I am using an IMAP library, which supports only blocking SSL IO.
I am planning to convert my that to do non-blocking SSL IO.
Which is the best place to set the flag to non-blocking?
These are my concerns:
1. What areas of the program will have to be converted because of
this? re SSL_read and SSL_w
Hi,
Take a look at function get_client_master_key in the file s2_srv.c, and
specifically at the line where a call to ssl_rsa_private_decrypt is made
: in it, the decision to use RSA_PKCS1_PADDING or RSA_SSLV23_PADDING is
made depending on the value of the member ssl2_rollback of the
ssl2_stat
On Mon, Nov 09, 2009, barcaroller wrote:
>
> "Mounir IDRASSI" wrote in message
>
> > To my knowledge, SSLV2, SSLV3 and TLS1.0 all use PKCS#1 Block Type 2
> > padding.
>
> Are you sure about this? I'm writing a server and I occasionally get the
> error I reported; however, if what you are say
"Michael S. Zick" wrote in message
> The padding is added to the **plain text**
> After decryption, the server can determine the padding present.
I'm writing a server and I usually just call RSA_private_decrypt(...,
RSA_PKCS1_PADDING). Everything works fine most of the time but sometimes I
get
"Mounir IDRASSI" wrote in message
> To my knowledge, SSLV2, SSLV3 and TLS1.0 all use PKCS#1 Block Type 2
> padding.
Are you sure about this? I'm writing a server and I occasionally get the
error I reported; however, if what you are saying is true, the error may be
indicative of another probl
On Mon, Nov 09, 2009, Daugherty wrote:
> Another mistake I made was specifying FIPSLD_CC=gcc instead of FIPSLD_CC=g++.
>
> Now, when I link, I get the following error:
>
> /usr/local/src/openssl-fips-1.2/fips/fipsld -Wl,-O3 -D_REENTRANT
> -DACE_HAS_AIO_CALLS -D_GNU_SOURCE
> -I/home/linuxbuil
> From: owner-openssl-us...@openssl.org On Behalf Of dutchman1
> Sent: Friday, 06 November, 2009 09:11
> thanks for your reply. The cert was located on a hardware
> device and I'm
> trying to write it to file through C code so something might
> be lost in
> translation. I've attached the cert to
Hi Kirk,
> I've already implemented the ECDSA scheme in my application:
> using SHA-1 and secp160k1.
In that case, consider using ECDSA.
> I'm pretty faster on the signer's side, but i'm actually
> much slower on the verification side.
Compare apples to apples: use an appropriate RSA moduli. Sinc
Another mistake I made was specifying FIPSLD_CC=gcc instead of FIPSLD_CC=g++.
Now, when I link, I get the following error:
/usr/local/src/openssl-fips-1.2/fips/fipsld -Wl,-O3 -D_REENTRANT
-DACE_HAS_AIO_CALLS -D_GNU_SOURCE
-I/home/linuxbuild/ntsdev/3rdParty/ACE_wrappers$
/usr/local/src/openssl
Kirk81 wrote:
Does a individual hackers have the NASA's PC?
assume they can have clusters of 100s/1000s of computers at their
bidding (aka 'botnets' of trojan-infected PC's scattered around the world.)
__
OpenSSL Project
It was a mistake.
Any help on the actual issue?
- Original Message -
From: "Michael S. Zick"
To: openssl-users@openssl.org
Sent: Sunday, November 8, 2009 5:51:45 AM GMT -07:00 US/Canada Mountain
Subject: Re: Linking and execution problems with a FIPS-capable OpenSSL
distribution
Any rea
Jeffrey Walton-3 wrote:
>
>> 1. For how many days can I use a 512-bit key?
> 0
>
Does a individual hackers have the NASA's PC? lol, I mean I'm looking about
the integer factorization problem and, from a SW point of view, I think only
a comunity of PCs can solve the problem in few time (less t
Hi Kirk,
> I'm pretty sure that the weakness of all the mechanism is the key-length and
> I'd like to avoid the brute force attack or the worst birthday attack...so
> here's my questions.
There's no need to find collisions on the hash. The key is the weak
point. Your attacker will factor N, change
JongAm Park wrote:
Hello, I am just a beginner at using OpenSSL library.
I write in C/C++ and Objective-C. After looking up the OpenSSL web
site, I found out that there was no document for studying how to use it.
Is there any good source like sample codes, tutorial and so on?
http://oreilly.
On Mon, Nov 09, 2009, Bene? Vladimr wrote:
> I'am afraid we cann't call no modified openssl by command line for
> verification signature with purpose verification certificate if
> certificate includes both X509v3 Key Usage and X509v3 Extended Key
> Usage.
>
>
Hello,
we use PKCS#7 signature format; please see attachement of my initial
mail (there are signing certificate, signature, signed data and issuer
certificate) - http://marc.info/?l=openssl-users&m=125751029707705&w=1
(attachment.zip).
There are calling openssl for signature ano
Hello people,
since all of you seem quite familiary with criptography and its tools I
would like to ask u something.
I'm implementing a server/client application: the client has to collect data
and send them to the server in a frame format (unidirectional connection).
In any frame, I added a spe
The ChangeLog entry:
Version 4.28, 2009.11.08, urgency: MEDIUM:
* New features
- Win32 DLLs for OpenSSL 0.9.8l.
- Transparent proxy support on Linux kernels >=2.6.28.
See the manual for details.
- New socket options to control TCP keepalive on Linux:
TCP_KEEPCNT, TCP_KEEPIDLE, TCP_K
Hi,
Based on information and suggestions you have given me, I came at the
problem from a different direction. Instead of trying to verify the
signature, I tried using out private key to sign the original data. After a
couple of hours, I suceeded in getting the same signature as was supplied
19 matches
Mail list logo
