Hi,
I have written a sample few years ago that performs PSS signature using
SHA256 like what you need.
You can get it from
https://www.idrix.fr/Root/Samples/openssl_pss_signature.c
It uses the maximum salt length. You should check that the server
expects this as well.
Cheers,
--
Mounir IDRASSI
old TLS
handshake behavior unless it causes security issues for them (but I
can't imagine how).
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/14/2014 10:02 PM, Gilles Vollant wrote:
Microsoft just published a patch on their SChannel component (KB 2992611 )
https://techne
if block inside the loop.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 9/24/2014 6:27 PM, Jeffrey Walton wrote:
> I've got a program that repeatedly calls BN_rand_range. Valgrind is
> reporting 2.4 MB of leaks.
>
> If I comment out the loop that generates the range
nd on the older Pentium III
M it takes 1 second on average.
I don't if there are many people who need use RSA SFM parameters but
having such conversion functionality inside OpenSSL can be interesting.
In such case, I can send a patch for it.
Cheers,
--
Mounir IDRASSI
IDRIX
Hi,
There was a similar question years ago. Here is a link to its answer :
http://marc.info/?l=openssl-users&m=123357572413547
I don't know if it is still relevant.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/20/2012 8:38 PM, Alona Rossen wrote:
Hello,
We need Ope
these limitations by implementing my own version
of RSA_padding_add_PKCS1_OAEP that accepts any hash and any MGF
implementation. I guess you should do the same.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/16/2012 11:27 PM, Martin Kaiser wrote:
Dear all,
I'd like to encrypt
Hi,
Your browser is unzipping the archive on the fly. The file you are
getting is the TAR and not the gzipped TAR.
Try clicking "save as" on the link to see if you get the real gzipped file.
By the way, all the ckecksums on the page are correct.
Cheers,
--
Mounir IDRASSI
Hi,
The following blog post explains different mitigation techniques for
this vulnerability and among them is Rate Limiting :
http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html#rate_limiting_ssl_handshakes
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
-
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.5887&rep=rep1&type=pdf
: a 2006 paper discribing the attack and the OpenSSL countermeasure.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 9/21/2011 4:48 PM, Thomas J. Hruska wrote:
The Register published an article y
Yes, this the target configuration for debug under Windows VC++.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 6/22/2011 7:38 AM, ml.vladimbe...@gmail.com wrote:
Is “debug-VC-WIN32” option of configuration an answer to my question
on is to implement
an engine that exports its own RNG implementation through a custom
RAND_METHOD structure.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 5/4/2011 7:02 PM, carlyo...@keycomm.co.uk wrote:
Start second process as a daemon so it only does the entropy gathering
at pr
this mechanism more expensive than previous Windows versions. So,
this issue won't be solved unless there is a major change to OpenSSL
entropy gathering architecture, which doesn't appear to be coming any
time soon.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 5/4/2011
ecuting these processes under Windows 7?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 5/4/2011 7:02 AM, Ashwin Chandra wrote:
I generate an RSA key using RSA_generate_key in one process. I then
take the RSA structure that is generated and serialize it and send it
to another process via an RPC
not aware of this
update...This issue should not have existed at the first place!
Good luck,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 4/26/2011 7:07 PM, James Chase wrote:
You've got the wrong chain file. I understand that NetSol
switched to a new
EV Issuing CA a few m
jr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-END CERTIFICATE-
<======
l
Windows specific PRNG helper functions.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 3/26/2011 10:05 AM, Vladimir Belov wrote:
Hello,
What Random number generator is used in the OpenSSL library?
__
OpenS
just modified the usr_cert section in the default
one in order to add "extendedKeyUsage = critical,timeStamping" and set
keyUsage to "nonRepudiation, digitalSignature".
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/23/2011 3:32 PM, Yessica De Ascencao wrote:
He
e.net/ .
Thanks to it, you can check that these 5 parameters give you the correct
d and e. In your case, I'm sure you'll get the wrong d and e. Swap the
parameters and see if you get the correct d this time.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
://rsaconverter.sourceforge.net/ .
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/24/2011 5:48 AM, Victor Duchovni wrote:
On Wed, Feb 23, 2011 at 09:03:13PM -0600, Shaheed Bacchus (sbacchus) wrote:
Just to be clear, below is not the actual code, but what I would *like*
to be able to do (or
Yes, you should open a ticket on the issue tracker. However, I'm not
sure if Dr. Stephen Henson will agree to add this change to the current
stable versions (0.9.8x and 1.0.0x) as he usually delays header changes
till the 1.1.0 release.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On
. That explains why you are getting the compile error.
I don't know why it was done like this, but if you really need this
structure then you'll have to copy its definition from the header I
mentioned above.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/22/2011 6:14 PM,
with its key and its CA
certificate) that I used. Can you see if it is working for you?
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/22/2011 3:11 PM, Yessica De Ascencao wrote:
Hi Mounir IDRASSI!
I generated the certificate with ONLY Digital Signature, Non
Repudiation but I still h
that the problem is coming
from the certificate Key Usage : it MUST NOT contain Key Encipherment.
So, to resolve your problem, set the Key Usage to ONLY Digital
Signature, Non Repudiation.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/22/2011 2:40 PM, Pa
files.
I hope this will help,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/18/2011 4:59 AM, David Henry wrote:
I've written a bare bones enveloping example that takes a string,
seals it in an envelope, and then goes about opening it. Everything
works just fine if I generate my RSA
Hi,
Add -leay32 to the end of the gcc command line of order to suppress the
link errors you are seeing. This will help the gcc linker find the
missing symbols exported by libeay32.a.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/16/2011 8:07 PM, Rui Fernandes wrote:
I&#x
elsewhere (for example in
/usr/local/ssl)
On the other hand, if it is /etc/ssl, then you need just to update the
CAs hashs in /etc/ssl/certs. For that, issue the following command :
c_rehash /etc/ssl/certs.
I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/10/2011 5:07 PM
nals or the use of the verify callback. That being said, I
remember vaguely a post by Dr Stephen Henson related to this where he
mentioned a planned change in this direction, but I can't find a link to it.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/10/2011 4:46 PM, Lou Picci
(oldCertificate),
caKey,
&clientCert);
With these modifications, everything will be OK.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 1/20/2011 2:36 PM, Bret McDanel wrote:
I am trying to load an old certificate, take the subject line and make a
new certificate si
Hi,
The function EVP_BytesToKey is used internally by this command (and
others) in order to create a key from a password. The iteration count is
set to 1. Look at the following link for more information :
http://www.openssl.org/docs/crypto/EVP_BytesToKey.html
Cheers,
--
Mounir IDRASSI
Hi,
SHA1_Init is indeed defined in sha_locl.h as HASH_INIT, whereas
SHA1_Update and SHA1_Final are defined in md32_common.h (under crypto
folder) as HASH_UPDATE and HASH_FINAL respectively.
Happy hacking,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 1/10/2011 4:40 PM, Stan Joyner wrote
Hi,
Use IMPLIB on the OpenSSL Dlls (e.g implib.exe -a libeay32.lib
libeay32.dll) in order to create OMF export libraries instead of the
COFF ones produced by VC++.
With them, the link will be successful.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/23/2010 11:30 PM, hpenaguz
Start at function rsa_builtin_keygen in file crypto/rsa/rsa_gen.c.
Good hack,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/24/2010 12:35 AM, Mike Mohr wrote:
Thanks much for the clarification. I'm interested in re-implementing
RSA for my own education; can someone point me t
Take a look at :
http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm
exponent1 = dp
exponent2 = dq
coefficient = qInv
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/23/2010 9:48 PM, Mike Mohr wrote:
Good afternoon,
When generating an RSA key, several components are
e_key(pKey));
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/19/2010 8:47 AM, akdin wrote:
I am a new user of openssl. If anybody post basic C code to generate ecc key
pairsusing openssl it will give me an insight to produce further .
Ur help will be highly appreciable.,
reg
Hi,
What compiler are you using under Windows?
From my side, I have compiled and tested binaries produced by VC++ 2008
SP1 (cl version 15.00.30729.01) and the latest standalone native MinGW
(gcc 4.5.0), and in both cases everything is OK (no crash and all tests
succeed)
--
Mounir IDRASSI
,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/3/2010 6:21 PM, Fili, Tom wrote:
Ok, so I realized if I run Configure with no-static-engine I'll get the
separate dlls. These are the commands I run
C:\Documents and Settings\tfili\Desktop\openssl-0.9.8k>perl Configure
VC-WIN32 --prefix
Hi,
There is no problem with the archive.
If you are under Windows, use the latest 7zip (version 9.20). You will
get a warning but the decompression is OK. The previous version of 7zip
had a limitation for tar support.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/3/2010 2:28 PM
http://www.openssl.org/news/secadv_20101202.txt
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/2/2010 9:03 PM, Erik Tkal wrote:
Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864
was the reason 1.0.0b was released, but I cannot find any references to the
described on his 1976
paper).
By the way, is this kind of functionality interesting enough to be
integrated into OpenSSL code?
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/25/2010 1:32 PM, Chir wrote:
Hi guys,
i want to create a RSA structure to pass this to
you enrich OpenSSL with this interesting engine.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/26/2010 10:11 AM, flavio vella wrote:
Hello,
we are a team of the department of Computer Science at the University
of Perugia (Italy).
Recently, we have developed an engine that implemen
.
I'll start a discussion about this on the dev list.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-
this solves the failures you are seeing?
Here is the link on RT with the description of the issue and the patch :
http://rt.openssl.org/Ticket/Display.html?id=2240&user=guest&pass=guest
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/24/2010 11:37 PM, Victor Duchovni wrote
Under Windows (32bit and 64bit) with VC++ 2008, all tests are OK. But
under Ubuntu 8.04 LTS with gcc 4.2.4, I have the same error.
I don't see anything OS specific in the changes introduced in t1_lib.c
or s3_srvr.c. Could it be a gcc bug?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On
such file. Maybe you have some malformed key. Can you please check that?
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/14/2010 8:57 PM, Marcus Carey wrote:
I tried the latest snap shot before I sent the first email.
OpenSSL 1.0.1-dev xx XXX .
Also, when I ran the test, they
Hi Ariel,
The simple answer to your questions is no. There is no way to workaround
this. Others have already explained why.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
> Well, I'm trying to do SSL Client Authentication for my website. So I
> bought
> a wildcard cert from GoDadd
intermediate CA programs offered by commercial CAs. This involves being
audited and vetted and this comes with some limitations. Of course, the
price for such a program can be very high depending on your needs.
I hope this clarifies things for you.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
openssl-dev to be kept updated.
That being said, I understand your frustration but the others certainly
thought you were aware of their discussion in the other list.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 10/19/2010 1:20 PM, Jakob Bohm wrote:
On 19-10-2010 12:32, per frykenvall
tificate issued by a root CA
of their own, like in any normal PKI architecture.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 10/13/2010 7:11 PM, Stefan Bauer wrote:
Dear Openssl-Users,
i recently came across a problem with the offered ssl-cert on
www.mastersnet.de
It's a self si
some problems can arise because conflicting versions of
the OpenSSL dlls exist on different directories belonging to the PATH.
try checking if the machine where the problem exists has only the
version of dlls you are targeting.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 10/13/2010
then configure your webserver to accept only
client certificates issued by your CA.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 10/12/2010 5:41 AM, Ariel wrote:
Hi again,
I could enable my site to use SSL with a wildcard certificate bought to
GoDaddy by concatening the "mysite.com.cr
Hi,
Your sample runs perfectly here: compiled using VC++ 2008 against 1.0.0a
in Release and Debug modes and ran on Windows 7 system (hardware DEP
enabled).
What compiler are you using? Can you perform a debug build and give us a
crash trace?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On
h" tab and
from there copy the CA that signed your certificate to a file (Base64
encoded). You can then transfert this file to your Linux box.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Your
On 9/20/2010 12:45 PM, Sergey Sedov wrote:
Hi,
My ISP provides
Hi,
The code is a generic OpenSSL C source that will compile using the
favorite compiler of your platform.
Did I understand your question correctly?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
> Hi
>
> Thanks for your response. In which lplatform do I compile/execute the below
> CO
Hi,
It hangs because it is waiting for the input certificate that has to be
put with the given key inside the PKCS#12 file. Replace the -certfile
option with -in and everything will be OK. Actually -certfile is for
adding additional certificate, not the main one.
--
Mounir IDRASSI
IDRIX
http
Hi,
The error says that it didn't find the expected start line for a
certificate which is -BEGIN CERTIFICATE- .
So, check that your certificate is indeed BASE64 encoded and that the
first line is -BEGIN CERTIFICATE- and the last is -END
CERTIFICATE- .
Cheers,
--
M
Hi,
The code is a generic OpenSSL C source that will compile using the
favorite compiler of your platform.
Did I understand your question correctly?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
> Hi
>
> Thanks for your response. In which platform do I compile/execute the below
> CO
exponent\n");
if (e && n)
{
EVP_PKEY* pRsaKey = EVP_PKEY_new();
RSA* rsa = RSA_new();
rsa->e = e;
rsa->n = n;
EVP_PKEY_assign_RSA(pRsaKey, rsa);
return pRsaKey;
}
else
{
if (n) BN_free(n);
if (e) BN_free(e);
ms at the start of your program. Which means in
your case that you should dlsym for OPENSSL_add_all_algorithms_noconf and
then call it.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
> Hello,
>
>For certain reasons I want to load the OpenSSL librari
hawte Primary Root CA" to "Thawte Premium Server CA".
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 9/14/2010 3:32 AM, Paul B. Henson wrote:
On Mon, 13 Sep 2010, Tim Hudson wrote:
Try gnutls without the TLS extensions processing occurring and you will
see that the server is
subject of heated debates. Concerning the specific issue here, it's clear
that OpenSSL is too restrictive compared to other major libraries since
this is a minor deviation from the BER specs (i.e. minimal bytes
representation) and thus hurts deployments of real-world certificates.
--
Mounir IDR
om
the original one.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/28/2010 10:43 PM, Goran Rakic wrote:
Hi all,
I have two X.509 certificates MUPCAGradjani.crt and MUPCARoot.crt
downloaded from http://ca.mup.gov.rs/sertifikati-lat.html
Certificate path is MUPCARoot> MUPCAGrad
print_errors(bio_err);
goto end;
}
A more correct version would be to change "||" in the if test by "&&",
and thus there will be no misleading error.
I hope this clarifies things.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/20/201
x27;s able to open it using this password.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 8/11/2010 5:14 PM, Sashi Dutt wrote:
Hello,
I was wondering if any of you guys ran into the below error and provide some
guidance/assistance?
8980:error:23076071:PKCS12 routines:PKCS12_parse:mac v
other is called CRT). The RSA size is actually the size of the
modulus.
I encourage you to read more about RSA before trying to use OpenSSL
resources for this.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
> yes ..i am not able to find the 128 byte RSA key.. how should get
>
Well, your question was "who i must do request for..." that's why we gave
you links for outside CAs.
If you are dealing with your own CA, then using a wildcard character in
the DN will do the job.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
> Le vendredi 23 juillet 2010 22:06:4
-certificates/
- http://www.verisign.com/ssl-certificates/wildcard-ssl-certificates/
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 7/24/2010 2:02 AM, Luis Daniel Lucio Quiroz wrote:
Just wondering
who i must do request for a wildcard cert, for example to accept all the
*.mydomain.com
Regards
padding to your data before feeding it to
RSA_private_encrypt.
The other option is to use a standard padding by calling
RSA_private_encrypt with RSA_PKCS1_PADDING.
I hope this clarifies things to you.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 7/19/2010 2:51 PM, anhpham wrote:
Hi all
SNI under XP and that surprises me because it's supposed to work
starting from 2.0 and up, independently from the OS. What version of
Firefox are using under XP?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 7/16/2010 3:31 PM, Richard Buskirk wrote:
I sent this situation off to the
decrypt your
string.
I hope this clarifies things to you.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
> Hi,
> Thanks for the reply Phillip. One quick question. Is the
> randomly-generated
> key PUBLIC? I know the public RSA key to encrypt the key is public, but is
> the randoml
Hi,
Just add a call to *OpenSSL_add_all_algorithms* at the beginning of your
main and the certificate verification will be OK.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
>
> Hi, I'm a newbie user of OpenSSL.
> I want to create a simple C program that verify a certific
Hi,
libcrypto is enough for basic cryptographic operations like
encryption/decryption with DES, AES, ...etc
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
> Hello all,
>
> I have a C Code which is making use of DES.h in a JNI Environment.
> I wanted to know if compiling th
Hi Andrei,
What about building the modified OpenSSL as static libraries and then
link your apps with libcrypto.a and libssl.a?
This way you will have no external dependency.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 6/24/2010 12:24 PM, Andrei Dumitrescu wrote:
Hello,
I have
Hi Robert,
Take a look at the OpenSSL.NET project on SourceForge :
http://openssl-net.sourceforge.net/
They have implemented a managed wrapper around libeay32.dll and
ssleay32.dll.
I think this is what you are looking for.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 6/23/2010 8
other give
their hints.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 6/22/2010 3:26 AM, 芦翔 wrote:
> Hi all,
> Could anybody please tell me the support status of RSASSA-PSS in openssl with
> the version after 0.9.8l. If there is the implementation, could you please
> t
Hi,
I have written a small program that demonstrates how an RSA public key can
be extracted from an OpenPGP public key file and used in OpenSSL.
You can get the source from the following link :
http://www.idrix.fr/Root/Samples/pgp_pubkey.c
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
given file is either PEM or DER
encoded and that the encoded object is an ASN.1 Sequence.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 6/3/2010 10:48 AM, Arunkumar Manickam wrote:
Hi,
Given a CRL file, how to detect its format. whether it is in PEM encoded
format or ASN1.
Thanks,
by setting a custom handler using the
function _set_invalid_parameter_handler.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
> Thomas J. Hruska schrieb:
>> Running 'openssl s_client' on 0.9.8n without any additional arguments
>> crashes openssl.exe.
>>
> Th
Hi,
Try adding the switch /Zi to the CFLAG in the makefile and rebuild the
dlls. This is mandatory to create a full program database.
I come across the same problem and I solved it with this. The perl
scripts should be updated to include this flag for the debug build.
Cheers,
--
Mounir
Hi,
Remove the unecessary call to RSA_new and the memory leak will
disappear!! (The variable p est allocated by PEM_read_RSA_PUBKEY)
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 4/19/2010 11:07 PM, Stuart Weatherby wrote:
Hi List,
I am trying to figure out why there is a memory
Bon courage pour la suite!
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 4/14/2010 3:01 PM, Rémi Després-Smyth wrote:
Merci beaucoup, Mounir,
but I got the same error.
Given the time constraints I have, I think my path moving forward is to try
another library or two to see if I can find one
teps, you will finally be able to perform
your client authentication.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 4/13/2010 6:45 PM, Rémi Després-Smyth wrote:
Mounir,
Thank you so much for your answer.
I did extract the key into a pem file (using command: c:\openssl\bin\openssl
pkc
certificate.
The first solution is the easiest because you can simply use the OPENSSL
command line utility in order to extract the private key and its
certificate from the PKCS#12 file as PEM files and then give them as
input to your python module.
I hope this will help.
--
Mounir IDRASSI
IDRIX
a rule, if you encrypt using a password, you should decrypt using a
password and if you encrypt using a specific key and IV, then you should
decrypt using the same key and IV: You can't mix the two approaches
without extra processing.
I hope this will help.
--
Mounir IDRASSI
IDRIX
http
96);
p7 = d2i_PKCS7(NULL, &ptr, inlen);
I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 4/3/2010 3:06 AM, sean wang wrote:
Hello,
I have a pkcs7 encoded cert which i want to load. the following code block
works fine: ( I am doing a base64 decoding first, will explain th
Hi John,
I have already answered your question twice on the list but it seems
that you didn't receive them for an unknown reason.
Look at the link below of OpenSSL list archive to reader what I wrote :
http://marc.info/?t=12690119749&r=1&w=2
Have a nice day,
--
Mounir IDRAS
1234, use "-password pass:1234" instead.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 3/22/2010 3:00 PM, John Chen wrote:
Hi Dr Stephen Henson,
I really could not solve this issue and need your help.
When I run openssl pkcs12 -in new.crt -inkey new.key -cer
Hi John,
To avoid the password prompt, you can add the argument "-password pass:"
to the command line. This will use an empty password for the PKCS12 file.
For a non empty value, for example 1234, use "-password pass:1234" instead.
I hope this will help.
Cheers,
--
Mouni
using by the value of the corresponding public
exponent.
If my guess is correct, then you should be able to verify the signature
correctly.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/27/2010 3:00 AM, Paul Suhler wrote:
Hi, everyone.
In Openssl 0.9.8i, I'm trying to ta
is_zero between lines 534 and 539).
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/8/2010 10:12 AM, JB Van Puyvelde wrote:
Hi,
I would like to import and use in OpenSSL RSA key pairs generated by
an other program.
This program can export public and private ke
ow it will access your
private key.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 1/12/2010 12:35 PM, Anton Xuereb wrote:
Hi,
I'm trying to create a private CA with openssl for my enterprise. I
have generated the CA private key and certificate. I have created a
key pair and a cert
ype "apt-get install wine-dev".
I hope this will help.
Cheers
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Gaurav Kumar wrote:
Hi,
I want to port few MS Crypto Api's on Linux.
Here are api's which i want to port.
CryptSetKeyParam
CryptDecrypt
CryptEncrypt
CryptGetKeyPara
ssl2_state_st structure. This member is set in the function
ssl23_get_client_hello in the file s23_srv, depending on the options of
the SSL options.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
barcaroller wrote:
"Michael S. Zick" wrote in message
The padding is added to the **
,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
barcaroller wrote:
"Mounir IDRASSI" wrote in message ...
You simply can't guess the padding mode if you don't know it in advance.
Imagine the security consequences if this was possible : it would mean
that an attacker can have i
Hi,
You simply can't guess the padding mode if you don't know it in advance.
Imagine the security consequences if this was possible : it would mean
that an attacker can have information about the clear text without
having access to the private key!!
Cheers,
--
Mounir IDRASSI
this
correct?
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Jim Welch wrote:
Hello Again,
The code is there to check for a non-null pkey. It wasn't copied to
keep the original message shorter. I've now made sure that I've
Base64'd the xml string and Base64'
ormat. Most of the work is done by the macros
DECLARE_PEM_rw_const and IMPLEMENT_PEM_rw_const. You can get the source
code from the following link :
http://www.idrix.fr/Root/Samples/custom_pem.c
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
denot...@libero.it wrote:
>
chash parameter without converting it to ASCII and
never call printf directly on byte arrays.
Once you have done these changes and if you still have errors, post your
code and we will try to help you.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
himas wrote:
Mounir IDRASSI wrote
SHA-256
instead for this purpose.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
himas wrote:
Hello, I wrote a source for encrypting and decrypting some text data
with aes_256_cbc:
-- CODE --
void aes256cbc_encrypt(char *text, char *hkey)
{
int
cally linked to the MS CRT and so they don't require any
reditribuable on the target machine.
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Max Terentiev wrote:
Hi,
I suspect BC will have its own runtime libraries to provide similar
generic C runtime fun
Hi,
There is no explicit function for this but you can use the function
BN_GF2m_add to perform the XOR of two BIGNUMs : for GF2m polynomials,
the addition is a simple bitwise XOR.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
jaze lee wrote:
> I want to implement xor function of la
1 - 100 of 125 matches
Mail list logo
