On Tue, May 17, 2005, Frank Buttner wrote:
When I try to compile openssl 0.9.7g with ms\mingw32 fips
I get the error:
.\ssl\ssltest.c: In function `app_verify_callback':
.\ssl\ssltest.c:1979: error: `s' undeclared (first use in this function)
.\ssl\ssltest.c:1979: error: (Each undeclared
On Sun, Apr 17, 2005, Kevin Feng wrote:
When reading the code for PEM, I found many macro is defined for construction
the Pre-Encapsulation Boundary. For example,
#define PEM_STRING_X509_REQ CERTIFICATE REQUEST
#define PEM_STRING_X509_CRL X509 CRL
My question is in which standards the
On Mon, Apr 18, 2005, Belliappa, Ashith Muddiana (STSD) wrote:
Hi All,
After the SSL Handshake, all the data is encrypted and then
transmitted between the Client and Server. I have an application
written that needs only signed messaged to be transmitted. Whether it
is possible to
On Sat, Apr 16, 2005, Philippe BOUGERET wrote:
Hello
I tried to compile openssl-0.9.7-stable-SNAP-20050416.tar.gz with Visual
Studio 2003.
That can be translated by :
Created library out32dll\libeay32.lib and object out32dll\libe
ay32.exp
crytptlib.obj :
S. Engelschall Richard Levitte Geoff Thorpe
Dr. Stephen Henson Bodo Möller
Lutz JänickeUlf Möller
Nils Larsch
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
iQEVAwUBQkCOuqLSm3vylcdZAQGRhQgAq7E1Jc+3xeFm9qQiH4IRg5+9wekLWA0M
sF5KtgNf
On Thu, Mar 17, 2005, Trent Mick wrote:
...
link /nologo /subsystem:console /machine:IA64 /opt:ref /dll
/out:out64dll\libeay64.dll /def:ms/LIBEAY64.def
@C:\DOCUME~1\trentm\LOCALS~1\Temp\nm6.tmp
LINK : fatal error LNK1104: cannot open file 'ms/LIBEAY64.def'
LINK : fatal
On Thu, Mar 17, 2005, [EMAIL PROTECTED] wrote:
Hi to all,
i have a windows MFC application, and i am in need to
call from it this set of openssl functions:
PEM_read_X509
X509_get_pubkey
PEM_read_PrivateKey
EVP_PKEY_decrypt
Now, i have downloaded the last openssl source, and
compiled
On Fri, Mar 04, 2005, Darya Mazandarany wrote:
So the way to do it would be to load the data into the cert store
manually and not use the SSL_CTX_load_verify_locations function?
Yes you call SSL_CTX_get_cert_store() then call X509_STORE_add_cert() for each
certificate you want to add.
On Fri, Mar 04, 2005, Darya Mazandarany wrote:
Hi all,
I was just wondering if there has been any discussion about introducing
a way to load certificates for validation using a memory buffer. The
company I am currently working for would like to have this and have
asked me to implement
On Mon, Feb 21, 2005, Prashant Kumar wrote:
Thank you all for your response. I tried including the
the --static flag while compiling as well as
directly calling the function ENGINE_load_ubsec. All
these methods end up calling ubsec_init which inturn
call DSO_load (and thus dlopen).
I am
On Sat, Feb 05, 2005, Philippe BOUGERET wrote:
I want to builb openssl dll for windows,
When I compile last stable openssl, I get an error
LIBEAY32.def : error LNK2001: unresolved private_BF_set_key
LIBEAY32.def : error LNK2001: unresolved private_CAST_set_key
LIBEAY32.def
On Tue, Feb 01, 2005, Rafeeq Ahmed wrote:
Thanks for ur respose
But I still not satisfied
I want the key as per RFC 2104 , http://www.faqs.org/rfcs/rfc2104.html
which suggest the key to be between 20 to 64 bytes.
Dave , is there any OpenSSL command which i can use to generate
On Fri, Jan 14, 2005, Massimiliano Pala wrote:
Hello guys,
I have a problem with X509 certificate and CRL checking.
When using the
X509_CRL_verify(crl, pkey) function (I get an error also
by using the
'openssl crl -CAfile... ' command), I get the following
Error:
On Fri, Jan 14, 2005, Przemek Michalski wrote:
Hi there,
I am trying to play with large serial numbers, however I found that the
function
ASN1_INTEGER_get() applied with the following code:
/*--*/
ASN1_INTEGER_get(X509_get_serialNumber(cert));
/*--*/
where
On Sat, Jan 15, 2005, Massimiliano Pala wrote:
Dr. Stephen Henson wrote:
[...]
Check to see if the CRL has an authority key id and if so if it matches the
subject key id of the CA you are using. If not then the problem is that the
wong CA and hence wrong public key is being used to verify
On Thu, Jan 13, 2005, Massimiliano Pala wrote:
On Thu, 13 Jan 2005 12:27:57 -
David C. Partridge [EMAIL PROTECTED]
wrote:
I just taken as an example the code from openssl, but
there is something I am doing wrong somewhere...
All I want to do is to enable ENGINE so all crypto
On Wed, Dec 22, 2004, kentlinux wrote:
 ñîîáùåíèè îò 22 Äåêàáðü 2004 00:13 Dr. Stephen Henson íàïèñàë(a):
On Tue, Dec 21, 2004, kentlinux wrote:
Hi.
I am trying to bild in some crypto algorithms to openssl-0.9.7d.
But I have a trouble - I can't understand how file
crypto/objects
On Sat, Dec 18, 2004, Marc Bevand wrote:
Ok. So, here is my question to the OpenSSL community: what algorithm
would you like to see optimized for AMD64 ? AES, SHA-1, Blowfish, RC5 ?
Speaking personally SHA-1 because it is so universal then AES.
Steve.
--
Dr Stephen N. Henson. Email,
On Thu, Dec 16, 2004, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Wed, 15 Dec 2004 19:02:28 -0800 (PST),
Marius Schilder [EMAIL PROTECTED] said:
marius_schilder Any chance a patch like this can make it into the
marius_schilder dist, eventually?
Not chance for
On Tue, Dec 14, 2004, [EMAIL PROTECTED] via RT wrote:
Do not send user questions to RT. They should be in the openssl-users mailing
list. Also don't post in HTML.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
On Sat, Dec 11, 2004, Eduardo Pérez wrote:
This patch seems to have introduced some code duplication:
It seems harmless, but still.
Thanks, I've checked this and they were the only ones I could find too. I've
committed a fix.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see
On Mon, Dec 06, 2004, Victor B. Wagner wrote:
On 2004.12.04 at 00:45:45 -0500, Geoff Thorpe wrote:
On December 3, 2004 07:30 pm, Dr. Stephen Henson wrote:
On Fri, Dec 03, 2004, Dmitry Belyavsky wrote:
On Fri, 3 Dec 2004, Dmitry Belyavsky wrote:
I have custom dynamically-loaded
On Sat, Dec 04, 2004, Alex Fishman wrote:
Here is a sample program
main()
{
SSL_library_init();
SSL_load_error_strings();
SSL_METHOD* meth = SSLv23_client_method();
SSL_CTX* ctx = SSL_CTX_new (meth);
X509_STORE* store = SSL_CTX_get_cert_store(ctx);
On Fri, Dec 03, 2004, Alex Fishman wrote:
Hello,
There seems to be a problem with X509_load_crl_file() function. It
occasionally fails on perfectly valid PEM crl files (in my case with
101 code). I traced the problem to non-reset error context. It can be
fixed by placing ERR_clear_error()
On Tue, Nov 30, 2004, Andrew Kraslavsky wrote:
Howdy,
To test the security of my proprietary HTTPS server, built with OpenSSL
library version 0.9.7d, I ran Nessus version 2.2 against it and it reported
the following alert (as issued by Nessus plug-in ID 11875, described at:
On Sat, Nov 27, 2004, prakash babu wrote:
Hello Developers,
The prime option that has been added to openssl 0.9.7e core dumps when no
argument is given.
eg) openssl prime
Memory fault(coredump)
The reason for this is BN_dec2bn in apps/prime.c function returns
On Mon, Nov 22, 2004, Thomas Wu wrote:
This patch allows the pkcs12 utility to handle empty-password PKCS#12
files created by MS even when the -passin option is used. Previously,
such files could only be imported by leaving out -passin and hitting
return at the import password prompt, which
On Thu, Nov 18, 2004, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Thu, 18 Nov 2004 01:45:54 +0100, Dr.
Stephen Henson [EMAIL PROTECTED] said:
steve On Wed, Nov 17, 2004, Richard Levitte - VMS Whacker wrote:
steve
steve However, I don't think this is a proper
On Thu, Nov 18, 2004, Nils Larsch wrote:
Dr. Stephen Henson wrote:
On Thu, Nov 18, 2004, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Thu, 18 Nov 2004
01:45:54 +0100, Dr. Stephen Henson [EMAIL PROTECTED] said:
steve On Wed, Nov 17, 2004, Richard Levitte - VMS
On Thu, Nov 18, 2004, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Thu, 18 Nov 2004 13:45:38 +0100, Dr.
Stephen Henson [EMAIL PROTECTED] said:
steve On Thu, Nov 18, 2004, Richard Levitte - VMS Whacker wrote:
steve
steve In message [EMAIL PROTECTED] on Thu, 18 Nov
On Thu, Nov 18, 2004, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Thu, 18 Nov 2004 20:14:04 +0100, Dr.
Stephen Henson [EMAIL PROTECTED] said:
steve I'll check it through more thoroughly. If you never get that
steve new error code then I agree there wont be any
On Wed, Nov 17, 2004, Richard Levitte - VMS Whacker wrote:
I'm looking through the code in crypto/x509/x509_vfy.c and
crypto/x509v3/v3_purp.c, both in the 0.9.7 branch and the main trunk,
to try to find the code that checks if the issuer certificate is a CA
certificate (i.e. is v3 and has
On Wed, Nov 17, 2004, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Wed, 17 Nov 2004 22:17:01 +0100, Dr.
Stephen Henson [EMAIL PROTECTED] said:
steve On Wed, Nov 17, 2004, Richard Levitte - VMS Whacker wrote:
steve
steve I'm looking through the code in crypto/x509
On Wed, Nov 17, 2004, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Wed, 17 Nov 2004 23:26:33 +0100, Dr.
Stephen Henson [EMAIL PROTECTED] said:
steve You should be able to get the 'verify' utility to reject such a
steve chain on the command line.
steve
steve
On Thu, Nov 04, 2004, prakash babu wrote:
Hello all,
In 0.9.7d the serial number file is created as follows
1. Create a certificate request
On Tue, Nov 09, 2004, Victor B. Wagner wrote:
On 2004.11.07 at 17:55:56 +0100, Dr. Stephen Henson wrote:
What do you mean under multiple implementations of same algorithm
Its #2 I'm referring to:
2. There are two independent eigines which implements same algorithm
with same OID
On Wed, Nov 03, 2004, Victor B. Wagner wrote:
We think that these minimal changes would allow us to add new public
key cryptography algorithms into OpenSSL without further modifications
of the OpenSSL core except the obvious addition of new OIDs into
objects.txt and the call to an engine
On Thu, Oct 28, 2004, [EMAIL PROTECTED] via RT wrote:
Preceeding the comment line in openssl.cnf with a white space fixed my
troubles. Before making this correction openssl would error out while
signing the certificate. There are no other factors that could have
contributed to this fix as
On Mon, Oct 25, 2004, Matt Pauker wrote:
Hi,
There appears to be a bug in the Win32 build: util/mkfiles.pl is missing
fips/dh in the @dirs array. The build ends up failing once it gets to
making the tests (fails on md2test I believe).
Once I added fips/dh in, the build went smoothly.
On Tue, Oct 26, 2004, TAYLOR, TIM (CONTRACTOR) wrote:
Well this could have been controlled in the certificates themselves by
including and extended key usage extension to allow client authentication or
email protection. Then a savvy browser wouldn't present the wrong certificate
type.
I
On Mon, Oct 25, 2004, TAYLOR, TIM (CONTRACTOR) wrote:
Thanks for the response, Dr Henson. I have tried taking the Root CA hash link out of
my SSLCACertificatePath and do get the correct prompt for the identity cert only,
however SSL seems to then use this list of certs for finding the
On Fri, Oct 22, 2004, Paolo Serra wrote:
Is there anyone who can tell me what do this line mean (they belongs to
/crypto/objects/objects.txt) ?
line 659 !Alias csor 2 16 840 1 101 3
line 660 !Alias nistAlgorithms csor 4
line 661 !Alias aes nistAlgorithms 1
In particular, for
On Fri, Oct 22, 2004, Paolo Serra wrote:
Hi all,
I'near to integrate my AES-CCM in openssl, but I need a little help. I've
created my file AES_CCM_encrypt (I'm sure it's ok), I saved it in
crypto/aes and
added the prototipe in crypto/aes/aes.h
Then I modified the following files:
file
On Fri, Oct 22, 2004, TAYLOR, TIM (CONTRACTOR) wrote:
I have a situation where my trusted root has two different kinds of intermediate CAs
(identity and email, say) that issue identity and email signing certificates,
respectively. I would like to only allow users to authenticate to my Apache
On Mon, Oct 18, 2004, P. George wrote:
will it _help_ guard against brute force attempts to simply replace my
server key on a daily or weekly basis?
if so, should my client app be coded to do the same? or is changing
out the server's key sufficient to this end?
If your key sizes are
On Sun, Oct 17, 2004, Ng Pheng Siong wrote:
On Sat, Oct 16, 2004 at 02:32:54PM +, Paolo Serra wrote:
crytpo/objects/obj_dat.num
crypto/objects/objects.txt
Did you modify these two files to give your new ciphers names/ids? In
0.9.7d the numbers run sequentially and the last number is
On Sun, Oct 17, 2004, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Sun, 17 Oct 2004 14:07:20 +0200, Dr. Stephen
Henson [EMAIL PROTECTED] said:
steve On Sun, Oct 17, 2004, Ng Pheng Siong wrote:
steve
steve On Sat, Oct 16, 2004 at 02:32:54PM +, Paolo Serra
On Sat, Oct 16, 2004, Paolo Serra wrote:
Hi all,
I'm trying to integrate a new cipher (aes-ccm) into the crypto lib. I want
to have the new algorithm available from every application linking the
library but we have not found where we have to add the cipher definition to
have it listed
On Fri, Oct 01, 2004, Gisle Vanem wrote:
This file has a 'explicit' struct x509_store_ctx_st member. This words is
unfortunetely a C++ reserved word in g++ 3.4.1 at least. And from a bit of
googling, has been a reserved word for more than 6 years.
I suggest we replace with
On Tue, Sep 21, 2004, [EMAIL PROTECTED] wrote:
Hallo,
With the current version of openssl when parsing the X.509 name
(d2i_X509_NAME), a problem occurs when there is a PostalAddress
sequence within the X.509 name. Below you have the openssl error traces
during the parsing.
On Thu, Sep 16, 2004, Goetz Babin-Ebell wrote:
Hi Steve,
Dr. Stephen Henson wrote:
On Wed, Sep 15, 2004, Goetz Babin-Ebell wrote:
Would something like the attached patch be acceptable ?
(please ignore versin info in the diff)
This patch also adds checking of the revokation time
On Wed, Sep 15, 2004, Goetz Babin-Ebell wrote:
Hi Steve,
Dr. Stephen Henson wrote:
On Tue, Sep 14, 2004, Goetz Babin-Ebell wrote:
I still would propose the following logic:
a) CRL is valid (regarding issuance time)
if thisUpdate = checkTime and thisUpdate = now.
b) CRL is considered
On Mon, Sep 13, 2004, Goetz Babin-Ebell wrote:
Hello folks,
ther might be a problem in X509_verify_cert() (at least 0.9.7d):
if you set a verification time and
the CRL was not yet valid at this time,
the error X509_V_ERR_CRL_NOT_YET_VALID will be generated.
(see check_crl() in
On Fri, Sep 03, 2004, Massimiliano Pala wrote:
Hello,
I want to use the OCSP routines with an HSM to provide a high number of
signed responses per second. What do I have to do in order to have
my application to use the ENGINE extension with OCSP commands/libraries ?
I have this doubt
On Mon, Aug 16, 2004, Michael Bell wrote:
Hi,
I'm experimenting with CRL serials to avoid crashes if there is a
problem with the crl number file. Actually I extracted the CRL serial as
an ASN1_OBJECT from the extension by comparing the NIDs. I also now how
to convert an ASN1_INTEGER to
On Mon, Aug 02, 2004, OpenSSL wrote:
Is there a description somewhere of what these non-blocking I/O bugs are? I'm using
0.9.6 and use non-blocking I/O (under Windows and Linux) as the principal
communications mechanism. With product release imminent, I don't want to send out
something
On Fri, Jul 30, 2004, Jim Schneider wrote:
This seems to be a rather fruitful perennial on this mailing list. Do we have
a FAQ we can add this one to?
The general consensus seems to be: Before you ask about a memory leak in the
OpenSSL libraries, try doing your complete cycle of
On Sun, Jul 25, 2004, Kai-Min Sung wrote:
Hi,
I'm attaching two patches, one implementing the CRLF fix as a flag
(BIO_FLAGS_BASE64_CRLF) to the b64 BIO and another implemented as a
new filtering BIO (BIO_TYPE_CRLF_FILTER). The latter was authored by
a coworker (Matt Pauker). These are
On Fri, Jul 23, 2004, Kai-Min Sung wrote:
Hi,
I emailed the list a couple weeks ago asking if anyone had implemented
a patch to change the EOLs in the base64 BIO code from '\n' to '\r\n'.
I went ahead and took a stab at it myself. My patch only involves
about 5 lines of changes in the
On Sat, Jul 24, 2004, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Fri, 23 Jul 2004 14:16:25 -0700, Kai-Min Sung
[EMAIL PROTECTED] said:
kaisung I'm using the base64 BIO to generate an email MIME
kaisung attachment. According to the MIME RFC, lines must be
kaisung
On Wed, Jul 07, 2004, Marquess, Steve Mr JMLFDC wrote:
On Tuesday, July 06, 2004 Dr. Stephen Henson wrote:
So you're saying just have PEM_write_bio_PrivateKey drop through to
PEM_write_bio_PKCS8PrivateKey in FIPS mode? That could work. I suppose I
could do the same substitution
On Tue, Jul 06, 2004, Marquess, Steve Mr JMLFDC wrote:
On Friday, July 02, 2004 4:52 PM Dr. Stephen Henson wrote:
OpenSSL already supports various private key formats which only use FIPS
approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one
solution is to just change
On Fri, Jul 02, 2004, Marquess, Steve Mr JMLFDC wrote:
Two related patches I posted earlier are for a FIPS specific default
ciphersuite (ssl_ciph.c) and SHA1 instead of MD5 for PEM passphrases
(pem_lib.c). Any additional feedback on those would also be greatly
appreciated; so far I've
On Fri, Jul 02, 2004, Jack Lloyd wrote:
On Fri, Jul 02, 2004 at 10:51:52PM +0200, Dr. Stephen Henson wrote:
[...]
OpenSSL already supports various private key formats which only use FIPS
approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one
solution is to just
On Wed, Jun 30, 2004, Kent Yoder wrote:
Hi,
I need to set the OAEP padding parameter for some data I need to encrypt/
decrypt in order to send to another entity who uses this parameter. It
appears that inside OpenSSL, the parameter is hard coded to NULL. (crypto/
rsa/rsa_eay.c:124
On Fri, Jun 25, 2004, Ioannis Liverezas wrote:
Hi everybody.
I want to use a DES ECB/CBC encryption/decryption hardware with openssl.
I 've already built a linux driver that writes to and reads from the device,
and also provides device control, such as setting the keys, ecb or cbc mode,
On Thu, Jun 24, 2004, Marquess, Steve Mr JMLFDC wrote:
On Wednesday, June 23, 2004 1:14 PM Dr. Stephen Henson wrote:
If you look at crypto/evp/m_sha1.c there is a definition of the EVP_MD
structure for SHA1. The fourth value (currently 0) is the 'flags' field which
would be set
On Thu, Jun 24, 2004, Ben Laurie wrote:
Dr. Stephen Henson wrote:
Well my personal perference would be to give a hard assertion error in
EVP_DigestInit_ex() and EVP_CipherInit_ex() because a non-FIPS algorithm
will
only appear in there due to an application source error.
That's
On Wed, Jun 23, 2004, Marquess, Steve Mr JMLFDC wrote:
On Tuesday, June 22, 2004 1:06 PM Dr. Stephen Henson wrote:
So far I've been pestering Ben directly, but now that we've reached
the formal submission watershed I'd like to ask for assistance of
the larger developer team. Two patches
On Wed, Jun 23, 2004, Marquess, Steve Mr JMLFDC wrote:
Note we do not need to disable all possible uses of non-FIPS
algorithms in all circumstances, just catch the typical usages on
a good faith basis.
There are all manner of potential issues which can arise when algorithms are
disabled
On Wed, Jun 23, 2004, Marquess, Steve Mr JMLFDC wrote:
There is a User Guide for FIPS mode which will be released when the
validation is complete. When we the mechanisms for disabling non-FIPS mode
are known (such as a bad return code from EVP_CipherInit) I will document
them there. Note
On Sun, May 16, 2004, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Sun, 16 May 2004 19:12:22 +0200, Andy Polyakov
[EMAIL PROTECTED] said:
appro appro Log:
appro appro size_t-fication of message digest APIs. We should size_t-fy more
appro appro APIs...
On Mon, May 03, 2004, Eleanor Nagai wrote:
Steven,
Hi!
Thanks very much for your response. I tried the -keyform option in the dgst
command but get the message unable to load key file. So I tried your
suggestion
to convert the key to pem format using:
openssl rsa -in key
On Wed, Apr 21, 2004, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Wed, 21 Apr 2004 10:37:45 -0400, Geoff Thorpe
[EMAIL PROTECTED] said:
geoff We should find where/why things spin out of control and improve
geoff the handling to either work or bail out gracefully. I
On Wed, Mar 17, 2004, [EMAIL PROTECTED] wrote:
From RFC2630:
5.4 Message Digest Calculation Process
The message digest calculation process computes a message digest on
either the content being signed or the content together with the
signed attributes. In either case, the
On Wed, Mar 17, 2004, [EMAIL PROTECTED] wrote:
from Pk7_doit.c
if ((sk != NULL) (sk_X509_ATTRIBUTE_num(sk) != 0))
{
unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
unsigned int md_len, alen;
ASN1_OCTET_STRING *digest;
ASN1_UTCTIME *sign_time;
const EVP_MD
On Wed, Mar 10, 2004, Bommareddy, Satish (Satish) wrote:
Here is what i am trying to do...
Config file has these lines:
[ CA_default ]
..
x509_extensions = usr_cert
[ usr_cert ]
basicConstraints=CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectKeyIdentifier=hash
On Thu, Mar 11, 2004, Bommareddy, Satish (Satish) wrote:
the oid is declared in the config file as
[ new_oid ]
avayaCPS=10.1.1
That is not a valid OID and it certainly doesn't belong to your organization.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL
On Mon, Feb 23, 2004, Chris Brook wrote:
Is there any support in crypto-x509(v3) for certificate policy
processing/checking as described in X.509 or PKIX? I had a quick look
through the code but did not see anything? Or is it planned since it is
required for some of the PKI compliance
On Mon, Feb 23, 2004, Lev Walkin wrote:
Dr. Stephen Henson wrote:
On Mon, Feb 23, 2004, Chris Brook wrote:
Is there any support in crypto-x509(v3) for certificate policy
processing/checking as described in X.509 or PKIX? I had a quick look
through the code but did not see anything
On Mon, Jan 26, 2004, Andy Polyakov wrote:
appro and other details I'm not aware of. I've heard
appro suggestions of creating several variants of the OpenSSL libraries that
appro would be used in parallell with the different MSVC libraries, and
appro that's where a naming convention
phrase.
Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Sat, Jan 24, 2004, S.Mehdi Sheikhalishahi wrote:
Hi All
I want to change this that when I call
PEM_read_PrivateKey to read a private key that has
been encrypted with password instead of showing me
the
prompt to enter
On Sat, Jan 24, 2004, S.Mehdi Sheikhalishahi wrote:
Hi All
I want to change this that when I call
PEM_read_PrivateKey to read a private key that has
been encrypted with password instead of showing me the
prompt to enter password I can set the password
parameter to it(function).
Means
On Wed, Jan 21, 2004, S.Mehdi Sheikhalishahi wrote:
Hi All
What's the equivalent function for PEM_read_PUBKEY in
SSLeay?
I want to read a public key but I cannot read It by
rsa = PEM_read_RSAPublicKey(fkeyfile, 0 ,0);
function .The rsa is NULL.
There isn't an equivalent: it's OpenSSL
On Wed, Jan 14, 2004, Shashank Khanvilkar wrote:
Hi,
Will really appreciate for any pointers.
I need to add some of my own proprietary crpto/MAC algorithms to
OpenSSL. (This is becuase, i need to test them with some applications
that use the existing crypto/mac with EVP API).
Is
On Mon, Dec 22, 2003, Rich Salz wrote:
RFC1421 says:
...
Two encapsulation boundaries (EB's) are defined for delimiting
encapsulated PEM messages and for distinguishing encapsulated PEM
You can't read that alone; read the previous paragraph which references
RFC 934; the boundaries
On Sat, Dec 20, 2003, Lev Walkin wrote:
Dr. Stephen Henson wrote:
Most applications wouldn't need to do that and it would be creating
something
non standard in any case.
Indeed. Hovewer, everything standard is already created, so why bother
programming at all? ;)
That's something
On Sun, Dec 21, 2003, Lev Walkin wrote:
Dr. Stephen Henson wrote:
On Sat, Dec 20, 2003, Lev Walkin wrote:
Dr. Stephen Henson wrote:
Most applications wouldn't need to do that and it would be creating
something
non standard in any case.
Indeed. Hovewer, everything standard
On Fri, Dec 19, 2003, Lev Walkin wrote:
The PEM(3) manual page specifies a way to read a certificate in PEM format
from a BIO:
=== cut ===
Although the PEM routines take several arguments in almost
all applications most of them are set to 0 or NULL.
Read a
On Sat, Dec 20, 2003, Lev Walkin wrote:
Dr. Stephen Henson wrote:
And
3. Applications shouldn't call PEM_read_bio() themselves.
Unfortunately, this is pretty much the only choice when it comes to the
ability to PEM-encode something specific to the application.
Most applications
On Sat, Dec 20, 2003, Dr. Stephen Henson wrote:
On Fri, Dec 19, 2003, Lev Walkin wrote:
The PEM(3) manual page specifies a way to read a certificate in PEM format
from a BIO:
=== cut ===
Although the PEM routines take several arguments in almost
all applications
On Thu, Dec 18, 2003, Michael Bell wrote:
Hi all,
there is a draft for a technical corrigendum of X.509.
http://www.pki-page.info/download/N12599.doc
Does somebody have an idea how to integrate the replacement of
nonRepudiation by contentCommitment seamlessly into OpenSSL? I'm a
On Thu, Dec 18, 2003, Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Thu, 18 Dec 2003 17:50:20 +0100, Dr. Stephen
Henson [EMAIL PROTECTED] said:
steve On Thu, Dec 18, 2003, Michael Bell wrote:
steve
steve Hi all,
steve
steve there is a draft for a technical
On Mon, Dec 15, 2003, Mohamad Badra wrote:
Dear,
I have a trace of SSL client/server session and the server's RSA private
key.
During the SSL session, the client encrypts a 48 bytes premastersecret
with the server public key.
I have the encrypted premastersecret coding in Base64. Must
On Mon, Dec 15, 2003, Mohamad Badra wrote:
Hello again,
In fact, I tried the base64 command (base64 -e input file) on the
hexadecimal file.
a)Firstly, the file's length increases from 256 to 349 bytes. Is it normal?
b)Secondly, the base64 takes the hexa and give me base64 format. What I
On Mon, Dec 15, 2003, Mohamad Badra wrote:
Excuse me but you didn't answer me about the format that the OpenSSL
accepts it to decrypt with RSA?
The input must be binary.
Several different padding types are supported include raw, ssl2, PKCS#1 v1.5 and
OAEP with SHA1. If you use 'rsautl' for
On Fri, Dec 05, 2003, Ben Laurie wrote:
David Schwartz wrote:
One of the applications we are working on requires us
to generate RSA key pairs at a rate of about 20-25 key
pairs/second
is there any application out there which can do this??
is using /dev/random, /etc/entropy or accelerator
On Thu, Dec 04, 2003, Bommareddy, Satish (Satish) wrote:
HI
One of the applications we are working on requires us to generate RSA key
pairs at a rate of about 20-25 key pairs/second is there any application out
there which can do this?? is using /dev/random, /etc/entropy or accelerator
On Wed, Dec 03, 2003, Dave Roberts wrote:
Hi
Within evp/evp_enc.c, function EVP_DecryptFinal_ex() it looks at the last
byte of any padding, then works backwards ensuring that all padding
characters are the same. This is, I believe, conformant to PKCS#5.
However, this doesn't allow for
On Wed, Dec 03, 2003, Matt Pauker wrote:
Hi,
I just recently moved from 0.9.7 to 0.9.7c and discovered what I think
is a bug in the base64 BIO decoding code.
When the source bio is a read-write memory bio, and has more than 1024
bytes of data to decode (in my test case it was less than
801 - 900 of 1282 matches
Mail list logo
