I'm trying to compile openssl for:
Linux, 32-bit on a 64-bit machine, shared libraries, and debug.
The closest I found was:
./Configure linux-elf -m32 -shared -g
but this still does -O3, and the optimizer doesn't work well with the
source level debugger.
Any clues for changing -O3 to -O0?
On 8/21/2012 7:17 AM, Matt Caswell wrote:
On 21 August 2012 12:00, Tarun Thakur wrote:
Output of my software application (after encryption and encoding with
any mechanism) should be of 24 bytes containing alphanumeric
characters only.
So, if I get encrypted 24 bytes from plain 24bytes, then
Is there any tutorial or other documentation on how to use the openssl
asn1 parsing C functions? That is, not the command line.
The man pages are empty. I found that the asn1parse command line
utility works, but the asn1pars.c code is completely uncommented. It
will be a chore to reverse
If you're referring to the C API, I would not depend upon binary
compatibility. There are sometimes subtle changes that will cause
failures in corner cases that you won't discover unless your regression
tests are really good.
Insight: Recompile for each openssl update, even for a letter
If the encrypted data is the same on both sides, the other potential
problem is that the key is not the same. That is, the private key
doesn't match the public key.
Try the decrypt with no padding and view the raw bytes. If you see
padding plus your data, then the padding schemes don't
On 10/10/2012 8:08 PM, Kyle Hamilton wrote:
Suggestions from my experience:
If you include the library, #1 for novices has to be:
1 - Using strlen() to get the length of encrypted data.
__
OpenSSL Project
On 9/12/2012 9:36 AM, Dr. Stephen Henson wrote:
You check each value of the returned GENERAL_NAMES structure until you find
the one you are interested in. It looks like in your case it is the type
GEN_DIRNAME which means the X509_NAME field directoryName of the union is
relevant. You can then
I've managed to parse the odd X509 certificate I received. Now I have
to create one.
It should look like the below.
X509v3 extensions:
X509v3 Subject Alternative Name: critical
DirName:/2.23.133.2.1=id:57454300/2.23.133.2.2=NPCT42x/NPCT50x/2.23.133.2.3=id:0391
In testing my regression tests, I supply a bad CA certificate to force
the verify to fail.
I use:
openssl verify -CAfile cacert.pem cert.pem
It printed this, which I expected.
error 20 at 0 depth lookup: ...
However, when my bash script checks the return code, it is still 0. I
was
I create a self signed certificate using
openssl req -new -x509 -key ... -out ... -days ...
It then prompts for the country, state, locality, etc.
Is there a way to enter that data on the command line or in a
configuration file to avoid the prompts? I tried -config and a
configuration
verify app to return what
you want) or parse the textual return of the app (which is not very
good, IMO).
2012/11/2 Ken Goldman kgold...@us.ibm.com
mailto:kgold...@us.ibm.com
In testing my regression tests, I supply a bad CA certificate to
force the verify to fail.
I use:
openssl
A typical method is to use PKCS#7 padding.
On 12/12/2012 9:07 AM, Hailei Hu wrote:
Hi, everyone!
I am testing openssl AES encrypt and decrypt using AES_cbc_encrypt.
for example, I have a file which has 10 bytes, after using
AES_cbc_encrypt, the encrypted file become 16 bytes. But when
I don't think it's documented. I pass in 0 and it works.
My notes also say that ivec is altered, so make a copy if you have to
preserve the original value.
On 1/7/2013 10:26 AM, jeetendra gangele wrote:
Hi All,
If I use the below function
void AES_ofb128_encrypt(const unsigned char *in,
Am I missing something, or is this a trick question?
For OFB, aren't they the same
On 1/7/2013 10:55 AM, jeetendra gangele wrote:
0 for encryption or decryption?
__
OpenSSL Project
On 1/7/2013 4:43 PM, Dave Thompson wrote:
(There's an official word for
this I can't remember at the moment -- self-inverse maybe?)
XOR ?
:-)
__
OpenSSL Project http://www.openssl.org
User
My experience is that you should not expect binary compatibility. Since
errors will often be in little used corner cases, it's safer to always
recompile.
Sometimes recompiling is enough. Sometimes versions are so incompatible
that you will have to port your application.
However, more
On 1/23/2013 9:51 AM, Jeffrey Walton wrote:
Binary compatibility can be tricky, and it brings up all the old
wounds of Microsoft's COM. Are you claiming there is binary
compatibility among tool vendors? For example, can I build the base
with GCC, and then build patches with ICC? How about
http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf
On 2/22/2013 2:38 AM, Ashok C wrote:
What is the current industry standard for private key lengths?
As of now, my application supports 2048 bit-wide keys.
I'm planning to support higher key lengths now, and
For the first:
- generate the RSA key
- pull n,e,d bignums out of the RSA structure
- use bn2bin to get the key parts
For the second:
- use bin2bn on n,e,d
- assign the bignums to the RSA structure
I can point you to sample code if you like.
On 3/25/2013 10:32 AM, rod_proteus wrote:
Hello.
(The answer to this seems to be 'no', but the web posts were 5-10 years
old. Perhaps there's a better answer today.)
I'm using openssl to emulate a TPM. The hardware device has an abort
feature, where the TPM driver can cancel a long command. The driver
wants to distinguish between a long
On 4/10/2013 5:14 PM, Dr. Stephen Henson wrote:
Does openssl have any elegant way to cancel an RSA key generation
that's taking too long?
At the EVP_PKEY level you can return 0 from the key generation callback to
cancel the operation. See EVP_PKEY_set_cb().
Thanks as always. But where can
I have a need to sign an X509 certificate outside openssl, using a
hardware security module.
1 - I have to first hash the certificate.
I discovered X509_digest(), which is not documented. Is it the correct
function?
I also found ASN1_item_i2d() to serialize the cert_info member, from
On 5/10/2013 5:37 AM, Cristian Thiago Moecke wrote:
You have two ways to follow.
1) To use an HSM to sign, the official way to do it is to use an
openssl engine. If your HSM does not provide an openssl engine, it
probably does provide a PKCS#11 module, and you can use the pkcs11
engine to load
On 5/10/2013 6:17 AM, Krzysztof Konopko wrote:
This could also be handled by some sort of engine that would work in two
modes:
* generate an intermediate result (hash) that can be processed (signed)
I'm looking for advice on how to do that.
at the remote site (how to get it there securely
Since I find it much easier to read the posts with NNTP, it doesn't
matter to me at all. The 'context' is in the name of the newsgroup.
What I'd like is a way to remain part of the group but not receive email
at all. I know it's technically possible, since other gmane newsgroups
work that
You cannot generate a private key from a public key.
Typically, the receiver generates the key pair and sends the public key
to the sender. The sender encrypts with the public key. The receiver
decrypts with the private key.
A typical format for sending a public key across a channel is an
The usual cause of an openssl crash is compiling and linking against two
different install version. Check that.
The usual cause of a crash on free() is a double free, followed by
freeing the wrong pointer or corrupted memory.
On 6/28/2013 1:48 AM, Rajeswari K wrote:
Hello Openssl team,
On 8/16/2013 1:51 PM, Ztatik Light wrote:
found yet another weird peculiarity...
In my full application, i need the following lines after both
encrypt_file() and decrypt_read(), otherwise i get garbage data:
char err[1024];
ERR_error_string( ERR_get_error(), err );
printf( %s\n, err );
And
The usual cause of a padding error is that the private key used to sign
does not correspond to the public key used to verify.
That is, unless you're a newbie to crypto. In that case the error is
that you're passing the length of an encrypted blob using strlen().
The way I typically debug is
On 8/19/2013 3:15 PM, mycompuser wrote:
But the only
problem that I currently face is that the key pair generated by OpenSSL has
headers and footers of the form -BEGIN RSA PUBLIC KEY- -END RSA
PUBLIC KEY- for public key likewise there is similar header and footer
for private key
I know this is a FAQ, but the answers I found all included the response
that didn't work.
openssl 1.0.1c on Linux: How do I compile and link so the debugger can
step into the openssl code?
Are there definitive instructions anywhere, or does everyone use trial
and error?
I'm using a local
I'm working through the 'openssl smime -sign' example.
1
The '-in' parameter appears to be the message, not a hash of the
message. Correct?
2
When I run the example, the PKCS7_Sign() call appears to add the entire
message to the pkcs7 DER encoded file.
Is this typical?
Can I pass in
There are a few issues here:
RSA_Verify does not return a signature. It returns a boolean pass/fail.
If reply is a hash, strlen(reply) is not the length of the hash. The
length is 20 for SHA-1.
On 10/9/2013 1:46 PM, aqueelmirza wrote:
I am using OpenSSL in iOS app to sign a message. I use
Do not encrypt with a private key. Encrypt with the public key and
decrypt with the private key.
I would extract the key parts by converting the pem format to an RSA
structure, get the BIGNUMs from the structure, and convert BIGNUM to bin.
I don't guarantee that this is the best way, but it
On 11/18/2013 11:29 AM, Robert W Weaver wrote:
owner-openssl-us...@openssl.org (Kenneth
Goldman/Watson/IBM@IBMUS) wrote on 11/18/2013 10:03:29 AM:
Do not encrypt with a private key. Encrypt with the public key and
decrypt with the private key.
Encrypt with a private key for integrity
On 1/12/2014 2:04 AM, Som M wrote:
[openssl.org http://openssl.org #3229]
Yes, I suspected the same. But even though it returns 129, I prepended
00 to the hex string and sent it as argument to to RSA_verify.
authMsgLen = RSA_size(rsa_pb);
authMsgHexStr = 00 + authMsgHexStr;
This might work in
On 1/10/2014 4:20 AM, Som M wrote:
static char evc41_lg_n[] =
It makes the response unambiguous.
If a 16 byte file was not padded, how does the receiver know whether the
file was 16 bytes or 1-15 bytes plus padding.
By having at least one byte of padding, and (in some padding schemes)
having the padding itself define the number of padding bits, one can
It makes the response unambiguous.
If a 16 byte file was not padded, how does the receiver know whether the
file was 16 bytes or 1-15 bytes plus padding.
By having at least one byte of padding, and (in some padding schemes)
having the padding itself define the number of padding bits, one can
It depends on the padding scheme.
E.g., PKCS#7 / RFC2630 pads with k bytes, all with value k. So you
decrypt the 32 bytes and look at the pad bytes. If the pad values are
16, the actual size is 16. If they're 15, the actual size is 17.
On 3/20/2012 12:04 AM, Nicle wrote:
And I have more
Sorry for the administrative questions:
I just started reading the openssl mailing list through gmane, and I
like the newsreader interface far better than the email interface. Does
anyone else use a newsreader? Two questions:
1 - Is there a way to remain 'subscribed' to the list so I'm
On 3/27/2012 1:33 PM, pkumarn wrote:
I am trying to write a sample program to do AES encryption using Openssl. I
tried going through Openssl documentation( it's a pain), could not figure
out much. I went through the code and found the API's using which i wrote a
small program as below (please
On 3/27/2012 3:51 PM, Jakob Bohm wrote:
On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote:
You should really be using EVP instead of the low level routines.
They are well documented with examples.
Where, precisely?
I didn't find it either when I was looking a few years ago, so I
settled on the
On 3/28/2012 3:01 AM, Prashanth kumar N wrote:
Here is the modified program
[snip]
18 AES_KEY ectx;
19 AES_KEY dectx;
20
21 AES_set_encrypt_key(key, 256, ectx);
22 AES_encrypt(text, out, ectx);
23
24 printf(encryp data = %s\n, out);
25
26
I agree with you in general. I assumed the OP was just experimenting.
I use the raw AES_encrypt() because the standard I'm complying to uses a
non-standard counter mode. I had to construct it from scratch.
On 3/28/2012 10:56 AM, Marek.Marcola- wrote:
If you want to use low-level AES
On 3/29/2012 1:40 AM, Prashanth kumar N wrote:
Thanks Ken for pointing out the mistake... after changing to
AES_Decrypt(), it worked but i still see issue when i print the
decrypted output as it has extra non-ascii characters in it.
That's what happens in C if you try to printf an array
On 3/29/2012 7:58 AM, Chandrasekhar wrote:
Hi ,
I am new to this openssl libraries.
You can't use strlen() on binary data, only C strings.
__
OpenSSL Project http://www.openssl.org
User
On 4/5/2012 7:46 PM, Dave Thompson wrote:
Get out of the habit of outputting 'partial' lines (not terminated by
\n) in C. Sometimes it works and sometimes it doesn't. It appears in
this case on your system it didn't. The standard requires complete
lines to work (up to possibly a reasonable
The standard answer: If this is a real security project, hire an
expert. If you design your own crypto algorithm, you will get it wrong.
If this is just for fun, to learn about openssl, CTR mode will give you
random access.
On 4/16/2012 6:41 PM, MauMau wrote:
As for Q4, yes, decrypting
On 5/8/2012 3:13 AM, Bodo Moeller wrote:
I noticed that EC_KEY (ec_key_st) is not defined in ec.h but in
ec_lcl.h which is not a public header file, not like RSA(rsa_st) in
rsa.h and DSA in dsa.h. Is that correct?
Yes, this is intentional - this intentionally prevents
On 5/8/2012 3:00 PM, Bin Lu wrote:
How do you solve the problem like the following without directly
accessing to this object:
I have one EVP_PKEY contains the ECDSA private key and another
EVP_PKEY contains the public key, and I need to determine if the
public key and the private key are the
On 5/8/2012 5:47 PM, Dr. Stephen Henson wrote:
EVP_PKEY_cmp(), see the manual page for details.
I just walked the man page starting with
http://www.openssl.org/docs/crypto/evp.html#
If it's there, it's not obvious.
__
On 5/25/2012 11:03 AM, Steffen DETTMER wrote:
I think crashing with NULL is quite good: a must-not-happen situation
leads to a defined dead of SIGSEGVs, at least for platforms supporting
that, typically with good aid for debuggin (like core files or halting
debuggers providing a backtrace).
On 5/25/2012 3:33 AM, Jakob Bohm wrote:
ANSI C and POSIX free() is NOT required to handle free(NULL)
as a NOP.
I checked reputable sources (Plauger, Harbison and Steele, the ANSI
spec, and the IEEE POSIX spec).
All agree that (e.g. ANSI)
If ptr is a null pointer, no action occurs.
On 5/25/2012 12:09 PM, Jeffrey Walton wrote:
My typical design pattern is:
void *ptr = NULL;
do stuff which may in some branches allocate the pointer
free(ptr);
This is very old, and has not evolved as security needs have changed
(forgive me if I read too much into it). For example, the
On 5/25/2012 11:41 AM, Carter Browne wrote:
That's not the normal library behavior.
My typical design pattern is:
void *ptr = NULL;
do stuff which may in some branches allocate the pointer
free(ptr);
If the library crashes on free(NULL), you're just making people like me
do this everywhere:
A typical openssl user error is treating binary data as text. Random
numbers are not text until you convert them with -hex.
My guess is that Windows is treating some binary character specially,
and this causes your version of wc to fail. Linux is handling the
binary correctly. So I doubt
I typically divide the problem in two.
Do a raw public key operation. If you see something that looks random,
then the public key doesn't match the private key used to generate the
signature, or either the public key or signature has been altered. If
it looks like padding + OID + hash, then
variable that debug mode helpfully (?) is
initializing for you.
Try this link as well:
http://www.codeproject.com/debug/releasemode.asp
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project
associated with the public key.
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
certificate, you can use it for encrypting messages
to me.
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Ken Goldman wrote:
All correct for authentication. There are times that public keys or
certificates are encrypted using a DH protocol for privacy. You might
not want a man in the middle to track where you go, and a certificate
is your identity.
That's somewhat
or is there another way?
You never distribute a private key. You distribute the public key in
the form of a certificate.
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project http
sure someone will!), but I believe that
signing should use RSA_private_decrypt().
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project http://www.openssl.org
User Support Mailing
it as the salt
call EVP_BytesToKey. I was wondering what others think of this solution.
I've seen this approach: Use the hardware random number generator HRNG
to seed a pseudorandom number generator PSRG. Use PSRG to generate
random numbers. Each n random numbers, reseed PSRG from HRNG.
--
Ken Goldman
@openssl.org'
Subject: printing encrypted strings
Hi,
I am trying to store encrypted data into an ascii file.
The encrypted output appears to be in a binary format.
Are there SSL functions I should use to convert to an ascii format before
moving it to the file?
--
Ken Goldman [EMAIL
it is on be that a hard drive, tape, or
optical disk is encrypted. For our system that is best done by
encrypting each file on a file by file basis. Our design team is
looking to use AES-128 in CBC, and a pass phrase protected key.
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
Does bin2bn() assumes all positive numbers?
That is, the most significant bit of 'bin' == 1 doesn't indicate a
negative value, right?
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project
Is there documentation for the AES API?
I seem to have the include files, and the functions are in the
library. But I can't find the man pages on the openSSL web site.
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
Is there some reason that the MGF1 function is not exposed?
In the Unix port, one can simply create a prototype and use the
function. However, Windows requires explicit export. So unless I
rebuild openSSL for Windows, I can't get to the function.
--
Ken Goldman [EMAIL PROTECTED] 914-784
, line, data, flags);
printf(error %08lx file %s line %d data %s flags %08x\n,
error, file, line, data, flags);
}
return EXIT_SUCCESS;
}
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL
I've found HTML versions of the openSSL man pages on the web,
including at the openSSL site itself.
Is there a place to download all the HTML, so I can access it off
line?
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
compile and link from
emacs.
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List
From: Gisle Vanem [EMAIL PROTECTED]
Date: Wed, 28 Jul 2004 20:45:38 +0200
Ken Goldman [EMAIL PROTECTED] said:
Note that both the makefile and nmake.exe are MS proprietary. You
can't use standard makefiles with nmake, and you can't use the MS
makefiles with a standard make.exe like
in the body of your email message:
unsubscribe openssl-users
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
lengths are, where the
function will never write past the end of the buffer? Intuitively,
I'd guess 8 byte chunks. But is there anything more official?
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project
you impersonate anyone - my
bank, broker, etc.
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL
terralogic.net. So he can prove that he's
himself, but he can't impersonate you.
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
?
--
Ken Goldman [EMAIL PROTECTED] 914-784-7646
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
On 5/20/2014 7:24 AM, Ben Laurie wrote:
There is already a strndup replacement: BUF_strndup(). Switching to
use that would be better.
However
- if that function points to strndup, don't you still have the problem
if strndup doesn't exist?
- if that function is a reimplementation of
It's logical to me.
If the tool chain has a strndup, use it. If it doesn't, here it is.
There won't be a namespace clash if the function doesn't exist.
On 5/20/2014 8:14 AM, Michael Wojcik wrote:
External symbols beginning with str are reserved to the library by
the C standard (ISO 9899-1999
openssl comes with config and Configure. The INSTALL doc implies that
they are equivalent. When would I use one vs. the other?
Specifically, I'm compiling 32-bit on a 64-bit machine. My notes say:
./Configure linux-generic32 -shared -m32
Does that look correct?
On 10/10/2014 2:27 AM, Zihan, Sheldon Liu wrote:
What's the right way to make a RSA public key from two BIGNUM n
(modulus) and e (public exponent)?
RSA* pubKeyRSA = RSA_new();
pubKeyRSA-n = n;
pubKeyRSA-e = e;
This way seems working. But I didn't find it is documented anywhere.
Is there a
On 12/3/2014 9:41 AM, T K wrote:
Is there any other way to download binaries for Win32/64?
http://slproweb.com/products/Win32OpenSSL.html
__
OpenSSL Project http://www.openssl.org
User Support
Version 1.1.0 will (moderately) break source compatibility (for example we will
make most structures opaque etc).
I as a user, I have two points of concern
1 - Will the RSA structure be opaque? I have a continuing need to
construct an RSA structure from binary arrays of public and private
On 12/24/2014 4:35 PM, Salz, Rich wrote:
1 - Will the RSA structure be opaque? I have a continuing need to construct
an RSA structure from binary arrays of public and private key parts and vice
versa.
Will I lose that?
Maybe. Proposing new constructors that met your needs is probably a good
On 12/24/2014 5:46 PM, Jeffrey Walton wrote:
Here's another counterpoint: when those structures are made opaque,
that means we have to go to the memory manager for a struct that could
otherwise be stack based. And we have to free it. That can slow things
down considerably.
My intuition says
I would like to use the Shining Light precompiled openssl binaries
within Visual Studio.
I can dynamic link with gcc and the libraries in OpenSSL/lib/MinGW
I can static link with VS and the libraries in OpenSSL/lib/VC/static
When I dynamic link with VS and the libraries in OpenSSL/lib/VC, it
On 3/11/2015 1:39 PM, Serj Rakitov wrote:
11.03.2015, 20:22, Ken Goldman kgold...@us.ibm.com:
I would like to use the Shining Light precompiled openssl binaries
within Visual Studio.
I think you must simply build static or dynamic libraries(as you need) with
Visual C++ yourself
I don't know trousers very well, but there is a mailing list
specifically for it.
trousers supports the software TPM from
http://sourceforge.net/projects/ibmswtpm/
If you run with that, it traces the TPM operation in detail. Send me
the trace and I can probably tell you what's
On 7/31/2015 10:37 AM, Salz, Rich wrote:
Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some
more details.
Summary: Moving to Apache 2, CLA’s coming, it will take time.
This is great news. Do you have any sense of this will permit linking
with GPL code? Is that implicit
On 7/21/2015 6:20 PM, Jeffrey Walton wrote:
For the stragglers, I don't think its a stretch to ask C99 in 2015.
Visual Studio is often used on Windows, and it is not C99.
___
openssl-users mailing list
To unsubscribe:
It may be correct in this case, but simple matter of can sometimes
mask a real problem. If the function expected the value to be set
earlier, but the analysis tool finds a path where it's not set, there
could be a more real bug.
Is zero the right value? Why not, 1, -1, or 42?
=0 may be
My application receives an X509 certificate string in PEM format
(separators and base64 encoded certificate) with no newlines.
PEM_read_bio_X509() fails because of the missing newlines.
I can write some preprocessing code to add newlines every 72 characters
when writing the BIO.
I also
How can I programmatically get the Subject Key Identifier as a byte
array from an X509 certificate.
(Just to show that I tried before posting)
I would like the output as a byte array, not text, so tracing the
X509_print_fp() gave clues but not an answer.
I have the general sense that it's
ternal format. Yet, the input "subject" is an X509*, the
internal format.
3 - Are these calls documented? They're not in my usual starting point
https://www.openssl.org/docs/man1.0.1/crypto/
nor are they on the X509 page.
On 9/22/2015 1:25 AM, Viktor Dukhovni wrote:
On Mon, Sep 2
On 1/1/2016 4:29 AM, Sugumar wrote:
Hi,
I have a RSA Public key as string type.
I need to convert this string to PEM file. Please help me to create PEM file
from string type.
Convert the string to a binary array.
Convert the array n and e to bignum
*bn = BN_bin2bn(bin, bytes, *bn);
Meta-comment: The documentation is very thin on when objects should or
should not be freed. The application developer is forced to chose
between [don't free, leak memory] and [free, access freed memory].
~~
1 - The documentation here says this API is available, but I don't see
it in either
On 12/18/2015 1:00 AM, Alex william wrote:
I receive this error message:
segfault at efe000 ip 7ffb571e479c sp 7ffced00dcf0 error 4 in
libcrypto.so.1.0.0[7ffb57166000+1cb000]
And the collector stops immediately.
Has anyone encountered this error or can someone help please?
In my
Just one opinion: If your attacker can replace the libraries, they have
root access. They can hook into the keyboard, replace your application,
etc. If they have root access, you've already lost.
OTOH, static link means that your application won't automatically get
security updates.
On
1 - 100 of 207 matches
Mail list logo