On Wed, 2012-09-12 at 00:28 +0300, farmdve data.bg wrote:
I have seen a lot of applications that utilize the OpenSSL library,
however I see that the majority of the documentation is incomplete.
In particular, I need some documentation for the EC package in the
'crypto' sub-folder, I mean,
You should just be able to create an ECDSA_SIG structure using:
ECDSA_SIG *mysig;
if(!(mysig = ECDSA_SIG_new())) goto err;
And then simply copy your r and s values directly into the ECDSA_SIG
structure (assuming they are BIGNUMs):
if(!BN_copy(mysig-r, r)) goto err;
if(!BN_copy(mysig-s, s))
Yes, you can use CTR mode for AES-256: use the EVP interface with the
EVP_CIPHER of EVP_aes_256_ctr().
However it is a fundamental requirement of CTR mode that the IV must be
unique across messages. If you reuse the IV then your messages can be
broken quite trivially. Therefore, if by a fixed IV,
:22 PM, Matt Caswell fr...@baggins.org wrote:
Yes, you can use CTR mode for AES-256: use the EVP interface with the
EVP_CIPHER of EVP_aes_256_ctr().
However it is a fundamental requirement of CTR mode that the IV must be
unique across messages. If you reuse the IV then your messages can
the documentation for all the modes supported by openssl??
Regards,
Rohit Bansal
On Mon, Jan 14, 2013 at 1:16 PM, Matt Caswell fr...@baggins.org wrote:
The EVP API is documented here:
https://www.openssl.org/docs/crypto/EVP_EncryptInit.html#
There is some example code there too. It doesn't use AES
I have previously submitted a largish patch for documentation around the
OpenSSL EC library. Unfortunately there seems little interest in it, and it
has been hanging around in RT for some while:
https://rt.openssl.org/Ticket/Display.html?id=2799 (username guest,
password guest)
This
It is a feature of GCM that the ciphertext (excluding the authentication
tag) is identical length to the plaintext. Therefore no padding is required.
Matt
On 8 February 2013 14:27, Dirk Menstermann noadsple...@web.de wrote:
Hi,
I'm playing around with EVP_aes_128_gcm. This works, but it
See the README for instructions, under the SUPPORT section:
http://git.openssl.org/gitweb/?p=openssl.git;a=blob_plain;f=README;hb=refs/heads/master
Matt
On 6 March 2013 23:10, Dennis Clarke dcla...@blastwave.org wrote:
Is there a bugzilla site or similar for openssl ?
On 6 March 2013 11:40, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, Mar 06, 2013, Matej Kenda wrote:
I am working on a solution which includes encryption of files of
arbitrary
size (at least up to 2 GB) to be encrypted with AES CCM with 256-bit key
and uploaded to a server.
On 16 March 2013 18:00, azhar jodatti azhar...@gmail.com wrote:
Thompson,
Really thanks for the reply. appreciate your time.
Yes it was JCE and not JCF. it was typo :)
I am working on application which has android and iPhone client. Both the
client talk to my server which is written in
On 18 March 2013 12:15, azhar jodatti azhar...@gmail.com wrote:
2) Is this sample from the *same* key exchange? The parameters are
different which are obviously going to cause it to fail.
When I run both programs it calculates the params (p,g,pk) every time on
execution . that's the reason
On 18 March 2013 15:05, azhar jodatti azhar...@gmail.com wrote:
I also just noticed that in your JSON sample there is only one prime
number provided. There are in fact two required: p and q.
well, I think other prime number is g and not q. other prime number is
base generator i.e g in above
On 18 March 2013 21:02, Dave Thompson dthomp...@prinpay.com wrote:
I also just noticed that in your JSON sample there is only one
prime number provided. There are in fact two required: p and q.
No. *DSA* uses p,q,g. DH requires p,g which effectively determines
q, but DH computation doesn't
On 18 March 2013 21:44, Matt Caswell fr...@baggins.org wrote:
However, you are correct that the DH computation does not use q, although
I do not
know whether JCE requires it to be specified (not having used JCE).
One other point on this - X9.42 describes an optional validation procedure
On 19 March 2013 09:01, azhar jodatti azhar...@gmail.com wrote:
And possibly relevant here, the standard Suncle JCE provider actually
uses DSA paramgen for DH and thus imposes the DSA size restrictions
on DH -- 512 to 1024 in steps of 64 -- although they aren't required
by any standard I know
On 19 March 2013 10:37, azhar jodatti azhar...@gmail.com wrote:
On Tue, Mar 19, 2013 at 2:58 PM, Matt Caswell fr...@baggins.org wrote:
On 19 March 2013 09:01, azhar jodatti azhar...@gmail.com wrote:
And possibly relevant here, the standard Suncle JCE provider actually
uses DSA paramgen
On 19 March 2013 12:22, azhar jodatti azhar...@gmail.com wrote:
PEM_write_bio_DHparams(out, temp);//this prints public key in base64
(this is what i think :) )
This is NOT a base64 representation of the public key. This is
printing out the parameters only (which does not include the
On 19 March 2013 14:18, azhar jodatti azhar...@gmail.com wrote:
On Tue, Mar 19, 2013 at 6:24 PM, Matt Caswell fr...@baggins.org wrote:
On 19 March 2013 12:22, azhar jodatti azhar...@gmail.com wrote:
PEM_write_bio_DHparams(out, temp);//this prints public key in
base64
(this is what i
On 20 March 2013 07:37, azhar jodatti azhar...@gmail.com wrote:
Public key :
On 20 March 2013 11:25, azhar jodatti azhar...@gmail.com wrote:
byte[] bobPubKeyEnc = bobKpair.getPublic().getEncoded();
This is providing an encoded form of the public key, whereas your code
is expecting it as an integer. Use the following instead:
DHPublicKey dhpubkey =
On 20 March 2013 19:21, azhar jodatti azhar...@gmail.com wrote:
One more query :).
After generating secret key :
byte[] bobSharedSecret = bobKeyAgree.generateSecret();//this generates
secret key. Note : this key matches with C client secret key :)
I am doing below stuff in JAVA :
On 21 March 2013 21:04, steveRX04 srh...@hotmail.com wrote:
I'm using DES so the cipher block size is 8 bytes. Padding is enabled.
DES? Really? Are you sure you want to use that? It is no longer
considered secure.
I know that if the input buffer is 14 bytes, then by calling
See:
http://wiki.opensslfoundation.com/index.php/EVP
http://wiki.opensslfoundation.com/index.php/EVP_Symmetric_Encryption_and_Decryption
http://wiki.opensslfoundation.com/index.php/EVP_Authenticated_Encryption_and_Decryption
Matt
On 22 March 2013 19:15, Jevin Sonut j.so...@gmail.com wrote:
Can
On 26 March 2013 16:45, tos iro motto.mo...@gmail.com wrote:
Hello
I'm sorry when there is an impoliteness.
I want you to tell me a *correct way to* call the EVP_CIPHER_CTX_cleanup().
I'm writing the program for encrypt independent data one by one.
Should I call EVP_CIPHER_CTX_cleanup() at
On 29 March 2013 15:09, Zach lace...@roboticresearch.com wrote:
I'm trying to do the following:
1) Put a base64-encoded key (the normal one generated by openssl command
line tools) into a header file
Do you mean to put the actual key itself hardcoded into the header
file?? This seems like a
On 1 April 2013 23:30, Zach lace...@roboticresearch.com wrote:
RSA* x = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
Try using this instead:
PEM_read_bio_PUBKEY
Matt
Hi Jeff
Is FHMQV covered by any patents? I've always assumed that was the
reason MQV was not in OpenSSL.
Matt
On 22 January 2012 20:03, Jeffrey Walton noloa...@gmail.com wrote:
Hi All,
Is anyone interested in implementing FHMQV in OpenSSL?
I recently implemented FHMQV in Crypto++
On 15 April 2013 12:48, Anil Kumar K K aniluvc...@gmail.com wrote:
Hi OpenSSL Team,
I am Anil, trying to code aes encryption and decryption program using
openssl library.
I have coded a program which takes key and data as inputs and computes
AES-128 cipher text and decrypt the same. If the
On 25 April 2013 21:42, Taraniteja Vishwanatha taranit...@gmail.com wrote:
Hey guys,
I was using the low level aes APIs and now have switched to EVP ones. My
Good. That is (in most cases) the correct approach.
string encryption and decryption always work fine. But when it comes to
files, I
On 11 May 2013 05:05, Lunar Mushrooms lunar.mushro...@gmail.com wrote:
Hello I can see a call to OBJ_bsearch_pmeth() in openssl source. By I could
not find the definition of OBJ_bsearch_pmeth(). I greped the entire source.
Can somebody help me to find the definition ?
On 15 May 2013 20:15, Bin Lu b...@juniper.net wrote:
Hi,
Could somebody tell me what names I should use in EVP_get_cipherbyname() to
return the AES_128_GCM and AES_256_GCM ciphers? I looked into openssl code
but got lost.
aes-128-gcm and aes-256-gcm
Matt
On 24 May 2013 03:21, no_spam...@yahoo.com wrote:
Can one use HMAC through EVP? If so, can someone point me to an example?
It seems that when the OpenSSL module is in FIPS mode, it doesn't like
programs using HMAC_*() functions directly:
OpenSSL internal error, assertion failed: Low level
On 24 May 2013 05:45, Matt Caswell fr...@baggins.org wrote:
On 24 May 2013 03:21, no_spam...@yahoo.com wrote:
Can one use HMAC through EVP? If so, can someone point me to an example?
It seems that when the OpenSSL module is in FIPS mode, it doesn't like
programs using HMAC_*() functions
On 31 May 2013 10:58, Jakob Bohm jb-open...@wisemo.com wrote:
According to a server testing service I have tried, OpenSSL 0.9.8
fails to reject degenerate ephemeral DH keys, while OpenSSL 1.0.0
does this rejection. They do not provide a CVE number for this
issue, and I cannot find it in the
On 31 May 2013 16:42, Jakob Bohm jb-open...@wisemo.com wrote:
Interesting, I don't seem to be able to find code that calls dh_check
or equivalent on received DH group parameters, but then the check in
that function is too strict in its criteria (for instance, some
standards (such as X9.42 and
On 31 May 2013 21:07, Matt Caswell fr...@baggins.org wrote:
On 31 May 2013 16:42, Jakob Bohm jb-open...@wisemo.com wrote:
Interesting, I don't seem to be able to find code that calls dh_check
or equivalent on received DH group parameters, but then the check in
that function is too strict
On 12 June 2013 21:15, Jakob Bohm jb-open...@wisemo.com wrote:
As for the DH_check_pub_key() function, checking if pubkey is in the
range two to large prime minus 2, inclusive is an insufficient check
against accepting degenerate keys. For instance NIST SP 800-56A
requires the following
On 14 June 2013 20:12, Steve Tarzia st...@stevetarzia.com wrote:
I am having some trouble finding documentation or examples showing how to
perform Elliptic Curve crypto operations using the openssl command line
tool. Is possible to perform EC encryption and decryption using the openssl
On 14 June 2013 01:55, Jakob Bohm jb-open...@wisemo.com wrote:
On 6/12/2013 11:35 PM, Matt Caswell wrote:
On 12 June 2013 21:15, Jakob Bohm jb-open...@wisemo.com wrote:
As for the DH_check_pub_key() function, checking if pubkey is in the
range two to large prime minus 2, inclusive
On 16 June 2013 10:41, enrico d'urso e.du...@live.com wrote:
Client send to Server encrypt data, first time all works fine, but second
time no.
For example if I first time send:
Stack Overflow server print Stack Overflow,
but second time anything client sends, server always print erflow.
On 17 June 2013 12:57, enrico d'urso e.du...@live.com wrote:
Hi, thanks for your answer.
I didn't call them all times, just first time.
The fact is that I would like to use 'cbc' scheme, so I Could make this way,
CBC is a mode used within an individual message. It cannot be used
across
On 17 June 2013 13:25, Matt Caswell fr...@baggins.org wrote:
Take a random IV, and use it.
Encrypt a message, and save last cipher-text ( Let be C).
Re-call EncryptInit using C as IV.
IVs must be random and not predictable in advance. Using the last
block of a previous message as the IV
On 17 June 2013 14:02, enrico d'urso e.du...@live.com wrote:
Hi, thanks for answer.
At the moment in my application I create an random IV and a random KEY.
Client after this creation send them to Server encrpyting all with RSA
public key.
Client decrypt the message with private key, and from
On 17 June 2013 15:17, Jakob Bohm jb-open...@wisemo.com wrote:
IV's should always be random - you should not reuse an IV.
Using the the last block of cipher-text from a previous message as the
IV gives a predictable IV which is insecure in CBC mode for certain
classes of attack.
You are
On 18 June 2013 09:43, Michel msa...@paybox.com wrote:
Hi Yamini,
I would suggest looking at the 'EVP Envelope' API :
https://www.openssl.org/docs/crypto/EVP_SealInit.html
Also see:
http://wiki.openssl.org/index.php/EVP_Asymmetric_Encryption_and_Decryption_of_an_Envelope
Matt
On 18 June 2013 19:22, Jakob Bohm jb-open...@wisemo.com wrote:
Fundamentally, every CBC block except the first will use what you call a
predictable IV, namely the previous ciphertext block. To make any sense
security arguments about this need to be very clear about what is
and is not
Just to clarify, that should say the OpenSSL wiki is NOW available!
Matt
Steve Marquess marqu...@opensslfoundation.com wrote:
The recently created OpenSSL Wiki is not available for general access
at
http://wiki.openssl.org/
It is starting to accumulate some useful content and should
On 16 August 2013 16:46, Swair Mehta swairme...@gmail.com wrote:
On 16-Aug-2013, at 7:49 AM, Unga unga...@yahoo.com wrote:
Hi all
I have a requirement to encrypt files, in such a way identical files should
generate identical ciphertexts.
I plan to use aes-256-cbc cipher with 128-byte long
On 3 September 2013 15:16, Jonas Andersson jonasanderssonm...@gmail.com wrote:
Hi all,
Is there a way to verify a signature with ECDSA_do_verify having only the
x-coordinate (in public key) available?
Are you sure you *only* have the x-coord and not a point in compressed
format? The
though.
Matt
Br,
Jonas
2013/9/3 Matt Caswell fr...@baggins.org
On 3 September 2013 15:16, Jonas Andersson jonasanderssonm...@gmail.com
wrote:
Hi all,
Is there a way to verify a signature with ECDSA_do_verify having only
the
x-coordinate (in public key) available?
Are you sure
On 7 October 2013 19:39, Dave Thompson dthomp...@prinpay.com wrote:
You don’t need to change OpenSSL to do what you say you want; just create an
EC_KEY with the curve,
set the desired private key value, and do a point multiplication to get the
public key value and set that.
This is
On 14 October 2013 22:29, Joost Ringoot jo...@ringoot.org wrote:
Hello,
I am trying to install openssl-1.0.0 on fedora 19.
I tried different versions:
openssl-1.0.0k.tar.gz
openssl-1.0.0f.tar.gz
and
openssl-1.0.0.tar.gz
./config and make appear ok
but make install always ends like
On 30 November 2013 18:52, cvishnuid cvishn...@gmail.com wrote:
I am newbie to Open SSL . I am already have an application where server and
client are using Openssl libraries for Diffie hellman encryption.I wanna
convert server to compleatly to C# .
It is not clear from your question
On 1 December 2013 18:15, cvishnuid cvishn...@gmail.com wrote:
Thanks for reply matt. Yeah your correct I want implement completely from
starch as my agenda is to have complete manged code in my server app and i
did't find any manged manged crypto library with will is compatable with
Open SSL
On 3 December 2013 10:36, Aastha Mehta aasth...@gmail.com wrote:
Hello,
I wrote a simple code to sign and verify using DSA keys, but I am facing
some problem with verification and I cannot figure it out. This is the error
I get:
error:0A071003:dsa routines:DSA_do_verify:BN lib
I know the
On 4 December 2013 22:38, Dave Thompson dthomp...@prinpay.com wrote:
In addition to the misplaced paren already noted, and also a surplus paren,
which I’ll assume were typos since they wouldn’t have compiled,
I think it could compile (unless there is another surplus paren I
haven't seen?):
On 5 December 2013 23:32, John da_audioph...@yahoo.com wrote:
I recently became aware of aes-ni and found the linked articles. My CPU
supports this, but it seems (assuming the advice in the linked pages is
accurate) that openssl does not have it enabled. What am I missing? I am
running
On 13 December 2013 17:33, andreas andreas.moro...@gmx.net wrote:
Hello,
in our public hospital we have a application that has to encrypt data
with a certificate.
At the moment we call a batch files that does
openssl.exe rsautl -encrypt -in %1 -out %1.enc -inkey SanitelCF.cer
-certin -pkcs
On 19 December 2013 18:52, Billy Brumley bbrum...@gmail.com wrote:
It's in the EC_GROUP structure: group-field. Check crypto/ec/ec_lcl.h. BBB
Anything in the *lcl.h header files does not form part of the public
API and you shouldn't really rely on it as it may change.
Better is to use:
int
On 19 December 2013 23:47, Porter, Andrew andrew_por...@bmc.com wrote:
So, additional data now. This works:
./openssl s_client -debug -cipher 'ECDHE-RSA-AES256-SHA' -curves
'secp521r1:secp384r1:prime256v1:sect571r1' -connect tomcat-host:443
But use the same curves in a different order, with
On 20 December 2013 00:24, Matt Caswell fr...@baggins.org wrote:
On 19 December 2013 23:47, Porter, Andrew andrew_por...@bmc.com wrote:
So, additional data now. This works:
./openssl s_client -debug -cipher 'ECDHE-RSA-AES256-SHA' -curves
'secp521r1:secp384r1:prime256v1:sect571r1' -connect
On 20 December 2013 09:09, Patrick McCorry stonecold...@gmail.com wrote:
Thanks Guys,
At the moment I'm trying to distinguish if n p, as the x co-ordinate does
not wrap around n (so x = r in all cases) - to verify if this is always the
case
n can be greater than p, e.g. see the
On 20 January 2014 15:34, khan wahid rr...@yahoo.com wrote:
Hi,
I am trying to implement DH key exchage using openssl in the same program,
so I generate DH parameters once, and then transfer the p and g to another
DH object, here is my code-
#include stdio.h
#include string.h
#include
On 21 January 2014 15:44, HelenH Zhang helen...@yahoo.com wrote:
Dear experts:
We want to be able to specify padding.
RSA_PKCS1_PADDING or RSA_NO_PADDING.
I would like to use EVP API instead of RSA_Public_decrypt(), and
RSA_Private_encrypt().
Which API should I use?
I am currently using
On 21 January 2014 23:51, HelenH Zhang helen...@yahoo.com wrote:
Thank you, Matt for your quick reply.
I have additional questions: I looked both links below:
https://www.openssl.org/docs/crypto/EVP_PKEY_encrypt.html
https://www.openssl.org/docs/crypto/EVP_PKEY_decrypt.html
One for
On 22 January 2014 22:40, Dave Thompson dthomp...@prinpay.com wrote:
The general public-key sign and verify processes are:
S1. compute hash of data (or for CMS, hash of data-hash plus some other
bits)
S2. generate signature for hash S1 using private key (RSA, DSA, or ECDSA)
S3. send
On 28 February 2014 17:07, Paddy stonecold...@gmail.com wrote:
On 20 December 2013 09:09, Patrick McCorry [hidden email] wrote:
Thanks Guys,
At the moment I'm trying to distinguish if n p, as the x co-ordinate
does not wrap around n (so x = r in all cases) - to verify if this is
always the
On 3 March 2014 04:36, Jeffrey Walton noloa...@gmail.com wrote:
Is there a list of EC curves to NIDs?
http://www.openssl.org/docs/crypto/EC_KEY_new.html and
http://www.openssl.org/docs/crypto/EC_GROUP_new.html discuss the
curves and the NIDs, but don't provide a list.
Or better, is there a
On 9 April 2014 08:39, chetan chet...@neominds.in wrote:
I am newer to this and i want to make ECDHE algorithm for cilient-server.
Can anyone tell me basic steps and functions to do this. all response are
acceptable.
Thankss in advance
Its unclear from your question
On 10 April 2014 07:29, chetan chet...@neominds.in wrote:
Thanks for giving time to me. I was given a task that i have to implement
ECDHE algorithm means i can use openssl.
So, can you please tell me what i have to do after generatic public and
private key files. How to generate shared secret
On 10 April 2014 07:54, chetan chet...@neominds.in wrote:
I write a code like this. but when i compile it show's error Undefined
EVP_PKEY_derive.
what is the reason for that?
What version of openssl are you using? EVP_PKEY_derive is only in
OpenSSL 1.0.0 and later versions.
Matt
On 10 April 2014 13:08, Buddhika E. buddhika.ekanay...@gmail.com wrote:
Could anybody provide me some solution?
Many Thanks,
Buddhika
PS: I attached a code sample
I haven't gone all through your code, but spotted this:
if(!EVP_DecryptUpdate(ctx, out, buflen, cipher, strlen(cipher))) {
On 11 April 2014 06:25, chetan chet...@neominds.in wrote:
I tried your sample code but compiler showing error like Undefined refrence
to EVP_PKEY_CTX_new although i included header file openssl/evp.h.
You have any idea why this errors occuring???
And by the way thanks for the help friend.
On 11 April 2014 08:18, chetan chet...@neominds.in wrote:
I'm Using version 1.0.0e.
Is my version of openssl is suitable for EVP_PKEY_CTX_new()??
and if not how can i upgrade my version to latest version?
That version should be fine. See my response to your other thread for
next steps.
Matt
On 14 April 2014 05:42, chetan chet...@neominds.in wrote:
xxx.c is my program file.
So, i'm compile simply like cc xxx.c .
I am Gettting errors as below:
xxx.c:(.text+0x19): undefined reference to `EVP_PKEY_CTX_new'
xxx.c:(.text+0x30): undefined reference to `EVP_PKEY_derive_init'
On 15 April 2014 05:40, chetan chet...@neominds.in wrote:
Thanks to you...it's working.
Now i have one last query for you.
I'm generating public and private key files using command line openssl. I
generated 2 .PEM files each for public and private key.
Now i want to generate shared secret
On 16 April 2014 05:48, chetan chet...@neominds.in wrote:
If this is only ECDH than how to perform ECDHE?
what changes i have to made in this code?
Well the final E in ECHDE stands for ephemeral. It is not really a
difference in the way the algorithm itself works, but more about how
it is used.
On 26 April 2014 20:38, Jeffrey Walton noloa...@gmail.com wrote:
On Sat, Apr 26, 2014 at 3:18 PM, Anant Rao a...@noknok.com wrote:
I'm doing password encryption (and decryption) in Java. I need to port this
to C.
In Java, I'm doing this:
PBEKeySpec (somepassphrase, some_salt, some
On 15 May 2014 10:39, Jeffrey Walton noloa...@gmail.com wrote:
On Tue, May 13, 2014 at 12:06 PM, Tom stone stone...@gmail.com wrote:
Am I missing something or is there a bug in the openssl gcm implementation?
If its any consolation, your question triggered a documentation patch.
Matt Caswell
On 19/05/14 14:12, Darshan Mody wrote:
-BEGIN EC PARAMETERS-
-END EC PARAMETERS-
-BEGIN EC PRIVATE KEY-
-END EC PRIVATE KEY-
My Private key looks as above
How did you generate your private key?
Try deleting the EC PARAMETERS section in the file.
On 20 May 2014 15:42, Rahul Godbole rahulmg1...@gmail.com wrote:
Hi
Is OpenSSL thread safe by default? How can I find out if a particular
OpenSSL binary had been compiled with thread support?
http://www.openssl.org/support/faq.html#PROG1
Matt
On 25/05/14 13:11, Mody, Darshan (Darshan) wrote:
Hi,
When I try to read the EC Private Key file I get an error from the
openssl.
Is there another way to use the Elliptic curved Private key. Please note
that I generate the Public and Private keys via the command lines and
On 25/05/14 14:40, Mody, Darshan (Darshan) wrote:
I use below command
openssl ecparam -out key.pem -name prime256v1 -genkey. I am using another 3rd
Party tool SIPp. Below is the method that sets the SSL CTX
Whilst I don't think its the cause of your problem, I would suggest
adding
On 28 May 2014 08:47, Sverre Moe sverre@gmail.com wrote:
When creating a ECC Certificate Signing Request I noticed the CSR from
OpenSSL was quite different from the one I generated with Java Keytool.
Checking the CSRs with: openssl req -in ecc.csr -text -noout
OpenSSL CSR has the
On 28 May 2014 11:06, Sverre Moe sverre@gmail.com wrote:
I used the following openssl command for my ECC private key and CSR.
openssl ecparam -name secp521r1 -genkey -param_enc explicit -out
private-key.pem
openssl req -new -key private-key.pem -nodes -sha384 -out ecc_clientReq.csr
So
On 31/05/14 11:02, scl wrote:
Hi,
like in my previous post I am trying to build and
install OpenSSL 1.0.1g for distribution in an OS X
10.6+ application (64 bit). I'm using JHBuild to
fetch and build all pieces.
JHBuild tries to install OpenSSL first to a packagers directory
On 27 May 2014 08:00, Anant Rao a...@noknok.com wrote:
When I tried to decrypt it using OpenSSL in a 'c' program, the last call
'EVP_DecryptFinal_ex' fails. Somehow, ERR_print_errors_fp is not printing
anything either.
If EVP_DecryptFinal_ex fails with GCM then this means that the tag has
On 10 June 2014 15:24, Anant Rao a...@noknok.com wrote:
Hi,
Objective in one-line:
=
Verify a signature, given an ECDSA public key in X509 format.
Details:
==
I read an X509 cert stored on disk. The following are some of its contents:
Public Key Algorithm:
On 19/07/14 15:53, Iñaki Baz Castillo wrote:
Hi,
The doc [*] says:
If the BIO_CLOSE flag is set when a memory BIO is freed then the
underlying BUF_MEM structure is also freed.
The only place to set such a BIO_CLOSE flag is in the c argument in function:
BIO_set_mem_buf(BIO
On 22/07/14 22:21, Salz, Rich wrote:
My guess (and its purely speculation) is the report is being held because of
security considerations.
I don't believe so; there's no filter on email sent to rt. Interestingly,
there are a few bugs created a day ago, and then a few created four days
On 23/07/14 08:17, Thulasi Goriparthi wrote:
I didn't see it with 1.0.2-beta2 released yesterday.
Not sure, if it would be added to the final 1.0.2 release.
There are no plans to back port this feature to 1.0.2.
Matt
__
On 24 July 2014 10:38, Iñaki Baz Castillo i...@aliax.net wrote:
Anyhow I still insist that the example is broken:
--
BIO *internal_bio, *network_bio;
BIO_new_bio_pair(internal_bio, 0, network_bio, 0);
--
It should be:
--
BIO *internal_bio,
On 6 August 2014 11:27, Gayathri Manoj gayathri.an...@gmail.com wrote:
Hi All,
Please let me know how to compile openssl with -bindist option.
I suspect you are asking this on the wrong forum as I think this is a
gentoo thing not an openssl thing.
With the caveat that I know nothing about
On 6 August 2014 14:12, Gayathri Manoj gayathri.an...@gmail.com wrote:
Hi Matt,
Thanks Matt.
My actual issue is that I am not able to generate ecdsa keys after upgrading
openssl version from 0.9.8y to 0.9.8za. For making our openssl fips
compliant we complied the same with -no-ec option
On 6 August 2014 14:35, Gayathri Manoj gayathri.an...@gmail.com wrote:
Hi Matt,
Is there any solution to compile openssl-0.9.8za without -no-ec option. Or
do we have any patch available to fix the fips breakage issue.
Known issues in OpenSSL 0.9.8za:
FIPS capable link failure with missing
On 06/08/14 19:32, Mukesh Yadav wrote:
Hi,
AES_GCM is supported on OpenSSL-1.0.1
Regarding support on OpenSSL-0.9.8, have found patch on link below.
http://rt.openssl.org/Ticket/Display.html?id=2092user=guestpass=guest
From various opensource discussion, it seems it cleanly apply to
On 07/08/14 20:42, Jaya Nageswar wrote:
Hi All,
The following vulnerability fixes in 0.9.8 zb seems to be related to the
DTLS reassemble fragment functionality that is introduced from 0.9.8 o
version.
CVE-2014-3505 -Avoid double free when processing DTLS packets
CVE-2014-3506 -Fix DTLS
On 08/08/14 12:26, Matt Caswell wrote:
Hi Jaya
CVE-2014-3505 has two sites which are affected by the same problem
(either of these can be present for the issue to occur). One
of these is dtls1_reassemble_fragment, which you rightly say was not
introduced until 0.9.8o. However the other
On 08/08/14 19:33, Norm Green wrote:
Hello Steve,
Reverting the below commit is necessary but not sufficient. There are
also references to aSRP in s3_clnt.c and ssl_lib.c that must be deleted
to get OpenSSL to build. SRP functions correctly once that has been done.
Those were introduced
On 25/08/14 09:57, sandeep umesh wrote:
Hello users,
NVD vulnerability database confirms the below link as the patch for
CVE-2014-5139 -
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0
This is indicating to CVE-2014-2970.
Where as,
1 - 100 of 1424 matches
Mail list logo