Here's one way to do it:
BIO *mbio = BIO_new(BIO_s_mem());
PEM_write_bio_X509(mbio, cert);
len = BIO_read(mbio, temp_text, MAX_SIZE);
if (len0) temp_text[len]=0;
BIO_free(mbio);
-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of dE
Sent: Sunday,
Which downstream BIO do you use? (SSL_set_bio)
Try to set ssl-d1-mtu directly, and override the downstream BIO's ctrl
function:
BIO_CTRL_DGRAM_QUERY_MTU - return the starting MTU
BIO_CTRL_DGRAM_GET_FALLBACK_MTU - return some value smaller than the current
MTU.
Yerracs,
You need a pair-wise consistency test for RSA encrypt/decrypt. See FIPS 140-2
section 4.9.2.
--Yair
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of yerracs
Sent: Thursday, March 01, 2012 08:50
To:
If you need a working CTR_DRBG implementation compliant with SP 800-90, I can
recommend Henric Jungheim's code found at http://henric.info/random/ ; attached
is a quick adaptation for OpenSSL.
It passes NIST's test vectors
The RNG in openssl-fips-1.2 is compliant with ANS X9.31, therefore it is OK for
use through 2015 (although deprecated in the language of SP 800-131).
Adding a SP 800-90 RNG (sorry, RBG) to OpenSSL isn't too hard, given that
there's an open-source implementation which passes NIST's test vectors;
Sitanshu,
To implement SHA1 in an ENGINE, create your own init/update/final functions and
put them in an EVP_MD structure.
write a function which returns the supported NIDs (e.g. NID_sha1), and then
call ENGINE_set_digests() before ENGINE_add().
From: [EMAIL PROTECTED] [mailto:[EMAIL
Hi Gaurav,
OpenSSL adds the system time to the entropy pool every now and then, but the
real seed should be set by the user, via RAND_add().
--Yair
From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of Gaurav Nagare [EMAIL
PROTECTED]
Sent: Thursday, February
Sorry, I don't think that breaks any const rules.
See explanation and example in ISO/IEC 14882 section 7.1.5.1.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, January 30, 2008 3:59 PM
To: openssl-dev@openssl.org
To: openssl-dev@openssl.org
Subject: Re: memory corruption after usin BN_mod_inverse
Hi, Yair Elharrar!
Sorry, I don't think that breaks any const rules.
See explanation and example in ISO/IEC 14882 section 7.1.5.1.
First of all, OpenSSL was written in C, so ISO/IEC 14882 is not a
subject
Hello Gabor,
Try SSL_get_certificate().
Note, however, that having an SSL object does not necessarily mean you have a
certificate.
Yair
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, January 15, 2008 3:30 PM
-SNAP-devel/crypto/rand/rand_fips186.c2008-01-15
11:36:04.0 +0200
@@ -0,0 +1,253 @@
+/* FIPS 186-2 random number generator
+ * by Yair Elharrar, Jan 2008
+ *
+ * Adapted from FIPS186-2 at
http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
+ *
+ * Usage
:04.0 +0200
@@ -0,0 +1,253 @@
+/* FIPS 186-2 random number generator
+ * by Yair Elharrar, Jan 2008
+ *
+ * Adapted from FIPS186-2 at
http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
+ *
+ * Usage: RAND_set_rand_method(RAND_FIPS186()), followed by RAND_cleanup
It's a length thing. CFB1 expects the length in bits, not bytes.
If you multiply the length by 8 inside crypto/aes/aes_cfb.c AES_cfb1_encrypt,
it works fine.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of RenYiqun
Sent: Tuesday, November 13, 2007 7:01 AM
Hi David,
To generate a static report from Coverity, run cov-format-errors.
This command generates a set of HTML pages which contain all the issues
found in the last run.
Yair
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Hartman
Sent:
Title: Message
Hi,
Suppose I have
several active threads handling various secure connections.
Each thread has its
own SSL_CTX, SSLs, pkey objects etc.
Should I
implementthe locking
callbacks?
In other words: Does
anything in OpenSSL require atomic write access to globally-shared objects
diff -ur openssl-0.9.8-stable-SNAP-20050720\crypto\asn1\a_bitstr.c
openssl-0.9.8-mod\crypto\asn1\a_bitstr.c
--- openssl-0.9.8-stable-SNAP-20050720\crypto\asn1\a_bitstr.c Tue Apr 26
21:53:12 2005
+++ openssl-0.9.8-mod\crypto\asn1\a_bitstr.c Wed Jul 20 14:59:40 2005
@@ -183,9 +183,9 @@
iv= ~v;
Yep, that's the only place.
I hate DCC too...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard
Levitte via RT
Sent: Wednesday, June 22, 2005 5:46 PM
To: Yair Elharrar
Cc: openssl-dev@openssl.org
Subject: [openssl.org #1122] [PATCH] ssl_lib.c
Diab Data DCC compiler chokes on ssl_lib.c. Here's a patch.
diff -ur ssl\ssl_lib.c modssl\ssl_lib.c
--- ssl\ssl_lib.c Fri Jun 10 23:05:38 2005
+++ modssl\ssl_lib.c Mon Jun 20 09:34:20 2005
@@ -2396,7 +2396,7 @@
ssl-info_callback=cb;
}
-void (*SSL_get_info_callback(const SSL *ssl))(const
Hello,
This is a new feature proposal for BIO_f_buffer.
The current implementation allows the user to write some data to the
buffer, and then flush it to the underlying BIO, using the BIO_flush
call.
A similar mechanism would be helpful for the receiving side: fill the
buffer with some data from
19 matches
Mail list logo