Re: Can not enable via padlock

2012-05-31 Thread Michael S. Zick
On Thu May 31 2012, Salatiel Filho wrote: > Any other ideas ? > Yes, wrong or incomplete Debian package installed. Your strace shows 1.0.0 in the pathname of the libpadlock.so it is trying to open. Did your apt-get include a new libpadlock.so or perhaps that is now packaged separately by Debian.

Re: missing symbols when building openssl1.0.0g as static library..

2012-02-29 Thread Michael S. Zick
On Tue February 28 2012, JonathonS wrote: > Thanks :) That was the problem! Very interesting. I didn't think > order mattered :) > It doesn't if you use "group notation" in your ld command line. Then ld makes multiple passes over the files mentioned in the group. Mike > I reordered it and it w

Re: missing symbols when building openssl1.0.0g as static library..

2012-02-28 Thread Michael S. Zick
On Tue February 28 2012, JonathonS wrote: > Hi all, > > I am building openssl as a static library, and when I link to it, I am > getting a bunch of missing symbols that *should* be defined by > openssl. > > Here is the command I used to build openssl: > > ./Configure --prefix=/home/user/openssl_

Re: Resources for certificates using OpenSSL (newbie)

2012-02-25 Thread Michael S. Zick
On Fri February 24 2012, Edward Ned Harvey wrote: > > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > > us...@openssl.org] On Behalf Of Michael S. Zick > > > > You must be new to mailing lists also. > > Start your own thread, they are cheap he

Re: Resources for certificates using OpenSSL (newbie)

2012-02-24 Thread Michael S. Zick
On Fri February 24 2012, Jaquez Jr, Hector L. wrote: > Hello, > I am new to certificates, how to create them, how to import > them etc. You must be new to mailing lists also. Start your own thread, they are cheap here, don't hijack another topic. Mike > I am looki

Re: Confused about OpenSSL and CA Certs

2012-02-18 Thread Michael S. Zick
On Fri February 17 2012, Dave Meetchum wrote: > I am trying to use OpenSSL on iOS and Android in conjunction with libcurl > for my applications HTTP interface. From what I understand OpenSSL does not > come with a CA cert which is understandable. Also my understanding is that > if you need a CA cer

Re: [FWD] bug report

2012-01-24 Thread Michael S. Zick
On Tue January 24 2012, Lutz Jaenicke wrote: > I can’t seem to run make on my Ubuntu machine. Have been trying with the > openssl-1.0.0g.tar.gz > > I’ve also tried to make clean before, and to run ./config no-asm > > Here’s what I’m getting when I run make after the above (I tried to search > for

Re: Failing to build OpenSSL 1.0.0f on obsolete Debian box (i386, kernel 2.0.36)

2012-01-19 Thread Michael S. Zick
, not the more recent libc-6. If it does, there are probably more problems lurking that just hadn't been stumbled onto yet. ;-) Mike > -Original Message- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Michael S. Zick &g

Re: Failing to build OpenSSL 1.0.0f on obsolete Debian box (i386, kernel 2.0.36)

2012-01-18 Thread Michael S. Zick
On Wed January 18 2012, William A. Rowe Jr. wrote: > On 1/18/2012 9:57 AM, Brooke, Simon wrote: > > Sadly, removing -fomit-frame-pointer does not work. > > Isn't that the default behavior for -O3? > On GCC - yes. OP is using the ancestor of what is now known as GCC. The answer was in another pe

Re: Failing to build OpenSSL 1.0.0f on obsolete Debian box (i386, kernel 2.0.36)

2012-01-18 Thread Michael S. Zick
On Wed January 18 2012, Michael S. Zick wrote: > On Wed January 18 2012, Jakob Bohm wrote: > > On 1/18/2012 1:54 PM, Michael S. Zick wrote: > > > On Wed January 18 2012, Jakob Bohm wrote: > > >> On 1/18/2012 12:00 PM, Brooke, Simon wrote: > > >>> Hi >

Re: Failing to build OpenSSL 1.0.0f on obsolete Debian box (i386, kernel 2.0.36)

2012-01-18 Thread Michael S. Zick
On Wed January 18 2012, Jakob Bohm wrote: > On 1/18/2012 1:54 PM, Michael S. Zick wrote: > > On Wed January 18 2012, Jakob Bohm wrote: > >> On 1/18/2012 12:00 PM, Brooke, Simon wrote: > >>> Hi > >>> > >>> We have a box running Debian 2.1 stil

Re: Failing to build OpenSSL 1.0.0f on obsolete Debian box (i386, kernel 2.0.36)

2012-01-18 Thread Michael S. Zick
On Wed January 18 2012, Jakob Bohm wrote: > On 1/18/2012 12:00 PM, Brooke, Simon wrote: > > Hi > > > > We have a box running Debian 2.1 still in production, and for complicated > > reasons we can't replace it immediately. I'm trying to compile OpenSSH for > > it, and to do that I need to compile

Re: Deadlock - SSL_Connect()

2012-01-16 Thread Michael S. Zick
On Mon January 16 2012, Nathan Smyth wrote: > Yes, strangely this doesn't help. Actually, what I do is set the socket to > non-blocking AFTER the SSL handshake, which I thought should work... > > Could there be some issue with numerous SSL connections between the same > parties? Or maybe it's >

Re: Reworking OpenSSL code from using files to reading keys from memory

2012-01-13 Thread Michael S. Zick
On Thu January 12 2012, Dave Thompson wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of Wojciech Kocjan > > Sent: Wednesday, 11 January, 2012 14:47 > > > I am working on reworking existing code that uses several OpenSSL APIs > > from using files to store keys, certificates and CAs to p

Re: Verify intermediate certificate

2012-01-12 Thread Michael S. Zick
On Thu January 12 2012, Johannes Bauer wrote: > Hello group, > > I have a question regarding the verify method of OpenSSL: If I have a > certificate chain > > Root -> A -> B -> Leaf > > where "Leaf" is the certificate of a webserver (https) and Root is a > self-signed certificate. > > In this s

Re: Question on OpenSSL encryption

2012-01-07 Thread Michael S. Zick
On Sat January 7 2012, Manish Jain wrote: > > Hi, > > I am new to OpenSSL and am trying to prepare some illustrative > documentation on how it works. > > AFAIK, OpenSSL uses the concept of a pair of keys per host : one is a > private key which is never communicated to any other host, and the o

Re: Problems with including zlib

2012-01-02 Thread Michael S. Zick
On Sun January 1 2012, grarpamp wrote: > > Translation: I have to agree with O.P. - It looks broke to me too. ;-) > > Heh, that's precisely what I said in my report :) The front end > options to do it seem to exist, and they even have some brief > descriptions as such. They just don't work :) >

Re: Problems with including zlib

2011-12-27 Thread Michael S. Zick
On Tue December 27 2011, Michael S. Zick wrote: > On Tue December 27 2011, Michael S. Zick wrote: > > On Tue December 27 2011, Jakob Bohm wrote: > > > On 12/26/2011 1:31 AM, Michael S. Zick wrote: > > > > On Sun December 25 2011, jb-open...@wisemo.com wrote: > >

Re: Problems with including zlib

2011-12-27 Thread Michael S. Zick
On Tue December 27 2011, Michael S. Zick wrote: > On Tue December 27 2011, Jakob Bohm wrote: > > On 12/26/2011 1:31 AM, Michael S. Zick wrote: > > > On Sun December 25 2011, jb-open...@wisemo.com wrote: > > >> Merry Christmas, and thanks to Michael for pointing ou

Re: Problems with including zlib

2011-12-27 Thread Michael S. Zick
On Tue December 27 2011, Jakob Bohm wrote: > On 12/26/2011 1:31 AM, Michael S. Zick wrote: > > On Sun December 25 2011, jb-open...@wisemo.com wrote: > >> Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld > >> specific > >> option to d

Re: Problems with including zlib

2011-12-25 Thread Michael S. Zick
On Sun December 25 2011, jb-open...@wisemo.com wrote: > Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld > specific > option to do this in manually written Makefiles. > > My replies below are about how to achieve this without GNU specific options > and without having to edit t

Re: Problems with including zlib

2011-12-24 Thread Michael S. Zick
On Mon December 19 2011, grarpamp wrote: > I have a case that needs zlib statically in openssl. > But I can't seem to make that. Only dynamic is made. > > For testing I put zlib125 in its own . > Then for openssl... > > ./config > --prefix= > --with-zlib-include=/include > --with-zlib-lib=/lib >

Re: How to create pfx-file from pem-file (with signed certificate) and private key ?

2011-12-16 Thread Michael S. Zick
On Fri December 16 2011, _daxh_ wrote: > > Hello. > > I have signed certificate stored in cert.pem file. Also I have private key > stored in iPhoneMyBase64PrivateKey.pem. Then I can use the fillowing openSSL > comand: > > $openssl pkcs12 -export -out certificate.pfx -inkey > iPhoneMyBase64Privat

Re: s_server option to send certificate chain

2011-12-09 Thread Michael S. Zick
On Fri December 9 2011, vivek here wrote: > Hi every body, > Is there any command line option for configuring s_server to send > certificate chain. > > Example: server cert (S) > S was singned by CA certificate (S_CA). > Now I want to send S ( by -cert option) as well as S_C

Re: large upload issue

2011-12-09 Thread Michael S. Zick
On Fri December 9 2011, MK wrote: > On Fri, 9 Dec 2011 07:55:07 -0600 > "Michael S. Zick" wrote: > > > Evidently your connection is doing a renegotiation during the > > transfer. You missed: > > http://stackoverflow.com/questions/3952104/how-to-handle-open

Re: large upload issue

2011-12-09 Thread Michael S. Zick
On Fri December 9 2011, MK wrote: > Hi! I'm new to ssl and am having some problems. I'm working on an > http server; the interface is in perl and the internals are in perl and > C; the SSL module is in C. > > Everything works fine except for large file uploads (using > "multipart/form-data"), wh

Re: Blowfish algorithm problem with OpenSSL 1.0.0e (32-bit)

2011-11-28 Thread Michael S. Zick
version that you expected/intended. M$ and *nix systems use different library locating/loading algorithms - I can't help you with sorting out your M$ problem. Mike > Jussi > > 2011/11/28 Michael S. Zick : > > On Mon November 28 2011, Jussi Peltonen wrote: > >> No, it d

Re: Blowfish algorithm problem with OpenSSL 1.0.0e (32-bit)

2011-11-28 Thread Michael S. Zick
On Mon November 28 2011, Jussi Peltonen wrote: > No, it doesn't work on Linux either, if I link my test program using > OpenSSL 1.0.0e. > > The test program works on Linux if I link it differently. > > $ ldd blowfish > libcrypto.so.1 => /usr/lib/libcrypto.so.1 (0x40022000) > libc.

Re: SSL_Connect call gives SSL_ERROR_WANT_READ for non blocking sockets

2011-11-21 Thread Michael S. Zick
#x27;t respond to the want-write and/or want-read. Something which your code must do when using non-blocking sockets. Mike > ~Arjun > > On Thu, Nov 17, 2011 at 11:50 PM, Michael S. Zick wrote: > > > On Thu November 17 2011, Arjun SM wrote: > > > Hi, > > >

Re: SSL_Connect call gives SSL_ERROR_WANT_READ for non blocking sockets

2011-11-17 Thread Michael S. Zick
On Thu November 17 2011, Arjun SM wrote: > Hi, > Thanks for the reply. > I have called the ssl_connect() function again after checking for > SSL_ERROR_WANT_READ > and SSL_ERROR_WANT_WRITE. But I wanted to know if I can optimize my code. > Below is my code > > int counter = 6; > while (

Re: recommendations for encrypting a document on a distributed CD?

2011-11-02 Thread Michael S. Zick
On Wed November 2 2011, Joe Flowers wrote: > PGP? > Password protected PDF? Mike > > > On Wed, Nov 2, 2011 at 8:27 AM, Joe Flowers wrote: > > > Hello Everyone, > > > > I would like recommendations and suggestions for encrypting a document on > > a distributed CD. I would like someone to be ab

Re: New cipher development

2011-11-01 Thread Michael S. Zick
be nice to read what the details of the claims will be and what sort of restrictions they may imply. Which was why I was looking for the patent application. I guess I can wait until your law firm cranks out the paperwork. ;-) Mike > > Regards, > > Tom > > > > > >

Re: New cipher development

2011-11-01 Thread Michael S. Zick
On Tue November 1 2011, cbgarcia wrote: > I am looking for a cryptographer who may be interested in co-developing a new > cipher for SSL. > > This cipher is in the undecidable class (the hardest class in computational > complexity) and denies brute-force discovery of a key. > > The cipher is de

Re: Problems with AES-CFB1

2011-11-01 Thread Michael S. Zick
On Mon October 31 2011, Dave Thompson wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of Michael S. Zick > > Sent: Sunday, 30 October, 2011 06:36 > > > On Sun October 30 2011, Ananthasayanan Kandiah wrote: > > > #include > > > #

Re: Open SSL API's Support For IPv6.

2011-10-31 Thread Michael S. Zick
On Mon October 31 2011, Akanksha Shukla wrote: >                 ERR_print_errors_fp(stderr); > Because your writing to stderr rather than pFile? Mike __ OpenSSL Project http://www.openssl.org Use

Re: Open SSL API's Support For IPv6.

2011-10-31 Thread Michael S. Zick
On Mon October 31 2011, Akanksha Shukla wrote: > > Could you please have a look and help me here. > I am not able to proceed further. > Sorry, I do not have the required experience in either "C" or "C like" languages to be of any help. And you really need the help of a beginner's coding forum.

Re: Problems with AES-CFB1

2011-10-30 Thread Michael S. Zick
On Sun October 30 2011, Ananthasayanan Kandiah wrote: > #include > #include > #include > #include > > #define  KEY_SIZE 16 > > int main(void) > { >     int            i; >     AES_KEY        key; >     BIO*        bio_out; > >     unsigned char key_data[KEY_SIZE] = { >         0xfe, 0xec, 0x

Re: strong TLS connections

2011-10-27 Thread Michael S. Zick
On Wed October 26 2011, Kristen J. Webb wrote: > Having an app that can use certs, it > appears, is nothing compared with how to deploy it and manage those certs ;) > > A general truism not specific to "certs". Recognizing (or implementing) a "need for trust" is one thing; Determining (or establi

Re: Open SSL API's Support For IPv6.

2011-10-25 Thread Michael S. Zick
On Tue October 25 2011, Akanksha Shukla wrote: > Hi Stephen, > > > > I added debug code as: > > > > int retryCounter = 0; > > while(retryCounter < CONNECT_MAX_TRY) > > { > > int retVal = BIO_do_connect(conn); > > if(retVal <= 0) > > { > > if(BIO_should_retry(conn)

Re: FIPS-capable OpenSSL that works on Windows NT

2011-10-05 Thread Michael S. Zick
On Tue October 4 2011, William A. Rowe Jr. wrote: > On 10/4/2011 10:45 PM, Bill Durant wrote: > > > > Does anyone know how to produce a FIPS-capable OpenSSL that works on > > Windows NT? > > It's likely not possible... > > > But when I run it under Windows NT, I get the following run-time error

Re: Convert ASN1_OCTET_STRING contents to ASN1 Sequence

2011-09-22 Thread Michael S. Zick
On Thu September 22 2011, Chang Lee wrote: > Thanks Dominik for the tip. Actually, I have been poring over the OpenSSL > code, though we're using the 0.9.8 branch, hoping to find a built-in > primitive SEQUENCE to use but to no avail. As you say, there are templates > for primitives and I looked

Re: Disabling SSLv2

2011-09-05 Thread Michael S. Zick
On Mon September 5 2011, Michael B Allen wrote: > On Sat, Sep 3, 2011 at 7:16 AM, Michael S. Zick wrote: > > On Fri September 2 2011, Michael B Allen wrote: > >> On Fri, Sep 2, 2011 at 4:07 PM, Dr. Stephen Henson > >> wrote: > >> > On

Re: Disabling SSLv2

2011-09-03 Thread Michael S. Zick
On Fri September 2 2011, Michael B Allen wrote: > On Fri, Sep 2, 2011 at 4:07 PM, Dr. Stephen Henson wrote: > > On Fri, Sep 02, 2011, Coda Highland wrote: > > > >> > Well I was hoping there was some kind of global configuration file > >> > directive that would affect the behavior of the openssl li

Re: Disabling SSLv2

2011-09-02 Thread Michael S. Zick
On Fri September 2 2011, Michael B Allen wrote: > On Fri, Sep 2, 2011 at 2:09 PM, Dr. Stephen Henson wrote: > > On Fri, Sep 02, 2011, Michael B Allen wrote: > > > >> Hello, > >> > >> Is there a way to disable SSLv2 system-wide (assuming non-static > >> linking)? I am trying to get a CentOS 5.6 sys

Re: My bank has an invalid cert

2011-08-25 Thread Michael S. Zick
x27;t share '/etc/ssl/certs'. > > >> > > >> If we had the bank URL, we would be able to better help you to resolve > > >> this issue. > > >> > > >> > > >> On 08/25/2011 01:45 PM, t...@terralogic.net wrote: > > >>>

Re: My bank has an invalid cert

2011-08-25 Thread Michael S. Zick
t; >> > > >> > > >> On 08/25/2011 01:45 PM, t...@terralogic.net wrote: > > >>> I know you are trying to help. But it doesn't help me to defer to a > > >>> package manager because I'm trying to fix what the last package > >

Re: My bank has an invalid cert

2011-08-25 Thread Michael S. Zick
On Wed August 24 2011, t...@terralogic.net wrote: > Top posting to a hijacked thread is not the way to get a quick and useful reply. Next time, start your own. Mailing list threads are cheap. > I see my bank has an invalid cert. Likely I have an old cert chain. I'm > running Debian Linux and f

Re: Which openssl.cnf?

2011-08-12 Thread Michael S. Zick
On Fri August 12 2011, Eric Raunig wrote: > I don't know this syntax ie: > # openssl strace > openssl:Error: 'strace' is an invalid command. > Try these instead: man strace strace --help strace openssl ...whatever... Mike > Standard commands > asn1parse caciphers

Re: Tracking the latency with openssl

2011-08-11 Thread Michael S. Zick
On Thu August 11 2011, Muhammad Shoaib bin altaf wrote: > > Hey List, > > I am trying to hack the openssl code to play around with the 'speed' > option. So basically if I run > > openssl speed xyz_algo -engine > > it will do the computations for 3 sec for some block sizes (64,..2048). > > bas

Re: pki certificates

2011-08-09 Thread Michael S. Zick
On Tue August 9 2011, Travis Dimmig wrote: > I'm trying to set up a WPA2-enterprise network using eap-tls. I use openssl > to create the self-signed root CA, the server certificate for the radius > server, and all of the client certificates. After importing the root CA and > client certificate

Re: Fwd: Trying to Link Statically to Libcrypto

2011-07-20 Thread Michael S. Zick
On Wed July 20 2011, brandon...@aol.com wrote: > > It didn't fix it. In the end, I cannot link statically without libsasl2.a, > which I am having difficulty obtaining, but which must be somehow obtainable. > In the meantime, I am including libraries for which I have a static version > in my o

Re: Trying to Link Statically to Libcrypto

2011-07-19 Thread Michael S. Zick
On Sun July 17 2011, brandon...@aol.com wrote: > > Although I've been programming on various platforms for quite awhile, I don't > know much about the principles involved here - i.e. Linux or static vs > dynamix linking. You are right, it is linking to libldap. > When in doubt, ask Google: h

Re: Trying to Link Statically to Libcrypto

2011-07-19 Thread Michael S. Zick
; /usr/lib/libldap.a(gssapi.o): In function `ldap_gssapi_bind_s': > (.text+0x16e7): undefined reference to `gss_release_buffer' > /usr/lib/libldap.a(gssapi.o): In function `ldap_gssapi_bind_s': > (.text+0x177f): undefined reference to `gss_init_sec_context' > /usr/lib/li

Re: Trying to Link Statically to Libcrypto

2011-07-19 Thread Michael S. Zick
On Tue July 19 2011, Albrecht Schlosser wrote: > On 19.07.2011 13:30, Michael S. Zick wrote: > > But a quicker answer to just a symbol or a few: use the toolchain. > > ... > > > Now enter: > > nm /usr/lib/libldap.a > > be rewarded with a listing 1,830 lines

Re: Trying to Link Statically to Libcrypto

2011-07-19 Thread Michael S. Zick
On Tue July 19 2011, Albrecht Schlosser wrote: > On 19.07.2011 07:20, brandon...@aol.com wrote: > > Actually, I was advised to put libssl after libcrypto. > > I'm afraid that is the wrong order. See below. > > > I don't recall being told to put libssl after libldap. > > Yep, may be. The rule

Re: Trying to Link Statically to Libcrypto

2011-07-17 Thread Michael S. Zick
On Sun July 17 2011, brandon...@aol.com wrote: > > Although I've been programming on various platforms for quite awhile, I don't > know much about the principles involved here - i.e. Linux or static vs > dynamix linking. You are right, it is linking to libldap. > > What I am trying to do is r

Re: Trying to Link Statically to Libcrypto

2011-07-17 Thread Michael S. Zick
needed with inter-dependant libraries. (Which the driver front end is doing for you with the standard libraries.) Hint: put -W,-t into the linker's command line, let it tell you what it is doing. > Thanks to all of you for your continuing help. > > Brandon > > > >

Re: Trying to Link Statically to Libcrypto

2011-07-17 Thread Michael S. Zick
mation and more than I knew. When I > get back to work on Monday, or possibly before if I go in for a few minutes, > I will send the full g++ command I am using as well as the error messages.. > > > > > > -Original Message- > From: Michael S. Zick > To

Re: Trying to Link Statically to Libcrypto

2011-07-16 Thread Michael S. Zick
On Sat July 16 2011, brandon...@aol.com wrote: > I am already linking in -lldap. Will -lopenldap work better? > It is hard to say without seeing your full command input and the output of where the linker is looking for libraries and in what order. __order matters__ > > link to OpenSSL first, a

Re: Handshake fails for unknown reason

2011-07-07 Thread Michael S. Zick
On Thu July 7 2011, tobob...@web.de wrote: > - - snip - - > > Please post in plain text only to (any) public mailing list. An html post with the inclusion of signature blocks having links that may be used for e-mail data gathering is very, very poor form for public mailing lists. Mike > _

Re: How is key calculated from passphrase

2011-07-01 Thread Michael S. Zick
On Fri July 1 2011, Jeffrey Walton wrote: > On Fri, Jul 1, 2011 at 8:58 AM, Daniel Wambold wrote: > > Hello list. Sorry for what is likely a simple question but I'm running out > > of time and could use a quick hand. I have a program that encrypts data > > using AES256 CBC mode and a 256 bit (ob

Re: SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:293

2011-07-01 Thread Michael S. Zick
On Fri July 1 2011, islam wrote: > Hi Guys > > i have some problems using openssl to implement a pop3s (over tls). The > code is here : > > http://stackoverflow.com/questions/6520676/pop3s-implementation-using-openssl-library > > pls this is very urgent. > Then send money. Open Source softw

Re: What is the maximum data size for encrypting with rsautl command?

2011-06-27 Thread Michael S. Zick
On Mon June 27 2011, Vladimir Belov wrote: > Thanks for answer, Chris. > > I understand that slow RSA algorithm is not used to encrypt large amounts of > data, instead of it symmetric algorithms are used. > > But is it the limit of RSA-algorithm or only OpenSSL library's limit? > The size of th

Re: Reliable identification by DN (or something else) for commercially-signed certs?

2011-06-26 Thread Michael S. Zick
On Sun June 26 2011, Leo Richard Comerford wrote: > Hello. > > I'm looking at setting up a service using OpenSSL with client certs > signed by one of the (fairly-)big-name "browser cabal" commercial CAs. > But (as normal) I only want to allow certain, authorised clients to > connect, not anyone wi

Re: Client Hello too large ?

2011-06-21 Thread Michael S. Zick
On Mon June 20 2011, Alban Diquet wrote: > Hi all, > > I've encountered a strange issue. It might not be related to OpenSSL itself, > but maybe it is. > > When sending a Client Hello message that's larger than 270 bytes (not sure > what the exact limit is, 255 maybe?), lots of servers on the inte

Re: Any tutorial on adding new cryptoalgorithm ?

2011-06-20 Thread Michael S. Zick
On Sun June 19 2011, Ilya Dyoshin wrote: > Good day! > > is there any tutorial on adding a new cryptoalgorithms to openssl wrapper. > I.e.: I have a set of cryptographic functions released in c (for crypting, > decrypting etc.), and want to wrap it to openssl, in order to use it as an > algor

Re: cross compiling for ARM running Android

2011-06-16 Thread Michael S. Zick
On Thu June 16 2011, Michael S. Zick wrote: > On Thu June 16 2011, Nahid Alam wrote: > > Hi, > > > > I am using OpenSSL 0.9.8k to write a simple AES encryption application that > > works fine in x86. It uses EVP library APIs for encryption/decryption > > purpose.

Re: cross compiling for ARM running Android

2011-06-16 Thread Michael S. Zick
On Thu June 16 2011, Nahid Alam wrote: > Hi, > > I am using OpenSSL 0.9.8k to write a simple AES encryption application that > works fine in x86. It uses EVP library APIs for encryption/decryption > purpose. > > Now I need to compile it for Tegra2 (ARM) which is running Android 2.2 > I am using C

Re: Replacement of functions that operate with sockets

2011-06-15 Thread Michael S. Zick
On Wed June 15 2011, Wim Lewis wrote: > > On 15 Jun 2011, at 11:57 AM, wrote: > > Whether is it possible to implement? I have read in the documentation about > > BIO-functions, and could not understand is it possible to implement or not. > > Thanks for any help or suggestions. > > Yes, this is

Re: some questions about openssl

2011-06-05 Thread Michael S. Zick
On Fri June 3 2011, loody wrote: > hi: > > 2011/4/20 Mike Mohr : > > IMHO openssl is unsuitable for this purpose.  Openssl is really good > > at what it does, don't get me wrong, but using it in a boot loader > > probably isn't the easiest/smartest idea.  What you really want is a > > subset of PK

Re: Errors with certificate signing x509v1 when making test. Test failed

2011-06-01 Thread Michael S. Zick
On Wed June 1 2011, Dr. Stephen Henson wrote: > On Tue, May 31, 2011, gvfb wrote: > > > > > >Thanks, I've got the package for shared libraries libssl0.9.8 as well as > > >the -dev packages which I need to compile IMAP toolkit, I'll probably use > > >those, unless I manage to install from source

Re: Errors with certificate signing x509v1 when making test. Test failed

2011-06-01 Thread Michael S. Zick
On Tue May 31 2011, gvfb wrote: > > De: owner-openssl-us...@openssl.org > Para: openssl-users@openssl.org > Cc: > Fecha: Tue, 31 May 2011 23:08:18 -0400 > Asunto: RE: Errors with certificate signing x509v1 when making test. Test > failed > > > > From: owner-openssl-us...@openssl.org On Behalf

Re: Using PCKS Padding in OpenSSL

2011-05-30 Thread Michael S. Zick
On Sun May 29 2011, greenelephant wrote: > > Hello > > I have a computer with Ubuntu OS and an Apache HTTP server. I am trying to > create a SSL certificate using RSA public and private keys. > > However it has come to my attention that at this present moment there are > sophisticated methods

Re: [openssl-users] Quick eyeball requested - self generate openssl certs/CA

2011-05-19 Thread Michael S. Zick
On Thu May 19 2011, Tim Watts wrote: > I think I might add some "randomness" into mine - seems easy enough. I > won't pretend I fully understand why - mostly because I wasn't clear why > the serial is important. > If your CPU has a 'time stamp register' (cycle counts since power-up) - You can g

Re: Fwd: vulnerability management

2011-05-13 Thread Michael S. Zick
. > > Argyris > > Begin forwarded message: > > > From: "Michael S. Zick" > > Date: 12 May 2011 14:22:58 GMT+01:00 > > To: openssl-users@openssl.org > > Subject: Re: vulnerability management > > Reply-To: openssl-users@openssl.org > >

Re: vulnerability management

2011-05-12 Thread Michael S. Zick
On Thu May 12 2011, Argyris Ps wrote: > > Hi all, > > > I have run a vulnerability scanning against some systems and some > vulnerabilities have come up related with OpenSSL. However, some of them have > not 443 port open or have nothing but a single file named as openSSL inside > some other'

Re: Multiple connection from 1 client

2011-05-06 Thread Michael S. Zick
On Fri May 6 2011, derleader mail wrote: > Hi, > > > I have a server application, which accepts normal sockets and ssl socket > connections. > I am trying to make 3 connections to server from 1 client machine, on same > server port. > > When i connect on normal sockets then it works w

Re: RSA_private_decrypt across processes

2011-05-04 Thread Michael S. Zick
On Wed May 4 2011, Michael S. Zick wrote: > On Wed May 4 2011, Mounir IDRASSI wrote: > > > > Well, this is not quiet adapted to the situation. OpenSSL is a library > > and it doesn't spawn any process. Moreover, the issue is with the > > internal builtin RNG

Re: RSA_private_decrypt across processes

2011-05-04 Thread Michael S. Zick
On Wed May 4 2011, Mounir IDRASSI wrote: > > Well, this is not quiet adapted to the situation. OpenSSL is a library > and it doesn't spawn any process. Moreover, the issue is with the > internal builtin RNG of OpenSSL and a simple user of OpenSSL can not > change its implementation. > Apart fro

Re: Cannot encrypt text - need help

2011-05-02 Thread Michael S. Zick
On Mon May 2 2011, derleader mail wrote: >>> > I'm going to use stream protocol - TCP/IP. Here is the > >> template source > >> > code of the server without the encryption part > >> > >> We mean application protocol. > >> > >> > while (1) { > >> > sock = accept(listensock, NULL, NULL)

Re: Cannot encrypt text - need help

2011-04-30 Thread Michael S. Zick
On Sat April 30 2011, derleader mail wrote: > > Hi, > The encrypted output is not a NULL terminated string so strlen will not > work. >>> EVP_DecryptUpdate(&ctx, (unsigned char *)plaintextz, &out_len, > (unsigned char *)ciphertext, strlen(ciphertext)); > > Use the length out

Re: issue with p12 creation and network solutions EV SSL

2011-04-23 Thread Michael S. Zick
On Sat April 23 2011, James Chase wrote: > > I have done this multiple years in a row with the exact same process but > > now I get the following error when I try to create my SSL: > > Has worked for years and now it fails? OK, what changed? From: http://www.openssl.org/docs/apps/pkcs12.html -ch

Re: Registration

2011-02-26 Thread Michael S. Zick
On Fri February 25 2011, John R Pierce wrote: > On 02/25/11 4:28 PM, David Schwartz wrote: > > On 2/25/2011 11:59 AM, Michael S. Zick wrote: > >> On Fri February 25 2011, Ricardo Custodio wrote: > >>> Veja www.icp.edu.br > >>> > >> > >> I

Re: Registration

2011-02-25 Thread Michael S. Zick
On Fri February 25 2011, Ricardo Custodio wrote: > Veja www.icp.edu.br > Interesting, I get a "server certificate fails authentication" from the above address. Keep in mind that when the person offering advice can't get it right. . . . Mike > rfc > > 2011/2/25 Emerson Saito > > > Maicon, do

Re: Help A Newbie , Please

2011-02-23 Thread Michael S. Zick
On Wed February 23 2011, Hammad Bhutta wrote: > thanks for your reply but can you direct me with the link. Plus how can i > make the appache listne to port 443 > Here is a good starting point: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html Google can probably answer anything you don't find a

Re: Compile openssl as shared library for EM7075 (Mips EL)

2011-01-23 Thread Michael S. Zick
On Sun January 23 2011, Dr. Stephen Henson wrote: > On Sat, Jan 22, 2011, Martin Herrman wrote: > > > All, > > > > I am working on a custom firmware for a multimedia device (Eminent > > EM7075) which is based on a MIPS EL architecture. > > > > The official firmware contains a shared libcrypto.so

Re: Let's talk about HTTPS Everywhere

2011-01-19 Thread Michael S. Zick
On Wed January 19 2011, S Mathias wrote: > Ok. It's a Firefox Add-on: > > https://www.eff.org/https-everywhere > > Questions: > > 1) But: Why can't i find it on the offical Firefox Add-ons site?: > https://addons.mozilla.org/en-US/firefox/ > > 2) Did anyone audited the "HTTPS Everywhere" code?

Re: Decrypting SSL packets with the keys retrieved from openssl

2010-12-20 Thread Michael S. Zick
On Mon December 20 2010, Yigit wrote: > > Hello all, > I have seen one or two related previous subjects but they didn't solve my > problem. So I am posting a new one. > > There is an application on my computer which connects to a server using > openssl. I have to see their traffic which means eit

Re: How can I load a PEM key stored in a string instead from a file?

2010-10-27 Thread Michael S. Zick
On Tue October 26 2010, Leandro Santiago wrote: > Sorry. I don't understand everything. Do you have any code example? > I've tried to read the source code of these functions, but > PEM_read_PrivateKey is a macro (and I hate read big macros) :-( > gcc -E ... >output.txt Is your answer to that comp

Re: Cannot build shared library on Linux with FIPS capable OpenSSL

2010-10-13 Thread Michael S. Zick
that I follow other projects where the Ubuntu change did cause problems. I don't have any links handy about what they needed to do. Mike > Thanks, > > Bill > > On Oct 13, 2010, at 6:01 AM, Michael S. Zick wrote: > > > On Tue October 12 2010, Bill wrote: > >

Re: Cannot build shared library on Linux with FIPS capable OpenSSL

2010-10-13 Thread Michael S. Zick
On Tue October 12 2010, Bill wrote: > Hello Steve, > > Good eye! That got rid of the compilation error. > > However, FIPS_mode_set(1) fails when it gets called from a "shared" > library that links with the "static" version of the FIPS-capable > OpenSSL library. > > Calling FIPS_mode_set(1)

Re: memcpy in RAND_bytes

2010-10-05 Thread Michael S. Zick
On Tue October 5 2010, krishnamurthy santhanam wrote: > Hi, > > memcpy is not working for the RAND_bytes. could anyone help me to resolve > the issue. > > blf.c > > #include > #include"scatype.h" > #include > #define BF_DEFAULT_KEY_SIZE 128 > typedef struct { > unsigned long length; >

Re: Hello!

2010-10-04 Thread Michael S. Zick
On Mon October 4 2010, irivas wrote: > Hello everyone! > > My name's Irving and I'm new to openssl. > > I'm having an issue and I hope I can get help here. > > I have a tiny software written to communicate with an http server; on a > Solaris system it works alright, but on an OpenVMS system I'm

Re: where is the memory being held

2010-09-24 Thread Michael S. Zick
On Fri September 24 2010, zhu qun-ying wrote: > Hi, > > I think I should clarify something here. The app is running in a small > device that does not have virtual memory (no swap space) and the memory is > limited (256/512 M). In peek connections, it may use up to 90% of the system > memory,

Re: Cipher selection

2010-08-12 Thread Michael S. Zick
On Thu August 12 2010, Tim Cloud wrote: > > That is EXACTLY what I want to do. > But having a background as a SQL DBA, I have no idea how to do that. > Is there an easy answer? > The server will be running Windows 2003 32-Bit, and I just want to > compile it with only the FIPS compliant stro

Re: Cipher selection

2010-08-12 Thread Michael S. Zick
On Wed August 11 2010, Tim Cloud wrote: > Let's pretend for a moment that an out of the box application uses openssl to > provide access not through a browser, but rather through a SOAP client like > Eclipse. > And let's also say that you have no access to the code internal to that > application

Re: RSA_generate_key

2010-08-02 Thread Michael S. Zick
On Mon August 2 2010, krishnamurthy santhanam wrote: > Hi, > > i am new to OpenSSL..i have to use RSA_generate key function to generate > key..below is the program and outcome..is this the way to generate key? > > #include > #include > #include > int main() > { > char *plain="Sample text"; //Samp

Re: AES128 CBC

2010-07-16 Thread Michael S. Zick
On Thu July 15 2010, Anthony Gabrielson wrote: > > On Jul 15, 2010, at 6:18 PM, Michael S. Zick wrote: > > > Interesting blog. > > > > One quick question on the first linked-to source at the top: > > quote > >memset(plaintext,0,sizeof(plaintext)); >

Re: AES128 CBC

2010-07-15 Thread Michael S. Zick
On Thu July 15 2010, Anthony Gabrielson wrote: > Hello, > This seems to be a pretty typical question that gets posted often. I have a > simple example that I think hits it. Anyway, its the first entry into a blog > that I'm starting to building up. If your interested the code and (a brief) > ex

Re: core dump in openssl library

2010-07-15 Thread Michael S. Zick
On Thu July 15 2010, kai_yang2008 wrote: > Hi All, > > I have encountered a core dump in libssl library which is called by mod_ssl > in apache product on hpux 11.23 and 11.31 platform. > The core dump happens when i use O3 to build the openssl while O1 will not > create this core dump. > It see

  1   2   3   >