> From: owner-openssl-us...@openssl.org On Behalf Of rockinein
> Sent: Friday, 25 May, 2012 08:58
> I need help with certificate chain (with intermediate CA). I
> need to convert pem to der.
>
> There is a command:
>
> openssl x509 -in something.pem -out something.der -outform der
>
> Problem
Hi,
Does the PEM file have any "Bag Attributes" at the head of the file before
"-BEGIN CERTIFICATE-"? Not sure, but I have heard these can cause
issues with conversions.
Regards,
Bill
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@opens
On Fri, May 25, 2012, Brewster, Scott wrote:
> We have openssl-fips installed on 1 system. I have been asked to update
> it to openssl 0.9.8w. The person who did this previously is no longer
> available, so I cant ask him what he did...
>
>
>
> I have downloaded, compiled and installed opens
On Fri, May 25, 2012, Oleksiy Lukin wrote:
> int outlen;
...
> } else if (EVP_PKEY_decrypt(ctx, NULL, (size_t *) & outlen, encoded,
> encoded_len) <= 0) { // Determine buffer length
This will cause problems if sizeof(size_t) != sizeof(int). Don't do that: make
outlen of type size_t.
Stev
On 25/05/12 18:35, Khuc, Chuong D. wrote:
Hi,
Does anyone knows there is a way to implement accelerated verification
of ECDSA like in this paper:
http://www.mathnet.or.kr/mathnet/preprint_file/cacr/2005/cacr2005-28.pdf
Specifically instead of generating ECDSA signature with (r,s), I have
to ge
On 25/05/12 14:41, Khuc, Chuong D. wrote:
Wow, that is a lot of good information. Thanks, Matt. And I am still trying to
digest the first paragraph. So do you mean the R value that I mentioned is
actually the public key?
No, R is just a random point...different for every signature. The public
Hi,
Does the PEM file have any "Bag Attributes" at the head of the file before
"-BEGIN CERTIFICATE-"? Not sure, but I have heard these can cause
issues with conversions.
Regards,
Bill
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@
> From: Jakob Bohm [mailto:jb-open...@wisemo.com]
>
> On 5/25/2012 12:30 AM, Richard Levitte wrote:
> >
> > sudarshan.t.raghavan> I am assuming the default
> > sudarshan.t.raghavan> free routine ignores a NULL argument
> >
> > Your assumption is correct, OpenSSL expects the same semantics as
> >
We have openssl-fips installed on 1 system. I have been asked to update
it to openssl 0.9.8w. The person who did this previously is no longer
available, so I cant ask him what he did...
I have downloaded, compiled and installed openssl-fips withtout issue:
[root@pdclab-aix-01] /usr/local/
Hi,
Does anyone knows there is a way to implement accelerated verification of ECDSA
like in this paper:
http://www.mathnet.or.kr/mathnet/preprint_file/cacr/2005/cacr2005-28.pdf
Specifically instead of generating ECDSA signature with (r,s), I have to
generate (R, s). Now R in this case is not the
Wow, that is a lot of good information. Thanks, Matt. And I am still trying to
digest the first paragraph. So do you mean the R value that I mentioned is
actually the public key? And if I was provided
with a private key, are the following lines of code appropriate to compute
the public key and ge
Hi,
I need help with certificate chain (with intermediate CA). I need to convert
pem to der.
There is a command:
openssl x509 -in something.pem -out something.der -outform der
Problem is that when I use this command and there are more CAs in pem (more
begin/end certificate), it converts only 1
Hi, crypto guys!
I have problem with EVP_PKEY_decrypt() function and 4K RSA private key
decrypting data encrypted with EVP_PKEY_encrypt() and corresponding
public key. Keys generated using openssl CA shell script.
EVP_PKEY_decrypt() just returns -2 saying that this key is not
supported. BUT! RSA
Hi all!
> > If the library crashes on free(NULL), you're just making
> > people like me do this everywhere:
> >
> > if (ptr != NULL) free (ptr);
ok, if you have a test case "free (NULL)", agreed ;-)
Seems not all platforms conform to the "free(NULL) is a no-op".
I understand your example, thanks
On 5/25/2012 11:41 AM, Carter Browne wrote:
That's not the normal library behavior.
My typical design pattern is:
void *ptr = NULL;
do stuff which may in some branches allocate the pointer
free(ptr);
If the library crashes on free(NULL), you're just making people like me
do this everywhere:
On 5/25/2012 12:09 PM, Jeffrey Walton wrote:
My typical design pattern is:
void *ptr = NULL;
do stuff which may in some branches allocate the pointer
free(ptr);
This is very old, and has not evolved as security needs have changed
(forgive me if I read too much into it). For example, the ret
On Fri, May 25, 2012 at 11:25 AM, Ken Goldman wrote:
> On 5/25/2012 11:03 AM, Steffen DETTMER wrote:
>>
>> I think crashing with NULL is quite good: a must-not-happen situation
>> leads to a defined dead of SIGSEGVs, at least for platforms supporting
>> that, typically with good aid for debuggin (
I agree. Passing NULL to a free function is most likely due to a bug. Given
that would you rather assert and find out the reason or ignore. I would
assume the defensive option would be to assert and analyze the core. My 2
cents.
Regards,
Sudarshan
On 25-May-2012 8:39 PM, "Steffen DETTMER"
wrote:
On 5/25/2012 11:25 AM, Ken Goldman wrote:
> On 5/25/2012 11:03 AM, Steffen DETTMER wrote:
>>
>> I think crashing with NULL is quite good: a must-not-happen situation
>> leads to a defined dead of SIGSEGVs, at least for platforms supporting
>> that, typically with good aid for debuggin (like core fi
On Thu, May 24, 2012 at 8:16 AM, Sudarshan Raghavan
wrote:
> Hi,
>
> I am using CRYPTO_set_mem_functions to use our own custom memory
> routines in a non blocking proxy implementation. This was working fine
> in 0.9.8 and 1.0.0 but with 1.0.1c I can see that the custom free
> routine is being invo
On 5/25/2012 3:33 AM, Jakob Bohm wrote:
ANSI C and POSIX free() is NOT required to handle free(NULL)
as a NOP.
I checked reputable sources (Plauger, Harbison and Steele, the ANSI
spec, and the IEEE POSIX spec).
All agree that (e.g. ANSI)
"If ptr is a null pointer, no action occurs."
___
On 5/25/2012 11:03 AM, Steffen DETTMER wrote:
I think crashing with NULL is quite good: a must-not-happen situation
leads to a defined dead of SIGSEGVs, at least for platforms supporting
that, typically with good aid for debuggin (like core files or halting
debuggers providing a backtrace). Mayb
Hi all!
* Jeffrey Walton Sent: Friday, May 25, 2012 4:39 PM
> On Fri, May 25, 2012 at 7:25 AM, Sudarshan Raghavan
> wrote:
> > Ok, I can fix the custom free to take care of this.
> > But, why is this happening in openssl 1.0.1 and not in 1.0.0 or
> > 0.9.8?
>
> I thin
On Fri, May 25, 2012 at 7:25 AM, Sudarshan Raghavan
wrote:
> Ok, I can fix the custom free to take care of this. But, why is this
> happening in openssl 1.0.1 and not in 1.0.0 or 0.9.8?
I think the question to ask is why your code or library routines are
not validating parameters before operating
In message <4fbf35d0.3020...@wisemo.com> on Fri, 25 May 2012 09:33:36 +0200,
Jakob Bohm said:
jb-openssl> On 5/25/2012 12:30 AM, Richard Levitte wrote:
jb-openssl> > In
jb-openssl> >
message
jb-openssl> > on Thu, 24 May 2012 17:46:49 +0530, Sudarshan
jb-openssl> > Raghavan said:
jb-openssl> >
j
I can see this code in s3_lib.c
if (ctx->srp_ctx.login != NULL)
OPENSSL_free(ctx->srp_ctx.login);
while tls_srp.c does not have the NULL check before calling free. I
added the NULL check in tls_srp.c and I am not seeing the crash
anymore. Is this the fix or
I enabled debug symbols in openssl and this is what I am seeing
#3 0x0828bd74 in CUSTOM_FREE (oldMem=0x0) at ssl_mem.c:34
#4 0xb758e160 in CRYPTO_free (str=0x0) at mem.c:397
#5 0xb773520c in SSL_SRP_CTX_free (s=0xb3e4f300) at tls_srp.c:102
#6 0xb77091c0 in ssl3_free (s=0xb3e4f300) at s3_lib.c
Ok, I can fix the custom free to take care of this. But, why is this
happening in openssl 1.0.1 and not in 1.0.0 or 0.9.8? Is there is a
document or resource in the web that explains what is expected from
the custom alloc, realloc and free routines?
Regards,
Sudarshan
On Fri, May 25, 2012 at 4:00
In this case, you will need to ask ffmpeg very closely why
they think linking to OpenSSL makes it "nonfree and
unredistributable", then run the result by your legal
department.
In particular, you need to pay attention to:
1. The SSLeay and OpenSSL license clause that you cannot
redistribute Open
Hi, crypto guys!
I have problem with EVP_PKEY_decrypt() function and 4K RSA private key
decrypting data encrypted with EVP_PKEY_encrypt() and corresponding
public key. Keys generated using openssl CA shell script.
EVP_PKEY_decrypt() just returns -2 saying that this key is not
supported. BUT! RSA
Thanks for the information again.
If enabling OpenSSL usage on FFmpeg when configuring it, there is need
to enable also flag "non-free". This makes the configuration say:
"License: nonfree and unredistributable" and makes the legal guys bit
nervous here. When asking from #ffmpeg-devel about the re
On 5/25/2012 12:30 AM, Richard Levitte wrote:
In message on
Thu, 24 May 2012 17:46:49 +0530, Sudarshan Raghavan
said:
sudarshan.t.raghavan> Hi,
sudarshan.t.raghavan>
sudarshan.t.raghavan> I am using CRYPTO_set_mem_functions to use our own
custom memory
sudarshan.t.raghavan> routines in a
a untested and opportunist proposal :
might be libssl & libcrypto cross depency. gcc is pointy with library order.
try to replace "-lssl -lcrypto" mailto:pgsql-b...@postgresql.org>"
#define PG_VERSION "9.0.7"
#define PG_MAJORVERSION "9.0"
#define USE_INTEGER_DATETIMES 1
#define DEF_PGPORT 5432
33 matches
Mail list logo