Jones wrote:
I have been told that EVP_EcryptInit() is obsolete and EVP_EncryptInit_ex()
should be used instead. Can anyone confirm that?
this is correct, see:
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#NOTES
Cheers,
Nils
--
Nils Larsch
Stefan Vatev wrote:
Hello guys,
I'd like to know what's the best way to duplicate the RSA
struct. I want something like X509_dup.
The only way that come to my mind is to rsa = RSA_new() and
then for each member of rsa to BN_new and BN_dup
Any ideas will be highly appreciated.
what about:
RSA
Kent Yoder wrote:
One concern here... The solution as it is in the latest snapshot will
require apps to always call ENGINE_load_builtin_engines() before a
ENGINE_load_dynamic() should be sufficient
call to ENGINE_by_id(ID), even if ID is a shared object engine. Is
this the desired
Kent Yoder wrote:
Hi,
Calling ENGINE_by_id(anything) before making any other calls to
OpenSSL seems to cause infinite recursion in trying to load the
dynamic engine. I believe adding a call to ENGINE_load_dynamic()
before attempting to load the dynamic engine inside ENGINE_by_id()
will fix
joseph k j wrote:
...
I am using openssl-0.9.8-stable-SNAP-20050810,
BN_set_word(BIGNUM *a, unsigned long w);
what should i do if i need to set a prime whose bits exceeds that of
a long.
can some one give me a pointer to a good doc on BN.
depends on the format of the number
joseph k j wrote:
hello everyone,
I am currently using the following functions,
a = DH_new();
DH_generate_parameters_ex(a, prime_len, generator, cb );
here i see the prime generated is random, each time i call the function
it genrerates a new prime.
but how is it possible for me to
David Stutzman wrote:
I've tried a few different ./config lines and I can't seem to enable any
of the elliptic curve functionality. When I run openssl ciphers I
don't see any EC stuff. Can someone please provide a list of the things
to enable or just a whole ./config command?
you don't
David Stutzman wrote:
Nils Larsch wrote:
you don't need special config options to enable the ecc stuff,
they should be enabled by default
the ecc ssl ciphers are experimental and hence not listed unless
you explicilty specify them (there's still no rfc for tls with
ecc). Try openssl ciphers
Saber Zrelli wrote:
Hi ,
I am trying to use openssl's crypto library to encrypt packets
before transmitting them into a TCP connection.
I have some difficulties on using DES funcions.
below is the code I wrote, it compiles but core-dump occurs at line 48.
char *
Jonathon Green wrote:
Hi List,
I have a question which is partly OpenSSL specific and
partly a more general Diffie-Hellman (parameter
generation) question
The background for my problem is that I'm writing an
engine and am trying to implement the:
int (*generate_params)(DH *dh, int
Stefan Vatev wrote:
I'm struggling in compiling the openssl with the debug
option. As it's written in the INSTALL file I type in
./config -d
The last line of the output is : Configured for
debug-linux-elf, so I think it's configured well.
The error i get when I try to make it is :
/usr/bin/ld:
Rajeshwar Singh Jenwar wrote:
Hi All,
I have to read x509 certificate(in .pem format) from memory.
I have written two functions.
Fn.1
/* get X509 structure from memory. */
extern X509 *mem2x509(vchar_t *cert)
{
X509 *x509;
unsigned char *bp;
bp = (unsigned char *) cert-v;
x509 =
Alicia da Conceicao wrote:
Greetings:
The DES_ede3_cbc_encrypt() routine does not appear to properly pad
data to fill out the last block.
Consider, if the last block contains 4 bytes for the unencrypted
text test, DES_ede3_cbc_encrypt() is only padding the remaining
characters with NULL
Steffen Pankratz wrote:
On Tue, 30 Aug 2005 23:53:37 +0200
Nils Larsch [EMAIL PROTECTED] wrote:
Steffen Pankratz wrote:
...
well, if openssl is build without DES support the DES nids are not
added to the internal list of OIDs when OPENSSL_add_all_ciphers is
called, hence the OBJ_* functions
Christopher Nebergall wrote:
I've been working with some patches to curl I found on the curl mailing
list to support openssl and opensc's engine_pkcs11.
Basically it consists of
Curl 7.14 + patch which adds dynamic engine support - opensc-20050826
[engine_pkcs11.so] - soft-pkcs11 1.2
on
Steffen Pankratz wrote:
...
well, if openssl is build without DES support the DES nids are not
added to the internal list of OIDs when OPENSSL_add_all_ciphers is
called, hence the OBJ_* functions know nothing about DES.
logical
any chance to make openssl aware of -des-ecb when build without
Frédéric Donnat wrote:
Hi,
Sorry for the mistake (nothing to deal with openssl.cnf file). I was just
looking for ca.txt file.
Is it normal behavior of openssl to be able to view a certificate without
serial number using (without any error mentioned):
openssl x509 -in some_cert_without_sn.pem
Steven Reddie wrote:
Which version are you using? 0.9.8 does what I'd expect:
$ openssl ciphers AES+DES
Error in cipher list
3312:error:144020B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
match:ssl_lib.c:1167:
yep, this has been fixed in OpenSSL_0_9_7-stable and
Gaurav Kumar wrote:
i am newbie to ECC,
kindly let me know if ECC keys generated by openssl are supported by
Internet explorer / FireFox or not.
it should be noted that there's still no RFC for tls with ecc,
so everything is still very experimental.
Nils
Heinz Markgraf wrote:
Hi!
You may encrypt/decrypt using a private key (yours), or encrypt/decrypt
using the public key of another party. The latter is commonly done
when verifying signatures, though encrypting with another's public
key is a common enveloping technique.
Hm, I still don't
Matthew Julius Raibert wrote:
It also seems unusual that what appears to be a generic function call in
the bignum library is in fact a helper function for a specific
application and as such not useful for others. Writing my own prime
generator is simple enough, but perhaps BN_generate_prime
Matthew Julius Raibert wrote:
I'm working on a project for which I need to generate big primes. Along
the way I noticed that when I run BN_generate_prime() it seems to always
set the two most significant bits to one. In other words, if I ask for
a thousand 16 bit primes, I get a thousand
1 - 100 of 256 matches
Mail list logo