a untested and opportunist proposal :
might be libssl libcrypto cross depency. gcc is pointy with library order.
try to replace -lssl -lcrypto with -lssl -lcrypto -lssl or with -lcrypto
-lssl -lcrypto
Can sounds weird but when there are cross dependency, library should be listed
twice.
On 5/25/2012 12:30 AM, Richard Levitte wrote:
In messagecagxgq09umap5b1bhsyjj54srwrg-syzqnodk5rh_gnt29xa...@mail.gmail.com on
Thu, 24 May 2012 17:46:49 +0530, Sudarshan Raghavansudarshan.t.ragha...@gmail.com
said:
sudarshan.t.raghavan Hi,
sudarshan.t.raghavan
sudarshan.t.raghavan I am
Thanks for the information again.
If enabling OpenSSL usage on FFmpeg when configuring it, there is need
to enable also flag non-free. This makes the configuration say:
License: nonfree and unredistributable and makes the legal guys bit
nervous here. When asking from #ffmpeg-devel about the
Hi, crypto guys!
I have problem with EVP_PKEY_decrypt() function and 4K RSA private key
decrypting data encrypted with EVP_PKEY_encrypt() and corresponding
public key. Keys generated using openssl CA shell script.
EVP_PKEY_decrypt() just returns -2 saying that this key is not
supported. BUT!
In this case, you will need to ask ffmpeg very closely why
they think linking to OpenSSL makes it nonfree and
unredistributable, then run the result by your legal
department.
In particular, you need to pay attention to:
1. The SSLeay and OpenSSL license clause that you cannot
redistribute
Ok, I can fix the custom free to take care of this. But, why is this
happening in openssl 1.0.1 and not in 1.0.0 or 0.9.8? Is there is a
document or resource in the web that explains what is expected from
the custom alloc, realloc and free routines?
Regards,
Sudarshan
On Fri, May 25, 2012 at
I enabled debug symbols in openssl and this is what I am seeing
#3 0x0828bd74 in CUSTOM_FREE (oldMem=0x0) at ssl_mem.c:34
#4 0xb758e160 in CRYPTO_free (str=0x0) at mem.c:397
#5 0xb773520c in SSL_SRP_CTX_free (s=0xb3e4f300) at tls_srp.c:102
#6 0xb77091c0 in ssl3_free (s=0xb3e4f300) at
I can see this code in s3_lib.c
if (ctx-srp_ctx.login != NULL)
OPENSSL_free(ctx-srp_ctx.login);
while tls_srp.c does not have the NULL check before calling free. I
added the NULL check in tls_srp.c and I am not seeing the crash
anymore. Is this the fix or
In message 4fbf35d0.3020...@wisemo.com on Fri, 25 May 2012 09:33:36 +0200,
Jakob Bohm jb-open...@wisemo.com said:
jb-openssl On 5/25/2012 12:30 AM, Richard Levitte wrote:
jb-openssl In
jb-openssl
messagecagxgq09umap5b1bhsyjj54srwrg-syzqnodk5rh_gnt29xa...@mail.gmail.com
jb-openssl on Thu, 24
On Fri, May 25, 2012 at 7:25 AM, Sudarshan Raghavan
sudarshan.t.ragha...@gmail.com wrote:
Ok, I can fix the custom free to take care of this. But, why is this
happening in openssl 1.0.1 and not in 1.0.0 or 0.9.8?
I think the question to ask is why your code or library routines are
not validating
Hi all!
* Jeffrey Walton Sent: Friday, May 25, 2012 4:39 PM
On Fri, May 25, 2012 at 7:25 AM, Sudarshan Raghavan
sudarshan.t.ragha...@gmail.com wrote:
Ok, I can fix the custom free to take care of this.
But, why is this happening in openssl 1.0.1 and not in 1.0.0
On 5/25/2012 11:03 AM, Steffen DETTMER wrote:
I think crashing with NULL is quite good: a must-not-happen situation
leads to a defined dead of SIGSEGVs, at least for platforms supporting
that, typically with good aid for debuggin (like core files or halting
debuggers providing a backtrace).
On 5/25/2012 3:33 AM, Jakob Bohm wrote:
ANSI C and POSIX free() is NOT required to handle free(NULL)
as a NOP.
I checked reputable sources (Plauger, Harbison and Steele, the ANSI
spec, and the IEEE POSIX spec).
All agree that (e.g. ANSI)
If ptr is a null pointer, no action occurs.
On Thu, May 24, 2012 at 8:16 AM, Sudarshan Raghavan
sudarshan.t.ragha...@gmail.com wrote:
Hi,
I am using CRYPTO_set_mem_functions to use our own custom memory
routines in a non blocking proxy implementation. This was working fine
in 0.9.8 and 1.0.0 but with 1.0.1c I can see that the custom
On 5/25/2012 11:25 AM, Ken Goldman wrote:
On 5/25/2012 11:03 AM, Steffen DETTMER wrote:
I think crashing with NULL is quite good: a must-not-happen situation
leads to a defined dead of SIGSEGVs, at least for platforms supporting
that, typically with good aid for debuggin (like core files or
I agree. Passing NULL to a free function is most likely due to a bug. Given
that would you rather assert and find out the reason or ignore. I would
assume the defensive option would be to assert and analyze the core. My 2
cents.
Regards,
Sudarshan
On 25-May-2012 8:39 PM, Steffen DETTMER
On Fri, May 25, 2012 at 11:25 AM, Ken Goldman kgold...@us.ibm.com wrote:
On 5/25/2012 11:03 AM, Steffen DETTMER wrote:
I think crashing with NULL is quite good: a must-not-happen situation
leads to a defined dead of SIGSEGVs, at least for platforms supporting
that, typically with good aid for
On 5/25/2012 12:09 PM, Jeffrey Walton wrote:
My typical design pattern is:
void *ptr = NULL;
do stuff which may in some branches allocate the pointer
free(ptr);
This is very old, and has not evolved as security needs have changed
(forgive me if I read too much into it). For example, the
On 5/25/2012 11:41 AM, Carter Browne wrote:
That's not the normal library behavior.
My typical design pattern is:
void *ptr = NULL;
do stuff which may in some branches allocate the pointer
free(ptr);
If the library crashes on free(NULL), you're just making people like me
do this everywhere:
Hi all!
If the library crashes on free(NULL), you're just making
people like me do this everywhere:
if (ptr != NULL) free (ptr);
ok, if you have a test case free (NULL), agreed ;-)
Seems not all platforms conform to the free(NULL) is a no-op.
I understand your example, thanks for that,
Hi, crypto guys!
I have problem with EVP_PKEY_decrypt() function and 4K RSA private key
decrypting data encrypted with EVP_PKEY_encrypt() and corresponding
public key. Keys generated using openssl CA shell script.
EVP_PKEY_decrypt() just returns -2 saying that this key is not
supported. BUT!
Hi,
I need help with certificate chain (with intermediate CA). I need to convert
pem to der.
There is a command:
openssl x509 -in something.pem -out something.der -outform der
Problem is that when I use this command and there are more CAs in pem (more
begin/end certificate), it converts only
Wow, that is a lot of good information. Thanks, Matt. And I am still trying to
digest the first paragraph. So do you mean the R value that I mentioned is
actually the public key? And if I was provided
with a private key, are the following lines of code appropriate to compute
the public key and
Hi,
Does anyone knows there is a way to implement accelerated verification of ECDSA
like in this paper:
http://www.mathnet.or.kr/mathnet/preprint_file/cacr/2005/cacr2005-28.pdf
Specifically instead of generating ECDSA signature with (r,s), I have to
generate (R, s). Now R in this case is not the
We have openssl-fips installed on 1 system. I have been asked to update
it to openssl 0.9.8w. The person who did this previously is no longer
available, so I cant ask him what he did...
I have downloaded, compiled and installed openssl-fips withtout issue:
[root@pdclab-aix-01]
From: Jakob Bohm [mailto:jb-open...@wisemo.com]
On 5/25/2012 12:30 AM, Richard Levitte wrote:
sudarshan.t.raghavan I am assuming the default
sudarshan.t.raghavan free routine ignores a NULL argument
Your assumption is correct, OpenSSL expects the same semantics as
malloc(),
Hi,
Does the PEM file have any Bag Attributes at the head of the file before
-BEGIN CERTIFICATE-? Not sure, but I have heard these can cause
issues with conversions.
Regards,
Bill
-Original Message-
From: owner-openssl-us...@openssl.org
On 25/05/12 14:41, Khuc, Chuong D. wrote:
Wow, that is a lot of good information. Thanks, Matt. And I am still trying to
digest the first paragraph. So do you mean the R value that I mentioned is
actually the public key?
No, R is just a random point...different for every signature. The public
On 25/05/12 18:35, Khuc, Chuong D. wrote:
Hi,
Does anyone knows there is a way to implement accelerated verification
of ECDSA like in this paper:
http://www.mathnet.or.kr/mathnet/preprint_file/cacr/2005/cacr2005-28.pdf
Specifically instead of generating ECDSA signature with (r,s), I have
to
On Fri, May 25, 2012, Oleksiy Lukin wrote:
int outlen;
...
} else if (EVP_PKEY_decrypt(ctx, NULL, (size_t *) outlen, encoded,
encoded_len) = 0) { // Determine buffer length
This will cause problems if sizeof(size_t) != sizeof(int). Don't do that: make
outlen of type size_t.
Steve.
On Fri, May 25, 2012, Brewster, Scott wrote:
We have openssl-fips installed on 1 system. I have been asked to update
it to openssl 0.9.8w. The person who did this previously is no longer
available, so I cant ask him what he did...
I have downloaded, compiled and installed
Hi,
Does the PEM file have any Bag Attributes at the head of the file before
-BEGIN CERTIFICATE-? Not sure, but I have heard these can cause
issues with conversions.
Regards,
Bill
-Original Message-
From: owner-openssl-us...@openssl.org
From: owner-openssl-us...@openssl.org On Behalf Of rockinein
Sent: Friday, 25 May, 2012 08:58
I need help with certificate chain (with intermediate CA). I
need to convert pem to der.
There is a command:
openssl x509 -in something.pem -out something.der -outform der
Problem is that
33 matches
Mail list logo