A problem that I have with apps/req.c is that it is hardly a good reference
for how to use the API calls.
I think, ideally, that all of openssl.cnf should be entirely an artifact of
the apps, but there are (still, I think) things that can only by constructing
some openssl.cnf configuration and
On 12/22/2021 1:33 PM, Philip Prindeville wrote:
> Should supporting openssl.cnf be part of the library API, or
> externally handled in the command-line utility where it then passes in
> the values extracted from that file?
I don't know how openssl.cnf factors into CSR creation with existing
> On Dec 22, 2021, at 2:18 PM, Jordan Brown
> wrote:
>
> On 12/22/2021 11:45 AM, David von Oheimb wrote:
>> Yet beware that a general-purpose library function that has (at least) the
>> flexibility offered by that app would need a non-trivial set of parameters.
>>
>
> I suspect that it
On 12/22/2021 11:45 AM, David von Oheimb wrote:
>
> Yet beware that a general-purpose library function that has (at least)
> the flexibility offered by that app would need a non-trivial set of
> parameters.
>
I suspect that it would end up looking a lot like the existing API.
There might be a
@Philip,
it should not be hard to copy the core code from apps/req.c and cut out
all parts not needed for generating a PKCS#10 CSR (including its
self-signature).
Yet beware that a general-purpose library function that has (at least)
the flexibility offered by that app would need a
@Philip,
it should not be hard to copy the core code from apps/req.c and cut out
all parts not needed for generating a PKCS#10 CSR (including its
self-signature).
Yet beware that a general-purpose library function that has (at least)
the flexibility offered by that app would need a
> However, is crypto library thread-safe?
Check out this blog entry:
https://www.openssl.org/blog/blog/2017/02/21/threads/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi guys,
I want to use some ciphers such as RSA, DES in my application provided by
crypto library.
However, is crypto library thread-safe?
Thanks,
Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux
--
openssl-users mailing list
To unsubscribe: https
contacts
who can
help you get the Toolkit.
Thanks
Ravichandra
On Tue, Jan 28, 2014 at 6:45 PM, Chinmaya Dwibedy ckdwib...@yahoo.com wrote:
Hi,
The Diffe Hellman exchange consists of CPU-intensive
operations like key-pair generation and shared-secret generation. The Octeon
Core Crypto Library
Hi,
The Diffe Hellman exchange consists of CPU-intensive
operations like key-pair generation and shared-secret generation. The Octeon
Core Crypto Library provides API's on Octeon for Crypto acceleration. The
following functions (provided by the Cavium) to perform the Diffie-Hellman
Operations
.
Thanks
Ravichandra
On Tue, Jan 28, 2014 at 6:45 PM, Chinmaya Dwibedy ckdwib...@yahoo.comwrote:
Hi,
The Diffe Hellman exchange consists of CPU-intensive operations like
key-pair generation and shared-secret generation. The Octeon Core Crypto
Library provides API's on Octeon for Crypto
Hi,
Does any version of openssl crypto library ( one for RNG) has complaint with
the requirement of NIST SP800-90?
Plz let me know. I couldnt get any info on this from docs.
-Nikitha
Hello,
Looking at test/evp_test.c and the test data test/evptests.txt for
encryption/decryption, I don't understand how the initialisation vector
('iv' variable) is used.
The test data in evptests.txt is expressed as Hex strings which are then
translated to bit patterns before use:
Should the caller specify an empty ivec (to the correct length) in this case
or am I missing something?
I think so too.
If you always initialise the IVEC to NUL bytes,
and use the same key to encrypt lots of small packets,
it becomes easier to crack the key.
If you use some variable data that
hi,
i am currently using openssl 0.9.8l. i am trying to build it on Windows
AMD platform. i am getting missing symbol issue while building static crypto
library in FIPS mode.
if i build openssl 0.9.8l in non fips mode (i.e without passing fips
--fipslibdir to Configure )
i get the below
Hello,
Is there a programmatic way to give a list of available cypher names (eg
AES-128-ECB...)?
i.e a list of the names that could be supplied to EVP_get_cipherbyname().
Thanks,
Bob Doncaster
--
On Thu 18/02/10 3:31 PM , Robert Doncaster b...@edp.co.uk sent:
Hello,
Is there a programmatic way to give a list of available cypher names (eg
AES-128-ECB...)?
i.e a list of the names that could be supplied to EVP_get_cipherbyname().
the openssl enc.c example shows a function which
On Thu, Feb 18, 2010, carlyo...@keycomm.co.uk wrote:
On Thu 18/02/10 3:31 PM , Robert Doncaster b...@edp.co.uk sent:
Hello,
Is there a programmatic way to give a list of available cypher names (eg
AES-128-ECB...)?
i.e a list of the names that could be supplied to
Hi,
I'm developing a security product and in the process of selecting the crypto
library.
Can anyone please answer the following queries.
1. Does openssl crypto library supports scatter/gather I/O. The requirement
is to pass bsdnet mbuf cluster to the openssl crypto library for
encryption
used for encryption and decryption
on windows.
For e.g.
CryptDecrypt uses parameters:
hkey ---key to use for the decryption.
hHash --- Hash handle MD5 or SHA1.
dwFlag-For padding
pbData --- Data to decrypt.
pdwDatalength -- Size of data to decrypt.
Can this be possible using Crypto
parameters:
hkey ---key to use for the decryption.
hHash --- Hash handle MD5 or SHA1.
dwFlag-For padding
pbData --- Data to decrypt.
pdwDatalength -- Size of data to decrypt.
Can this be possible using Crypto Library?
Which Crypto Api's in Linux uses key, MD5 or SHA1 and padding to
decrypt
for the decryption.
hHash --- Hash handle MD5 or SHA1.
dwFlag-For padding
pbData --- Data to decrypt.
pdwDatalength -- Size of data to decrypt.
Can this be possible using Crypto Library?
Which Crypto Api's in Linux uses key, MD5 or SHA1 and padding to
decrypt and encrypt the data?
Thanks
...@openssl.orgwrote:
On Wed, Sep 09, 2009, deiva shanmugam wrote:
Hi,
We are planning to make use of openssl crypto library in multithreaded
environment.
We call OpenSSL_add_all_algorithms() before creating threads and will
create
BIO, EVP_KEY, SHA256 , SHA1 and RSA object in each thread
On Thu, Sep 10, 2009, deiva shanmugam wrote:
Hi,
Thanks for the response, steve.
So, irrepective of creating the openssl object per thread or globally for
all threads, callback functions should be implemented to make the
application thread safe?
Yes: the error queue requires it and
We are planning to make use of openssl crypto library in
multithreaded environment.
We found in the openssl website that
OpenSSL can safely be used in multi-threaded applications
provided that at least two callback functions are set,
locking_function and threadid_func. And from FAQ
On Thu, Sep 10, 2009 at 6:29 AM, Mark 2d3ww4...@sneakemail.com wrote:
I am always very concerned when I read questions like this. The
documentation says to implement the callbacks. Therefore you must
do so.
No offense, but that's what the mailing list is for. Granted, a
search might have
On Thu, Sep 10, 2009 at 6:29 AM, Mark
2d3ww4...@sneakemail.com wrote:
I am always very concerned when I read questions like this. The
documentation says to implement the callbacks. Therefore you must
do so.
No offense, but that's what the mailing list is for. Granted, a
search
No offense, but I disagree. This list is for questions specific to OpenSSL
programming, not for questions like should I do what the documentation says.
Asking such a question shows a fundamental misunderstanding on correct
programming
techniques. Unfortunately this is all too common IME.
(OT)
* Mark wrote on Thu, Sep 10, 2009 at 15:54 +0100:
No offense, but that's what the mailing list is for.
Granted, a search might have yielded the answer as well...
but if anything, the question should make you feel good
because it's one mess you won't be cleaning up.
No offense, but
Hi,
We are planning to make use of openssl crypto library in multithreaded
environment.
We call OpenSSL_add_all_algorithms() before creating threads and will create
BIO, EVP_KEY, SHA256 , SHA1 and RSA object in each thread and makes use of
the following functions:
SHA1_Init
On Wed, Sep 09, 2009, deiva shanmugam wrote:
Hi,
We are planning to make use of openssl crypto library in multithreaded
environment.
We call OpenSSL_add_all_algorithms() before creating threads and will create
BIO, EVP_KEY, SHA256 , SHA1 and RSA object in each thread and makes use
-Original Message-
From: Richard Levitte [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 12, 2008 7:21 PM
To: openssl-users@openssl.org; Xu, Qiang (FXSGSC)
Subject: Re: crypto library in openssl
You're doing three mistakes:
1. you're assuming the EVP routines treat your data
-Original Message-
From: Richard Levitte [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 12, 2008 7:21 PM
To: openssl-users@openssl.org; Xu, Qiang (FXSGSC)
Subject: Re: crypto library in openssl
Note: openssl-dev is inappropriate, as it is meant for the
_development_ _of_ OpenSSL
-Original Message-
From: Richard Levitte [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 12, 2008 7:21 PM
To: openssl-users@openssl.org; Xu, Qiang (FXSGSC)
Subject: Re: crypto library in openssl
You're doing three mistakes:
1. you're assuming the EVP routines treat your data
Hi, all:
I come across a problem in using crypto library in OpenSSL.
We are using EVP_DecryptInit(), EVP_DecryptUpdate(), and EVP_DecryptFinal() to
do the decryption of the user's password after the user logs in. However, I
just found when the user's password is $elkins02, the decrypted string
Qiang.Xu Here, the decrypted byte array is re-arranged into a character string
representing the decrypted string. As far as I can see, EVP_DecryptInit(),
EVP_DecryptUpdate(), and EVP_DecryptFinal() are all library functions in
OpenSSL (in crypto library
).
To simulate this process I would like to get:
the HMAC code followed by Encryption code, i mean:
the code has four inputs: MAC key, Encryption key, IV if necessary and Data.
the one output : (MAC and Data) encrypted
I would like to ask whether it is possible to use crypto library
.
Jerome K. Jerome
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Monday, March 20, 2006 4:28 PM
To: openssl-users@openssl.org
Subject: Re: Crypto Library question
Hello
The code compiles and links. Using it, however
Title: Crypto Library question
I am attempting to write code to utilize the crypto(3) library that comes with openssl. Specifically, I am using these functions
OpenSSL_add_all_digests();
md = EVP_get_digestbyname(dgst);
EVP_DigestInit_ex(mdctx, md, NULL);
EVP_DigestInit(mdctx, md
Hello
The code compiles and links. Using it, however, produces different
results than using
echo some string | openssl dgst -md5
Echo command adds new line characters.
Try someting like echo -n on linux or \c on hpux
to disable this.
Best regards,
--
Marek Marcola [EMAIL PROTECTED]
I tried your code and I had a suspicion that using the
*_ex() functions along with *() functions can cause
trouble. Which is what has happened in your case.
Here is the correct code for your reference. You are
supposed to stick to either Init_ex() , Final_ex()
functions or Init() ,Final()
On Mon, Mar 20, 2006, Friedline, Harold wrote:
I am attempting to write code to utilize the crypto(3) library that
comes with openssl. Specifically, I am using these functions
OpenSSL_add_all_digests();
md = EVP_get_digestbyname(dgst);
EVP_DigestInit_ex(mdctx, md, NULL);
On Wed, Jun 02, 2004, Thomas Schuerger wrote:
Hi,
I have problems using the RSA_private_decrypt() function of the crypto
library in parallel with *the same* (RSA *) structure. When using a
single thread, decryption works flawlessly, when using two or more
threads in parallel
Can I force this precalculation (caching) to take place after creating
an RSA structure and before multiple threads use it (without doing an
actual dummy-decryption)? If yes, would this suffice to avoid the race
condition so that no locking is required?
Why would you go out of your
Why would you go out of your way to create fragile code when you
could fix
this the right way in three or four minutes?
If you don't use a thread per request model, it's a lot more than
three or four minutes.
I don't see why you think that is. None of my code uses a 'thread per
Hi,
I have problems using the RSA_private_decrypt() function of the crypto
library in parallel with *the same* (RSA *) structure. When using a
single thread, decryption works flawlessly, when using two or more
threads in parallel, decryption mostly fails with PKCS errors.
I thought the RSA
On Fri, May 28, 2004, Thomas Schuerger wrote:
Hi,
I have problems using the RSA_private_decrypt() function of the crypto
library in parallel with *the same* (RSA *) structure. When using a
single thread, decryption works flawlessly, when using two or more
threads in parallel, decryption
On Fri, May 28, 2004, Thomas Schuerger wrote:
I have problems using the RSA_private_decrypt() function of the crypto
library in parallel with *the same* (RSA *) structure. When using a
single thread, decryption works flawlessly, when using two or more
threads in parallel, decryption
Dear Chris,
authentication methods and protocols were researched for years.
The method described is an easy one and probably could be implemented fast.
However, one better start from requirements before any coding.
For example: server is not authenticated here so man-in-the-middle
is allowed by
Hello Vadim!
On Mon, 2004-02-16 at 21:28, Vadim Fedukovich wrote:
Dear Chris,
authentication methods and protocols were researched for years.
The method described is an easy one and probably could be implemented fast.
However, one better start from requirements before any coding.
For
Chris Nolan wrote:
1. Using a certificate that contains the client's public encryption key,
send a PKCS7 message to the client.
2. Get the client to send me a hash of the decrypted content.
The problem is, wrapping my head around what to call and in what order
on the server side. The man pages are
On Mon, Feb 16, 2004 at 10:40:36PM +1100, Chris Nolan wrote:
Hello Vadim!
On Mon, 2004-02-16 at 21:28, Vadim Fedukovich wrote:
Dear Chris,
authentication methods and protocols were researched for years.
The method described is an easy one and probably could be implemented fast.
Hi all,
I'm working on building a client-server setup for an application
involving Smartcards. I have a library for Smartcard access on the
Windows side and was hoping to do the following for authentication:
1. Using a certificate that contains the client's public encryption key,
send a PKCS7
, William Korbe III wrote:
Hello,
I have been trying to decrypt the client pre master secret sent in a SSL
handshake using the server's private key with OpenSSL's Crypto library. But
RSA_private_decrypt() always returns -1!
I have set up a test apache2 server with modssl and have generated
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Ballou
Sent: Friday, October 31, 2003 4:45 PM
To: [EMAIL PROTECTED]
Subject: Re: RSA Decryption with OpenSSL Crypto Library
The length of 258 bytes is very curious. If the server's key length is 2048
bits
i think that by default OpenSSL is installed in /usr/local/ssl, so
libcrypto.a is in /usr/local/ssl/lib.
you probably would want to do:
./config --prefix=/usr/local
now libcrypto will be installed in /usr/local/bin and openssl executable
in /usr/local/bin
may be this was the problem.
hth.
. These particular algorithms must be available in a
library somewhere.
Does the SSL libraries (more importatn, the crypto library) supply such a
thing? If so, where can I read about it and learn how to use it?
Thanks in advance for looking at this.
Scott
Hello all,
I want to compile an executable that will only support
EDH-DSS-DES-CBC3-SHA. I tried configuring with these options: no-idea
no-rsa no-cast no-bf no-rc4 no-rc5 no-rc2 no-des but when I go to compile I
get errors in evp.h because a union is defined and it is empty because of
the
Dear All,
Thousand thanks for your help. I really appreciate that. Your help really
means a lot to me...
Now, the problem is about the VC setting,
I am not sure how to set the directory settings for the project
For example, I copied all the files from the
Title: ??: Please Help: Crypto library with Visual C++
i think all necessary files for your application is as follows:
openssl-0.9.6a/out32dll/ : ssleay32.dll libeay32.dll
ssleay32.lib libeay32.rls
openssl-0.9.6a/inc32/openssl - this directory contains all head files needed
you
Title: ??: Please Help: Crypto library with Visual C++
thousand thanks for your help :D
it
helps a lot and it works fine now...
Now,
pls. one more thing,
I
tried to decode a Base64 encoded string into
the
string is (for example)
:KljL0/zpzt8Y
Title: ??: Please Help: Crypto library with Visual C++
u can
follow this link: http://www.openssl.org/docs/crypto/BIO_f_base64.html#
--: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] Jordan C N
Chong: 2001910 18:04:
[EMAIL PROTECTED]: RE: Please Help: Crypto library
Title: ??: Please Help: Crypto library with Visual C++
Dear
Yong Yue
I am
sorry to bother you again. The description is clear enough on the URL you gave
me.
However, I looked at the BIO explanation on http://www.columbia.edu/~ariel/ssleay/bio.html
I am
not sure how to read in some data
Title: ??: Please Help: Crypto library with Visual C++
oh
nothing do not be nervous
i think
if you want to read data from a file
first you
must construct a
BIO * mbio = BIO_new_file(filename , "rb") object
then build another BIO* b64 =BIO_new(BIO_f_base64());
then mbio
From: imran badr [EMAIL PROTECTED]
imran.badr I donot see AES support in the crypto library. Are we
imran.badr going to have that soon ?
It's in the development source, called Rijndael.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T
I donot see AES support in the crypto library. Are we going to have that
soon ?
Thanks,
Imran Badr.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL
Hi,
We were thinking of using parts of the crypto libary of openssl in our
product.
Is anybody have some experience porting to vxWorks ? Is there any place,
where we get the commercial support for this ?
I would appreciate your suggestions.
Thanks
/Murali
begin:vcard
n:Ganga;Muralidhar
if you want some consulting help, I'd be interested in talking
to you.
At 10:16 AM 1/18/01 -0800, you wrote:
Hi,
We were thinking of using parts of the crypto libary of openssl in our
product.
Is anybody have some experience porting to vxWorks ? Is there any place,
where we get the commercial
: Wednesday, January 17, 2001 9:51 AM
To: [EMAIL PROTECTED]
Subject: Security algorithms in crypto library
Hi,
We are building a broadband wireless equipment and we are looking for
following algorithms:
I would appreicate someone helps me out to verifying these algorithms
are present in openSSL
crypto
oh god I didn't mean that to go to the list. excuse me!
At 01:01 PM 1/18/01 -0800, you wrote:
if you want ...
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
the SHA1_Update function in OpenSSL to
something else - lots of files to update. Or link the OpenSSL crypto library
using -Wl,-Bsymbolic option. This should prevent the unix loader from resolving
calls from crypto library to netscape httpd's code (which in my opinion is a
really strange
as the OpenSSL SHA1_Update.
Because you hardly have access to netscape's source code, you have to bend
over and rename the SHA1_Update function in OpenSSL to something else -
lots of files to update. Or link the OpenSSL crypto library using -Wl,-
Bsymbolic option. This should prevent the unix loader
Thanks go to Jussi and Michael for pointing out the
linker issue :)
We're having a
really strange problem with the openssl crypto library -- it keeps segfaulting
down in SHA1_Update when called from an NSAPI plugin (running in NES 3.6).
I've tried building
the library with optimizations off and all that fun stuff, and have run the test
suite which
"Steve Bazyl" [EMAIL PROTECTED] writes:
[1 text/plain; iso-8859-1 (7bit)]
We're having a really strange problem with the openssl crypto library -- it
keeps segfaulting down in SHA1_Update when called from an NSAPI plugin
(running in NES 3.6).
I've tried building t
BazylSent: Tuesday, June 13, 2000 7:41
PMTo: [EMAIL PROTECTED]Subject: segfault when
using crypto library inside netscape plugin (Solaris
2.6/Sparc/openssl-0.9.5a)
We're having a
really strange problem with the openssl crypto library -- it keeps segfaulting
down in SHA1_Update when
I'm new to OpenSSL, but would like to use the crypto library it in a SSL
filter. I searched documentation about it, but didn't find anything. Do
someone a documentation, even a short one ? Thanks !
Nicolas
__
OpenSSL Project
77 matches
Mail list logo