On 29/04/15 21:39, jonetsu wrote:
> Hello,
>
> The context is migrating an application to use EVP only methods.
>
> AES_set_encrypt_key(...)
>
> AES_cfb128_encrypt(...)
>
> The AES_cfb128_encrypt() is pretty clear to migrate to EVP_*,
> what about the AES_set_encrypt_key() ? I haven't foun
Hello,
The context is migrating an application to use EVP only methods.
AES_set_encrypt_key(...)
AES_cfb128_encrypt(...)
The AES_cfb128_encrypt() is pretty clear to migrate to EVP_*,
what about the AES_set_encrypt_key() ? I haven't found yet any
correlation to the EVP methods, let alone an a
> But once I showed my work to people in my company, one of them asked me why
> did I choose not to add the client hostname to the Client Certificate, thus
> making it usable only by that specific client.
You put to put the client name or ipaddr in the subjectAltName extension field.
Then you'
Hello,
I recently implemented a secured communication between two sites in which one
acts as the server and the other as the client. To accomplish this, I used
openssl to generate self-signed CA, Server and Client certificates (the calls
are made using cURL).
It all works beautifully and, testi
Correct. Locks 39/40 are only useful while the POST is running. Once
the POST completes, the POST status never changes again unless the POST
runs again. The only way to run the POST is by invoking
FIPS_mode_set(1). But there should be no reason to invoke
FIPS_mode_set(1) more than once unless y
Excellent, this is exactly the kind of information I was looking for.
Thanks very much Viktor for your help
Graeme
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Viktor Dukhovni
Sent: Wednesday, April 29, 2015 1:34 PM
To: openssl-users@ope
Can I safely assume that if I call FIPS_mode_set(0) and get a successful return
value then I don’t need to lock when there are callbacks for type 39 and 40
locks (for OpenSSL 1.0.1 and 1.0.2)?
-Bryan
> On Apr 28, 2015, at 10:22 AM, John Foley wrote:
>
> In the context of OpenSSL 1.0.1 or 1
On Wed, Apr 29, 2015 at 03:42:40PM +, Perrow, Graeme wrote:
> Apologies for the top-post; Outlook makes it hard to do anything else.
>
> Here is a small C++ reproducible. I am generating a key pair, encrypting
> a small string using OAEP and decrypting using PKCS1 and expecting the
> decrypti
Apologies for the top-post; Outlook makes it hard to do anything else.
Here is a small C++ reproducible. I am generating a key pair, encrypting a
small string using OAEP and decrypting using PKCS1 and expecting the decryption
to fail.
If I run this (on 64-bit Red Hat 6) repeatedly, the program
This is an excellent explanation in plain English. Thank you!
> On Apr 28, 2015, at 4:31 PM, Steve Marquess wrote:
>
>> On 04/28/2015 03:44 PM, Sec_Aficionado wrote:
>> Hi there,
>>
>> Total n00b question here. I recently ran across a question on an iOS
>> forum where someone was building an ap
Thanks for the comments.
> If you are implementing HMAC, perhaps for PBKDF2 (which does
> that prehash-if-too-long), I hope you mean the code does...
Yes it does.
The man page (the one online from OpenSSL project - SHA256.html)
gives a description using SHA1() which computes a message digest.
Be
Bonjour,
NID_name correspond to the OID id-at-name. There's no "equivalent field
in a certificate" that maps to an OID.
The OID id-at-name designs the attribute supertype "name", which
shouldn't be present in a certificate, but can nevertheless be present.
Anywhere.
--
Erwann ABALEA
Le 29/0
12 matches
Mail list logo
