openssl - w3toppers.com

How to enable FIPS mode for libcrypto and libssl packaged with Python?

I’ve built the OpenSSL-FIPS module using regular flags (e.g.: no-asm, shared, some ancient ciphers disabled): [cfati@cfati-ubtu16x64-0:~/Work/Dev/StackOverflow/q049320993]> ~/sopr.sh ### Set shorter prompt to better fit when pasted in StackOverflow (or other) pages ### [064bit-prompt]> ls ssl/build/bin ssl/build/lib ssl/build/bin: c_rehash openssl ssl/build/lib: engines libcrypto.a libcrypto.so libcrypto.so.1.0.0 libssl.a libssl.so libssl.so.1.0.0 pkgconfig And started playing a little bit with … Read more

How to build OpenSSL as unversioned shared lib for Android?

As to build a version-less libcrypto, overwriting CALC_VERSIONS does the trick (at least for 1.0.2d): make CALC_VERSIONS=”SHLIB_COMPAT=; SHLIB_SOVER=” all Then, the sub-target link-shared of the target install_sw must be disabled (otherwise broken symlinks overwrite the libraries), which can be done by creating a dummy file of the same name at the suitable place (furthermore, SHLIB_EXT … Read more

How to install: OpenSSL + WAMP

Guide: Openssl in WampServer 2.5 Prerequisite: There is normally no need to install openssl (it comes bundled with Wamp). Apache 2.4.9 includes 1.0.1g for instance. System-Variable: Open the Windows System panel (“WIN+Q” Search: system) > Advanced System Settings > Advanced > Environment variables Add a new entry in system variables with name OPENSSL_CONF and its … Read more

unique_ptr and OpenSSL’s STACK_OF(X509)*

I defined a regular function: void stackOfX509Deleter(STACK_OF(X509) *ptr) { sk_X509_free(ptr); } Then I use it in my code: using STACK_OF_X509_ptr = std::unique_ptr<STACK_OF(X509), decltype(&stackOfX509Deleter)>; STACK_OF_X509_ptr chain(loadIntermediate(cert.string()), stackOfX509Deleter);

Apple Sign In “invalid_client”, signing JWT for authentication using PHP and openSSL

As indicated here, the problem is actually in the signature generated by openSSL. Using ES256, the digital signature is the concatenation of two unsigned integers, denoted as R and S, which are the result of the Elliptic Curve (EC) algorithm. The length of R || S is 64. The openssl_sign function generates a signature which … Read more

x509 certificate verification in C

I use following code for verifying a certificate init CertStore: X509_STORE* m_store = X509_STORE_new(); X509_LOOKUP* m_lookup = X509_STORE_add_lookup(m_store,X509_LOOKUP_file()); X509_STORE_load_locations(m_store, “CAFile.pem”, NULL); X509_STORE_set_default_paths(m_store); X509_LOOKUP_load_file(m_lookup,”CAFile.pem”,X509_FILETYPE_PEM) // alternative lookup by hashdir // X509_LOOKUP* m_lookup=X509_STORE_add_lookup(m_store,X509_LOOKUP_hash_dir()); VerifyCert: X509_STORE_CTX *storeCtx = X509_STORE_CTX_new(); X509_STORE_CTX_init(storeCtx,m_store,cert,NULL); X509_STORE_CTX_set_flags(storeCtx, X509_V_FLAG_CB_ISSUER_CHECK); if (X509_verify_cert(storeCtx) == 1) { printf(“success”); } else { printf(“Verificatione rror: %s”,X509_verify_cert_error_string(storeCtx->error)); } X509_STORE_CTX_free(storeCtx); you also … Read more

removing password from rsa private key

I’m not sure what’s going on here; I’ve tried your code and it gives the same issue, so I’ve generated a key myself: openssl genrsa -des3 -out des3.rsa Then copied the contents into this script: $out_key_file=”des3nopass.rsa”; $key = <<<EOS —–BEGIN RSA PRIVATE KEY—– Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,5F2FDB4C8F710F92 pkaBIMCdnvrejw6egagg/lGrrGJWLsceDkC0KSdouRfR8LhQS/XjSJ/Wqrj7fa36 xXRd/USBebgy2hLAi9RMPofOjlcUyUVvZZgh0+JDQ79pH5q1FsRMcsJ+J8GO0edw kh8zdZoCbbtJgQjTx0JheJMDdZymw4cfK5hoZbnxX6HZ1wNhtPb7Z/noNcxpK6Zl CCzPgLd9hCGLBD2XqoRjOM1U2vpZwpCTdYgAtFIPMVXQQpzgIyw06CHcHvYZgnAc oxiVx7Z7N9r0J1vDnlrW/OU1l07D0pBr1yPRTDMI5tBMo8KDsL2tkBxqtYyOJdZr as/5zQDPRlbW7Jve1JuXmsnja+gN7jZ+3LpUzfRFo/wWnvOzhHQxLz+RaUpVDYTl F4m9zjo9dgOhlZzigOhYTB+5aq5f92Yf6K0daCwTDpU= —–END … Read more

How to convert an ECDSA key to PEM format

You are claiming your raw key is in OpenSSL’s DER format, which it isn’t. Also you are claming a private key is a public key, which it isn’t, and claiming it’s password-encrypted which is wrong either way: public keys are never encrypted and private keys in OpenSSL’s ‘traditional’ aka ‘legacy’ algorithm-specific DER formats (for ECC, … Read more

How do I build OpenSSL statically linked against Windows runtime?

Use the nt.mak makefile rather than the ntdll.mak makefile. As an aside, I have written some scripts around the standard OpenSSL build scripts which make it ‘easier’ (for me at least) to use OpenSSL on Windows with a mix of both x86 and x64, you can get them from here.

AES (aes-cbc-128, aes-cbc-192, aes-cbc-256) encryption/decryption with openssl C

Take a peek at this modified version of your code. Note the following: Added hex_print (minor) Added proper sizing of key buffer (medium). Added proper sizing of output encryption buffer (which must be a block-size multiple, and if original source buffer is an exact block-size multiple, you still need one full block of padding (see … Read more