[openssl-users] Read cer file failed

Hi All: I am reading cer file into X509 object, http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer cert = d2i_X509_fp(fp, NULL); it will return fail, as below Error: error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long Lib: asn1 encoding routines Func: ASN1_get_object Reason: h

Re: [openssl-users] OpenSSL FIPS (0.9.8) coexisting with non-FIPS (1.0.1)

The scenario that we're contemplating is having FIPS based on 0.9.8?? coexist with 1.0.1?? so the remapping at runtime would have to account for api differences within the two. This was really the upshot of my question. But I think I'm still a little confused about the FIPS-certification of Ope

Re: [openssl-users] Long startup time and poor entropy on Windows due to inefficient heap walking In RAND_poll()

Perfect! http://rt.openssl.org/Ticket/Display.html?id=3594 &user=guest&pass=guest Seems like the problem is well in hand. Thanks for the conversation, guys! -Noel __

Re: [openssl-users] Long startup time and poor entropy on Windows due to inefficient heap walking In RAND_poll()

It seems that user "guest" password "guest" allows one the ability to view it. On Mon, Jan 19, 2015 at 11:53 AM, Noel Carboni < ncarb...@prodigitalsoftware.com> wrote: > > See http://rt.openssl.org/Ticket/Display.html?id=3594 > > As a new mailing list user, I don't seem to have an account capable

Re: [openssl-users] Long startup time and poor entropy on Windows due to inefficient heap walking In RAND_poll()

> See http://rt.openssl.org/Ticket/Display.html?id=3594 As a new mailing list user, I don't seem to have an account capable of viewing that ticket. The login interface does not take my mailing list credentials. Can I assume it's a discussion of this very problem? If so, that's good. -Noel _

Re: [openssl-users] Long startup time and poor entropy on Windows due to inefficient heap walking In RAND_poll()

> The OpenSSL library developers might still want to consider alternate heap > walk coding See http://rt.openssl.org/Ticket/Display.html?id=3594 ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Long startup time and poor entropy on Windows due to inefficient heap walking In RAND_poll()

> You should seed OpenSSL's random number generator directly using > CryptGenRandom (and other entropy you might have). > Once the generator is seeded, it won't attempt to auto-seed itself with the > RAND_poll gear. Thank you for that workaround advice, Jeff. I've passed it on to the folks usi

Re: [openssl-users] Possible bug in DSA_verify() since CVE-2014-8275 patch (present in 1.0.1k and 1.0.1l)

On Mon, Jan 19, 2015, arnaud.moui...@invoxia.com wrote: > Indeed, in the streaming format I'm using, signature is stored on a > fixed size field which is equal to DSA_size(). > padding with \x00 is used to complete the signature, and > unfortunately, the real signature length was not stored, think

Re: [openssl-users] Possible bug in DSA_verify() since CVE-2014-8275 patch (present in 1.0.1k and 1.0.1l)

Sorry, I didn't get my brain last friday. I was thinking the length enforcement concerns the public key, whereas it concerns the signature... stupid. Indeed, in the streaming format I'm using, signature is stored on a fixed size field which is equal to DSA_size(). padding with \x00 is used to