> I think part of my problem is that EVP_BytesToKey only returns a 16 byte key.
You will probably need to duplicate Crypt-CBC-2.30's algorithm for
creating or deriving the key. Blowfish uses a variable length key
(some hand waiving) [1], so there should be no algorithm to duplicate.
Use the 56 byte
On Wed, Oct 6, 2010 at 8:45 PM, Darryl Miles
wrote:
>>>
>>> [SNIP]
>
>> Oh, and stdint.h is not available with all compilers!
>
> Isn't this an ANSI requirement, ah well, poor compiler users what standards
> do they conform to then ?
Like the safer string functions (strcpy_s and friends) and TR 24
LNK2001: http://msdn.microsoft.com/en-us/library/f6xx1b1z%28VS.71%29.aspx
>> When i try to link Libeay32.lib in my application i see following link
>> errors where as these errors are not seen when build without FIPS.
It appears you are missing a library (non-fips has it, fips is
lacking). Compare
> So I wasted my precious time preparing a patch while someone
> else had already posted a patch off-list.
Lol... If you're going to throw a tantrum every time someone beats you
ta a patch, you owe us a tantrum:
WinCE patch:
http://www.mail-archive.com/openssl-users@openssl.org/msg61765.html
Pierr
Hi All,
Forgive me if this has been answered else where.
I did not see a multi-threaded unit test, and searching the archives
(http://www.mail-archive.com/openssl-...@openssl.org/) returned 0
hits. Grepping the site returns one reference to "unit test" regarding
to Thomas Wu's SRP at [1] (Ticket
Hi Rajesh,
I've had success with integrity checking using MACs and signatures for
both PE/PE+ and Elf32/64 executables and dynamic libraries on their
respective platforms (not limited to a OpenSSL dll). If I recall,
OpenSSL is only trying to embed a MAC.
>> 5292:error:2507606A:DSO support routine
On Wed, Nov 3, 2010 at 9:12 AM, David Schwartz wrote:
> On 11/2/2010 6:25 PM, Md Lazreg wrote:
>
>> r=select(m_sock_fd + 1, &fds, 0, 0, ptv);
>> if (r <= 0 && (Errno == EAGAIN || Errno == EINTR))/*if we timed
>> out with EAGAIN try again*/
>> {
>> r = 1;
>>
2010/11/22 Ing. Fabián Martínez Osorio :
> Hi:
>
> I have a C++ program that uses the openssl library, and on some computers, I
> got the message “La aplicación no se ha podido inicializar correctamente,
> error 0xc0150002. Haga clic en aceptar para terminar la aplicación” Can
> anyone help me with
On Sun, Dec 5, 2010 at 11:12 AM, Eugene N wrote:
> Dear sirs
>
> I am looking for a way to perform a set of heterogeneous operations, with
> some parameters being BIGNUM and some just 32 bit integers.
> for example, multiply a bignum by 2, increment a bignum by 1, find a result
> of BIGNUM modulo
On Sun, Dec 12, 2010 at 12:12 PM, S Mathias wrote:
> i can use "natively" openssl for anonymous chat:
>
> # Chat:
> # server side:
> openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout mycert.pem -out
> mycert.pem
>
> # server side - generate a self-signed cert.
> openssl s_server -accept
On Wed, Dec 15, 2010 at 12:55 AM, Kannan J
wrote:
>
> From my relentless search on the internet I hit upon this webpage
> http://www.mobilefish.com/services/rsa_key_generation/rsa_key_generation.php
>
http://groups.google.com/group/sci.crypt/browse_frm/thread/d228e099f78164e3
which accepts prim
On Wed, Dec 15, 2010 at 12:58 AM, Victor Duchovni
wrote:
> On Tue, Dec 14, 2010 at 09:46:11PM -0800, Kannan J wrote:
>
>> I'm copying and pasting the text from the smart card guide. It is too
> big to attach.
>
> Please use plain-text (non-HTML) email when sending mail to lists.
Agreed.
>> The fo
On Thu, Dec 23, 2010 at 3:35 PM, wrote:
> Export the environment variable OPENSSL_FIPS=1, and then try openssl md5?
>
I am aware of two companies which are (were?) claiming a FIPS
validated module via OpenSSL sources, but not building the canister.
For completeness, the companies may have fixed t
On Thu, Dec 23, 2010 at 3:48 PM, Mike Mohr wrote:
> Good afternoon,
>
> When generating an RSA key, several components are described in the
> output file. Per the RSA specification on wikipedia,
You should question anything on Wiki since it is generally unedited.
Don't make the mistake of the fel
de_set under GDB to
ensure the function was called.
Jeff
>
> On Thu, Dec 23, 2010 at 1:40 PM, Jeffrey Walton wrote:
>>
>> On Thu, Dec 23, 2010 at 3:35 PM, wrote:
>>>
>>> Export the environment variable OPENSSL_FIPS=1, and then try openssl md5?
>>>
>
atically linked with a
> correct fipscanister.
>
Agreed. Sorry about the traces of cynicism. I just don't trust
corporate or government. They collude all the time.
Jeff
> On Thu, Dec 23, 2010 at 3:48 PM, Jeffrey Walton wrote:
>>
>> On Thu, Dec 23, 2010 at 5:56 PM,
On Wed, Jan 5, 2011 at 12:45 PM, Harshvir Sidhu wrote:
> Hi,
> Is the CAPI engine from OpenSSL supported on WinCE?
I don't believe OpenSSL will compile on Windows Mobile. I also
believe a patch by Pierre
Delaage is available at http://rt.openssl.org/Ticket/Display.html?id=2350.
___
On Thu, Jan 20, 2011 at 5:01 PM, Welling, Conrad Gerhart
wrote:
> My team just received a directive from our customer to "start using SHA-2"
> immediately. Yes, in effect, the directive is that vague, and, no, details
> have not been forthcoming! So, I intend to tell my superiors that our
> prod
Hi Yann,
> I know , but i haven't file .KEY (eg. cert.key) , i must convert file .cer
> into .pfx without file .key
Factor n, or solve the discrete log to recover the private exponent.
On Mon, Feb 14, 2011 at 11:44 AM, yann458 wrote:
>
>
> I know , but i haven't file .KEY (eg. cert.key) , i must
On Sun, Mar 6, 2011 at 4:51 AM, pattabi raman wrote:
> Hi,
>
> I have to implement the RSA algorithm in our solaris10 ( which has openssl
> already) using C programming.
>
> Anyone please forward any doc / sample code / Weblink anything would be a
> great help me.
c = m^e mod n
m = c^d mod n
'Raw
On Sun, Mar 6, 2011 at 5:23 AM, pattabi raman wrote:
>
> Hi ,
>
> I need to implement the entire RSA logic in C program to encrypt the
> customer key for one of our application functionality.
>
> I am bit confused on RSA API, which gives me struggle like Which method to
> call / order of the meth
On Fri, Mar 25, 2011 at 3:56 PM, Anthony Gabrielson
wrote:
> This will do what you want:
> http://agabrielson.wordpress.com/2010/07/15/openssl-an-example-from-the-command-line/
memset(plaintext,0,sizeof(plaintext));
The optimizer might remove your zeroization.
Jeff
>
> - Original Messa
On Thu, Apr 21, 2011 at 7:44 AM, ikuzar wrote:
> Ok,
> I see now what you mean. I 'll try to hash the shared value with SHA1, then
> truncate it to obtain 128 bits ...
In addition to Dave's comments, see NIST 800-135 and RFC 5869 for
guidelines and recommendations on extract-and-expand key derivat
On Tue, Apr 26, 2011 at 5:49 AM, Michel (PAYBOX) wrote:
> Hi,
> I am no expert on the matter, but on my humble opinion,
> I think you can rely on this book because most of its content is about
> fundamental concepts,
> not implementation details ( padding, message encoding, ... ) for which you
> c
> char mykey[EVP_MAX_KEY_LENGTH] = "blowfish_key";
> char iv[EVP_MAX_IV_LENGTH] = "blowfish";
These look problematic. Is it the case that EVP_MAX_KEY_LENGTH ==
sizeof('blowfish_key')? Is it the case that EVP_MAX_IV_LENGTH ==
sizeof('blowfish')?
> EVP_EncryptInit(&ctx, EVP_bf_cfb(), (u
2011/5/4 Prashant Batra :
> http://pastebin.com/0BG97RDH
> This does not contain complete source code, but will definitely give you the
> idea about what I am trying to do.
After a quick look, it does not appear there is enough code to say
what is wrong. For example, you perform:
(key->v)[0]=0x
On Mon, May 16, 2011 at 1:15 AM, raghib nasri wrote:
> I have also observed that changing my application code causes a different
> HMAC sig generated by premain. So if it is covering just validated module
> (fipscanister.o) then sig should remain same as i m using the same validated
> module each
On Mon, May 16, 2011 at 8:51 AM, Sergey wrote:
> Hello,
>
> I have a program, written on C++ and QT.
> I need to implement checking of file signature in my program, so that it
> would do the same check, as this openssl command:
>
> openssl dgst -sha1 -signature signature.bin -verify pubkey.pem fi
On Mon, May 16, 2011 at 9:53 AM, John Hascall wrote:
>
>> Duh, thanks to the people who pointed out that the pointer returned by
>> PEM_read_bio_RSA_PUBKEY might be null, and indeed it is (sadly I have to use
>> Xcode, which refuses to show any local variables and GDB claims they don't
>> exist).
On Thu, May 19, 2011 at 5:44 AM, Tim Watts wrote:
> Hi folks,
>
> I'm setting up a new CA/SSL infrastructure for work - the CA is self signed
> and all SSL certs (mostly server certs rather than client certs) will be
> signed off against this CA.
>
> I've just made the effort to try to actually un
On Tue, May 24, 2011 at 12:05 AM, ciphertexto wrote:
> On May 23, 2011, at 7:20 PM, Dr. Stephen Henson wrote:
>> On Sun, May 22, 2011, Bill Durant wrote:
>>
>>> Hello,
>>>
>>> Has anyone been able to build a "working" 64-bit version of the
>>> FIPS-capable OpenSSL on Mac OS X 10.6.7 (SnowLeopard
On Thu, May 26, 2011 at 6:01 PM, Matt Thompson wrote:
> I get an error when I try the following:
>
> PS C:\bin\OpenSSL-Win32\bin> gc .\secrets.m.text
> U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o
> PS C:\bin\OpenSSL-Win32\bin> .\openssl aes-256-cbc -d -a -in
> .\secrets.m.text
On Tue, Jun 7, 2011 at 3:21 PM, Eric S. Eberhard wrote:
> I would point out in that last approach -- encrypting and sending un secure
> (which is a good idea in many cases) does have a few considerations. If the
> data is sensitive (like magnetic strip data from a credit card) this is
> completel
Hi mp3geek,
On Wed, Jun 22, 2011 at 6:05 PM, Ryan B wrote:
> Is this supported in OpenSSL trunk? Do I need any additional patches
> or updated patches?
It is supported in OpenSSL 1.0.0, but you will need to patch (IIRC).
Jeff
__
2011/7/1 yyy :
> Hello!
>
> s_server (and probably other TLS servers), requires ECDH parameters, if
> using ECDH ciphersuites. (probably similarily as for DH parameters with DH
> ciphersuites).
> It seems, that these are supposed to be generated using:
> ecparam -name 'name_of_named_curve',
> but t
On Fri, Jul 1, 2011 at 1:14 PM, Vladimir Belov wrote:
> Hello.
> I'll collect entropy(random bytes) myself on Windows. How many random
> bytes I must give for function RAND_seed to seed PRNG properly in two cases:
Why not allow OpenSSL to auto seed itself? If you have an overwhelming
desire to p
On Fri, Jul 1, 2011 at 8:58 AM, Daniel Wambold wrote:
> Hello list. Sorry for what is likely a simple question but I'm running out of
> time and could use a quick hand. I have a program that encrypts data using
> AES256 CBC mode and a 256 bit (obviously) key provided directly to the
> encryptio
On Thu, Jul 7, 2011 at 11:56 AM, Gene Kligerman
wrote:
>
> Hi SSLers!
>
> I am seeing an intermittent problem using EVP_md5 function to hash
> user-specified passwords.
>
> The application works fine most of the time except when I run a "stress
> test": 3 user applications concurrently that simpl
On Tue, Jul 12, 2011 at 9:03 AM, rick freitag wrote:
>
> Questions include:
>
> Why do I need ActivePerl not plain Perl?
> I am only using the Cryptolibrary functions from Visual C++.
Sorry to go offlist - I don't know the answer. But on Windows, I found
the easiest way to go is use Shining Light
On Thu, Jul 14, 2011 at 6:22 PM, Kyle Hamilton wrote:
> ECDSA is the elliptical curve (discrete-logarithm-based) variant of DSA, the
> Digital Signature Algorithm. DSA was developed by the US National Security
> Agency as a means of creating prime-factorization-based signatures without
> providin
On Fri, Jul 15, 2011 at 5:36 PM, Kyle Hamilton wrote:
> On Fri, Jul 15, 2011 at 10:32 AM, Gaglia wrote:
>> On 07/15/2011 08:23 AM, Kyle Hamilton wrote:
>>> ...
>>
>> Excuse me, I got lost somewhere... Does this mean that it is not
>> possible to use EC crypto with OpenSSL because the algorithms a
On Sat, Jul 16, 2011 at 2:39 AM, wrote:
> Hi.
>
> I am writing some C++ on Linux with g++. When I try to link statically to
> libcrypto, by using the libcrypto.a library, it complains that
> RSA_generate_key and DH_generate_parameters are undefined references.
> Actually, I believe it said that o
On Wed, Jul 20, 2011 at 8:48 AM, wrote:
> It didn't fix it. In the end, I cannot link statically without libsasl2.a,
> which I am having difficulty obtaining, but which must be somehow
> obtainable.
http://asg.web.cmu.edu/sasl/sasl-library.html
> In the meantime, I am including libraries for wh
On Wed, Aug 17, 2011 at 1:51 PM, Kchitiz Saxena
wrote:
> Hi Wim
> Thanks for the response. Actually, I am trying to compile openssl for WinCE
> 5.0. That's why I was trying to figure out whether I should define this
> macro while compiling or not. However, if this macro is defined, I get few
> com
On Tue, Sep 13, 2011 at 5:53 AM, Mrunal Nerpawar wrote:
> I have a use case for one of the product that I work on. I need to know if
> the passwords on the unix machines are weak.
> The passwords are hashed using blowfish algorithm. I shall be doing
> dictionary encryption using blowfish API to fi
On Tue, Sep 13, 2011 at 6:49 AM, Jeffrey Walton wrote:
> On Tue, Sep 13, 2011 at 5:53 AM, Mrunal Nerpawar wrote:
>> I have a use case for one of the product that I work on. I need to know if
>> the passwords on the unix machines are weak.
>> The passwords are hashed using
On Fri, Sep 23, 2011 at 4:59 AM, alok sharma wrote:
> So is there any method on Windows to generate non-predictable
> randomnumbers. I think mostly FileSytem time is used to seed randomness
> which is failing in my case.
One typically uses CryptGenRandom.
Jeff
> On Mon, Sep 19, 2011 at 4:52
On Tue, Oct 4, 2011 at 10:58 AM, brajan wrote:
>
> hi
> can any one tell me why the signature verification in openssl fail when the
> message is signed bu java IBM fips compliant.i am using openssl 0.9.8g in
> power Pc. i am getting error in
>
> if (((unsigned int)sig->digest->length != m_
On Wed, Oct 5, 2011 at 12:59 AM, William A. Rowe Jr.
wrote:
> On 10/4/2011 10:45 PM, Bill Durant wrote:
>>
>> Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows
>> NT?
>
> It's likely not possible...
>
>> But when I run it under Windows NT, I get the following run-time e
On Fri, Oct 7, 2011 at 1:55 PM, Diffenderfer, Randy
wrote:
> How worried should I be about the contents of this?
>
> http://www.kb.cert.org/vuls/id/864643 (published 2011-9-27)
>
> Is this the topic that flitted across the board a week or so ago?
SSL_OP_ALL includes SSL_OP_DONT_INSERT_EMPTY_FRAG
On Tue, Oct 18, 2011 at 6:47 AM, Nico Flink wrote:
>
> I have a question concerning the size of the out buffer filled by
> EVP_CipherUpdate() and EVP_CipherFinal().
>
> The evp man page gives the following description:
>
> EVP_EncryptUpdate() encrypts inl bytes from the buffer in and writes the
>
On Wed, Oct 26, 2011 at 10:28 PM, Norm Green wrote:
> Is there no one that can help me get a simple SRP test case working? Or
> should I conclude SRP is broken in OpenSSL 1.0.1?
>
> From the output below, it appears the client and server support no less than
> 9 ciphers in common. Why then do
On Thu, Oct 27, 2011 at 8:09 AM, Matthias Meixner
wrote:
>
> Hello!
>
> When upgrading to version 0.9.8r my system stopped supporting session
> resumption.
> It looks like session tickets are the reason for this.
>
> I was using some external session cache to support session resumption on a
> cl
On Mon, Oct 31, 2011 at 4:15 PM, wrote:
> I’m looking into the use of SSL_get_shutdown to possibly avoid unnecessary
> calls to SSL_shutdown. I noticed that SSL_get_shutdown() returns a 3
> sometimes, but I can’t find a symbol that tells what that means. In ssl.h I
> see:
>
> 1=SSL_SENT_SHUTDO
On Mon, Oct 31, 2011 at 3:01 PM, Guilherme G. Rafare wrote:
> Hi, how can I unsubscribe to the list and stop receiving emails?
http://www.openssl.org/support/community.html
Check your SPAM folder for the confirmation emails. I recently noticed
Google swallowed nine separate unsubscribe conformati
On Fri, Nov 4, 2011 at 6:05 AM, Shashidhar RP wrote:
> HI
> I disabled SSLv2 on the server. When the client which is capable of SSLV2
> and SSLV3 sends the hand shake, client sends first V2 hello rt So the
> server is not capable of handling V2 packet as SSLV2 is
> disabled on server. C
Hi Maurice,
On Mon, Nov 7, 2011 at 8:01 AM, Maurice Mahieu wrote:
> I mean the first case, to verify the signature.
> As I understand the signature is the encyrpted digest of the certificate, I
> was wondering if it is possible to decrypt the digest using the public key
> of the issuer.
'Decrypt
On Fri, Dec 2, 2011 at 1:55 PM, wrote:
> Hi,
>
> I am trying to make a simple C++ (64-bit) client program that can establish
> a SSL connection with a remote server using OpenSSL on windows-7. I can
> successfully execute the followings to create a new context block;
>
> SSL_library_init();
> SSL
On Mon, Dec 5, 2011 at 7:35 AM, wrote:
> Hi,
>
>
>
> I am trying to make a simple C++ (64-bit) client program that can establish
> a SSL connection with a remote server using OpenSSL on windows-7. I can
> successfully execute the followings to create a new context block;
>
>
>
> SSL_library_init(
On Thu, Dec 8, 2011 at 8:45 AM, John Emmas wrote:
>
> Please ignore my previous email for the moment. It seems we're not sure
> whether out binaries are official, pre-built ones or if they were built
> elsewhere.
>
> Presumably there are some official Windows DLLs and libs somewhere are there?
2011/12/16 Yang Chun-Kai :
> 1. If I use "openssl genrsa -out my_private_key.key 2048" this command then
> I will get the encrypted private key or not encrypted key ?
>
> because I want to use python ssl module and heard python ssl lib not support
> encrypted private key for sockets.
Pyhon's SSL mo
2011/12/17 Yang Chun-Kai :
>
>
>> Date: Fri, 16 Dec 2011 14:52:27 -0500
>> Subject: Re: Generate private key problems
>> From: noloa...@gmail.com
>> To: openssl-users@openssl.org
>
>>
>> 2011/12/16 Yang Chun-Kai :
>> > 1. If I use "openssl genrsa -out my_private_key.key 2048" this command
>> > then
2011/12/17 Yang Chun-Kai :
> Hello~everyone~
>
> As titled, genpkey command not found in 0.9.8, so is this new in latest
> version?
RSA (112 bits of security):
$ openssl genrsa -out rsa-openssl.pem 2048
$ openssl pkcs8 -nocrypt -in rsa-openssl.pem -inform PEM -topk8
-outform DER -out rsa-openssl.de
On Sun, Dec 18, 2011 at 10:57 AM, Helegurbann wrote:
>
> Hi.I tried int his example code.But it doesn't runs:
> [code]
> #include
> #include
> #include
>
> /* This is a simple example showing how to send mail using libcurl's SMTP
> * capabilities. It builds on the simplesmtp.c example, adding
On Wed, Dec 21, 2011 at 1:26 PM, nandan shantharaj wrote:
> Hi All,
> SSL_CTX_load_verify_locations() is causing memory leak in my
> application. Folowing is the function trace.
>
> 262 1072 bytes leaked in 4 blocks (2.25% of all bytes leaked)
> 263 These range in size from 268 to 268
On Tue, Jan 17, 2012 at 1:32 PM, Magosányi Árpád wrote:
> My application uses openssl-fips for random number generation, where the
> seeding have to have at least 100 bits of entropy coming from a hardware
> random generator which is certified either to FIPS or CC EAL4. Due to
> economy we want to
Hi All,
Is anyone interested in implementing FHMQV in OpenSSL?
I recently implemented FHMQV in Crypto++ (hopefully the patch will be
submitted soon). But I don't have a reference implementation to test
it against (or interoperate with). If interested, I can provide a
Crypto++ reference for OpenSS
On Tue, Jan 24, 2012 at 4:09 AM, Jakob Bohm wrote:
> Informational note to others, as this information used to
> be hard to obtain:
>
> On Linux (for comparison):
>
> /dev/urandom produces as many random bytes as you want (with
> multiple calls if necessary), but if you read more than the
> random
On Tue, Feb 14, 2012 at 3:22 PM, Timothy Kay wrote:
>
> Thanks for the pointer. It's very helpful.
>
> HOWEVER, I can give you dozens of different sites that do it wrong, yet they
> all work in the browsers. Clearly that particular part of the spec is no
> longer relevant, and openssl should be up
On Tue, Feb 14, 2012 at 4:42 PM, Johan Samyn wrote:
> Hi,
> I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well,
> except I got a virus alert from Avira for 'TR/Graftor.10418.101' found
> in the file .../openssl-1.0.0g/test/asn1test.exe. That virus was added
> to the Avira VDF
On Tue, Feb 14, 2012 at 7:53 PM, anthony berglas wrote:
> Hello All,
>
> I want to set up a simple system in which the private key is derived
> entirely from a pass phrase.
>
> I.e. the pass phrase provides all the "Entropy" that is used. This means
> that the private key can be regenerated from
On Tue, Feb 21, 2012 at 3:51 PM, Andy Polyakov wrote:
>> Another option (but shoot it down if its bogus :-): I noticed that if I
>> compile
>> fipscanister.o without "-fPIC", then the const variables do get placed in
>> the (really readonly) .rodata section as desired. I thought maybe if I did
>>
On Thu, Feb 23, 2012 at 2:12 PM, burtbick wrote:
>
> Hi, I'm working on a project where I need to interact with a hardware device
> that is using Triple DES-ECB for encrypting keys.
>
> One of the first things that I'm trying to do is to generate a 16 byte key
> to be uploaded to the device.
>
>
On Fri, Feb 24, 2012 at 4:08 PM, Jakob Bohm wrote:
> On 2/24/2012 2:14 PM, sandeep kiran p wrote:
>>
>> You mentioned that OpenSSL is holding a "snapshot" lock in rand_win.c. I
>> couldn't find anything like that in that file. Can you specifically point me
>> to the code that you are referring to?
On Thu, Mar 8, 2012 at 1:40 PM, wrote:
>
> Hi,
>
> I use this commands for compile it on a FreeBsd 8.2.
>
> # ./Configure
> # ./config
> # make
Try gmake.
__
OpenSSL Project http://www.openssl.org
On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman wrote:
> On 3/27/2012 3:51 PM, Jakob Bohm wrote:
>>
>> On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote:
>>>
>>> You should really be using EVP instead of the low level routines.
>>> They are well documented with examples.
>>
>> Where, precisely?
>>
>> I
On Tue, Mar 27, 2012 at 5:19 PM, Jakob Bohm wrote:
> On 3/27/2012 10:42 PM, Jeffrey Walton wrote:
>>
>> On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman wrote:
>>>
>>> On 3/27/2012 3:51 PM, Jakob Bohm wrote:
>>>>
>>>> On 3/27/2012 9:37 PM, D
On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman wrote:
> On 3/27/2012 3:51 PM, Jakob Bohm wrote:
>>
>> On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote:
>>>
>>> You should really be using EVP instead of the low level routines.
>>> They are well documented with examples.
>>
>> Where, precisely?
>>
>> I
On Mon, Mar 26, 2012 at 11:28 AM, anu wrote:
> When I am using AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
> const AES_KEY *key, const int enc);
>
> then there is no linking error in my code
> but when i use
> AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
> const un
On Mon, Mar 26, 2012 at 1:49 AM, Prashanth kumar N
wrote:
>
> [SNIP]
>> > > <<>> : In my case, i would be storing the wrapped key and
>> > not the original
>> > > key. So when user tries to decrypt the wrapped key, he would get the
>> > > original key but how do i make sure that is the right key.
On Sun, Mar 25, 2012 at 7:31 PM, jeremy hunt wrote:
> Thomas J. Hruska wrote:
>>
>> On 3/23/2012 12:53 AM, jeremy hunt wrote:
>>>
>>> This posting is to help people to build OpenSSL 1.0.1 with Microsoft
>>> Visual Studio. It may also indicate a required change to the build
>>> instructions
>>> for
012 at 6:15 AM, Jeffrey Walton wrote:
>>
>> On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman wrote:
>> > On 3/27/2012 3:51 PM, Jakob Bohm wrote:
>> >>
>> >> On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote:
>> >>>
>> >>>
On Wed, Apr 4, 2012 at 5:41 AM, pkumarn wrote:
>
> Hi,
>
> I had earlier posted query on AES_Keywrap() usage and had good response on
> the same and got lot of things clarified. Now i am successful in using
> AES_wrap_key() API but i am running into a new problem.
> I need to wrap 512bit key with
On Thu, Apr 5, 2012 at 12:18 PM, sandeep kiran p
wrote:
> Jakob,
>
> The last time we had this discussions, I mentioned when 0 is passed as the
> second argument to CreateToolhelp32Snapshot, it takes a snapshot of all the
> heaps for all the processes in the system. I was wrong. This routine only
On Thu, Apr 5, 2012 at 12:07 AM, Prashanth kumar N
wrote:
> You can use the below API's
>
> RAND_bytes()
>
> RAND_pseudo_bytes()
Sorry to nitpick. Its gets old auditing high integrity code where the
damn programmers ignore return values as if every succeeds.
#include
int RAND_bytes(unsigned
On Thu, Apr 5, 2012 at 6:06 PM, Jakob Bohm wrote:
> On 4/5/2012 9:01 PM, Jeffrey Walton wrote:
>>
>> On Thu, Apr 5, 2012 at 12:18 PM, sandeep kiran p
>> wrote:
>>>
>>> Jakob,
>>>
>>> The last time we had this discussions, I men
On Thu, Apr 5, 2012 at 6:58 PM, Jeffrey Walton wrote:
> On Thu, Apr 5, 2012 at 6:06 PM, Jakob Bohm wrote:
>> On 4/5/2012 9:01 PM, Jeffrey Walton wrote:
>>>
>>> [SNIP]
>>
>> The following list of permission bits are most (not all) of those that
>>
On Fri, Apr 6, 2012 at 1:42 PM, crk wrote:
> Hi,
>
> unfortunately this didn't help.
>
> Besides, I am using SSL_library_init. The manual says
> OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are
> synonyms for SSL_library_init().
The client and server each call a different function
On Sat, Apr 14, 2012 at 7:20 PM, Nathan Smyth wrote:
> Hi there,
>
> I have a dumb question. How can I tell whether SSL is actually protecting a
> tcp connection - is there anyway from outside the application. I assume I
> should look for something in Netstat?
>
> I have quite a complicated appl
On Sun, Apr 15, 2012 at 12:01 PM, wrote:
> Hello guyz and cryptobrains! :P
>
> One of the main disadvantages of EC on openssl seems to be the inability
> to create arbitrary-sized keys and advantage for RSA: you can create 32768
> bit RSA key but... not greater than 521 bits on ECC.
>
> Will this
Hi Eystein,
> typedef struct _STRING {
> USHORT Length;
> USHORT MaximumLength;
> PCHAR Buffer;
> } STRING, *PSTRING;
That looks like a UNICODE_STRING (or less commonly LSA_STRING) to me.
I don't ever recall seeing Microsoft defining it as a STRING. Perhaps
mingw/ntdef.h is the culprit.
Jeff
Hi Dennis,
> I am presently looking at implementing AES 256bit into an
> application which I am working on... Is it possible to do it
> with OpenSSL?
It depends on what you want to accomplish, and the mode of operation
in which AES-256 will be operating. Can you offer more details?
Jeff
On 9/18/
Hi Peter,
> so we ran this with a 64 bit int and noticed that 128 bits comes out.
> can we safely ignore the other 64 bits? why are we getting 128 bits out?
It depends on your choice of modes. Specifically on the padding
requirements accompanying the mode.
Modes such as ECB and CBC will pad to th
Hi Brian,
> If so, what is it's purpose?
They are ASN.1 encoded integers. The leading '0' octect ensures the
value is interpreted as non-negative. See X.680.
> Do You Yahoo!?
No.
Jeff
On Tue, Sep 22, 2009 at 9:47 PM, Brian Kuschak wrote:
> I'm using OpenSSL to generate EC key pairs for use in
Hi Doctor,
Form the docs:
SHA1 is the digest of choice for new applications.
It appears the docs are bit dated. Depending on the application, I
believe NIST recommends that new applications use SHA-2 family (circa
2006 [1]), and requires SHA-2 after 2010 [2]. Considering McDonald,
Hawkes, and
Hi Bradford,
> tmp32dll\uplink.obj : fatal error LNK1112: module machine type 'X86'
> conflicts with target machine type 'x64'
MachineType is a field in both the object file and PE file. uplink.obj
was built for x86, but your target is an x64 executable.
I've found it easier to use Shining Light'
On Wed, Oct 7, 2009 at 11:22 AM, Younie, Bradford
wrote:
>> Hi Bradford,
>>
>> I've found it easier to use Shining Light's prebuilt OpenSSL gear.
>> Thomas provides both x86 and x64 binaries. See
>> http://www.slproweb.com/products/Win32OpenSSL.html.
>>
>
> Thanks Jeff,
>
> I noticed that Shining
Hi Alessandro,
> Other rsa source code doesn’t work right because target environment
> use big endian memory allocation for int and long
I don't believe this is characteristic of many libraries, such as
Peter Guttman's Cryptlib or Wei Dai's Crypto++.
Jeff
On Thu, Oct 15, 2009 at 10:37 AM, Alessa
Hi Doug,
> I am trying to figure out where the padding bits
> are applied?
> ...
> The two private keys are described in a different
> number of bytes. Since the 2nd generated private
> key is shown in 20 bytes i.e. 160 bits, is it assumed
> that the MS 3 bits are 0?
The public key, also known as
17591510145
Public Element:
X: 52917001892683237407267355347783044226963125190
Y: 630769944952357370507177294689782720716591612297
C:\Users\Public\Programs\Crypto++\ECParams>
Jeff
On Wed, Oct 21, 2009 at 11:50 AM, Doug Bailey wrote:
> - "Jeffrey Walton" wrote:
>
>> Hi Doug,
>>
>> > I am tr
1 - 100 of 760 matches
Mail list logo
