w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Update openssl version in the guardianproject/openssl-android
First I don't have any idea of the meaning of the message Reversed (or previously applied) patch detected! Assume -R? and what to answer except y or n. Yeah, that's one of those patch-isms that rates high on the usability scale. When its asking you if you want to reverse it, its asking if you want to remove a previously applied patch from a source file. In my opinion, it should (1) add it if not present, or (2) move on if present. There is no (3) torture the user. If I supply a switch (perhaps -prompt) or run unpatch, then I should be asked 20 questions. Otherwise, just apply the damn patch. Reversed (or previously applied) patch detected! Assume -R? [n] y I believe you should have answered NO here by typing n. It was asking you to remove a previously applied patch.

Categories : Android

Compile Openssl with MinGW on Windows - fatal error: openssl/md4.h: No such file or directory
Find the directory where the included file, openssl/md4.h, is installed and include that directory in the command. For example, if the full path of openssl/md4.h is c:opensslincludeopensslmd4.h, your command would become: g++ -Ic:opensslinclude tst.cpp -lcrypto

Categories : C

OpenSSL + Self Signed Cert = OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Extracted from here So basically all you have to do is this ENV['SSL_CERT_FILE'] = "your certificate path" and I guess all will work You might find this Reference useful : http://mislav.uniqpath.com/2013/07/ruby-openssl/ Who reads the value of ENV['SSL_CERT_FILE']? Hope this help

Categories : Ruby On Rails

C++ AES OpenSSL
AES is a block cypher. It takes blocks of 16 bytes, and encrypt them into a block of 16 byets. If you try to use it with data whose length is not a multiple of 16, padding (usually random data) is added to round it up to a multiple of 16 bytes. You need to manage the length of the data yourself. Example: int encryptHelper(const string& msg, ...) { uint32_t msgSize = msg.length(); newMsg.push_back((msgSize >> 0) & 0xFF); newMsg.push_back((msgSize >> 8) & 0xFF); newMsg.push_back((msgSize >> 16) & 0xFF); newMsg.push_back((msgSize >> 24) & 0xFF); string newMsg(reinterpret_cast<const char*>(&msgSize), sizeof(msgSize)); newMsg += msg; return __aesEncrypt(newMsg.c_str(), newMsg.length(), ...); } int decrypt

Categories : C++

OpenSSL 1.0.1 on Heroku
The solution to this problem is to create a custom buildpack. You need to build a version of Ruby linked against the correct version of OpenSSL that will run on Heroku's system. For this, you need to use either a local 64-bit Linux system or a Heroku buildserver. Vulcan has problems building Ruby specifically, so the best way to do this in the absence of an appropriate local machine is to use Heroku push from an empty directory with a source-based buildpack. Then you can extract the binaries from the resulting slug and use them with a much faster binary buildpack. I've posted my buildpack here. It is currently working and provides Ruby 2.0.0 with OpenSSL 1.0.1e.

Categories : Ruby

installing openssl on OS X
To prioritize your local copy over the system copy you need to add it to your shell PATH variable export PATH="/usr/local/ssl/bin:$PATH" If you want this to execute every time you start a shell just add it to your .bash_profile in your home directory. However, this is not going to fix your problem because Ruby would need to be recompiled against the new OpenSSL (we'll assume the updated root certificates file that comes with the new OpenSSL would hypothetically fix this issue). I'd recommend installing either rvm or rbenv and rebuilding ruby. Note that both of those tools would prefer you to install openssl via homebrew.

Categories : Osx

RSAPrivateKey openssl C++ ios
Did you generate the key? In C RSA_new() doesn't generate a key it only allocates the memory for the key. But I don't how it is in objective-C. char szModulus = "1162" ; char *szExp = "827655" ; RSA* rsa1 = RSA_new(); /* added code */ BIGNUMBER* exp = BN_new(); BN_set_word(exp, 17); RSA_generate_key_ex(rsa1, 1024, exp, NULL); /* until here */ FILE *fp; fp = fopen("/Users/ysi/Desktop/privateKey.pem", "wb"); PEM_write_RSAPrivateKey(fp, rsa1, NULL, NULL, 0, 0, NULL).

Categories : C++

OpenSSL in Android
Here are some of the Helpful Links : How to use Open SSL in Android. For AES encryption take a look at javax.crypto package which android supports. javax.crypto supports AES algorithm as well. Here is the link for that javax.crypto in Android. Make sure you do some research before asking question. At least try to present what you have tried and be specific about your problem.

Categories : Android

Include openssl in app
Py2app should detect a dependency on openssl if there is an import statement for an extension that links with openssl (for example the stdlib SSL support or pyOpenSSL). That said, py2app will not include the copy of openssl from /usr/lib into your application bundle. Files from system locations (such as /usr/lib and /System) are assumed to be operating system files and are never included in bundles created by py2app.

Categories : Python

How to build OpenSSL for WP8?
here is what you have to do, go to this link and download the VSbuild, now put that into the source files downloaded from the OpenSSL website, the folder structure should look like this: apps bugs certs ..... vsbuild once that is done, open the solution, it should upgrade it to VS12, change the settings to a Windows Phone RT build, to generate DLL's there is no need to build *_lib*, so change the other projects, most changes you need to do are to libeay32, do not compile openssl project, just ignore that, start by building libeay32, and start making changes to the code, as there are some functions we don't have in WinRT, you can either #ifdef them out, or create your own functions, NOTE for rand_win.c change the functions to use rand_s and #ifdef most of the code there is,

Categories : Windows Phone 8

OpenSSL - LNK 2019
This can be problem with calling conventions. Please check the project setting regarding calling convention. OpenSSL compiles with /Gd option that means function will be of __cdecl calling convention. You can either change your calling convention to /Gd or prefix OpenSSL function signatures which you are using with __cdecl. I believe that this might help. This link explains how to change calling convention. Please confirm if this can help you.

Categories : C++

openssl encryption in c++ and php
Your problem is that you are not using CTR mode in the standard way. In init_ctr you are only copying 8 bytes of the provided IV and setting the rest to zero. If instead you use the whole IV, you will get the same result as the PHP code: //don't do this: //memset(state->ivec + 8, 0, 8); //memcpy(state->ivec, iv, 8); //do this: memcpy(state->ivec, iv, AES_BLOCK_SIZE); The lesson is that just because you found some code somewhere, doesn't mean you can copy-n-paste it without understanding what it is doing. This is especially true with crypto code. If you knew even the basics of what a block cipher is and how one works in CTR mode, you would have realized the problem with your code straightaway. Oh, important safety tip: When using CTR mode, never encrypt more than one messa

Categories : PHP

Can't install OpenSSL 1.0.1e
My guess is that OS X has an older version of openssl in /usr/bin, and Homebrew places it's version in /usr/local/bin Try /usr/local/bin/openssl version Edit: Before you try the above command, run: brew link --force openssl

Categories : Osx

Execute openssl s_client with php
I found the problem: the certificate I was using was not valid. Furthermore, for some servers, the command openssl s_client needs a flag -no_tls1 that allows the command to execute correctly. Hope it will be useful for someone else!

Categories : PHP

ECB, CFB, OFB cipher modes in Openssl
Lets say, ECB. It encrypts 64 bits at a time AES is a 128-bit block cipher. It encrypts/decrypts 128-bit at a time. It is a standard. AES_encrypt/AES_decrypt block expects 128 bits or 16 bytes length of the input and output data. But with the above code it doesnt encrpyt good. When I change c += 8; into c += 16; its ok then. Whats is good way of doing this? I mean, we all know that 8x8 = 64 bits so this should be correct, but it isnt, the encryption/decryption is working only when I have c += 16; That is why it is working fine on c+=16 Apart from this, there are few problems in your code. unsigned char enc_out[encslength]; Please keep the size of dec_out of encslength since you are decrypting encslength bytes not inputslength in your code. unsigned char dec_out[encsle

Categories : C

OpenSSL Libraries with Quagga
If you want the source code of OpenSSL, you can download it from here: https://www.openssl.org/source/ If you want the exact source code your distribution package was built from, you need something like a source package, depending on what your distribution is. As to being unsure of what OpenSSL functions to use to initiate a TLS connection, it has already been covered on SO.

Categories : Ssl

openssl create key error php
Check what message the following produces. var_dump(openssl_error_string()); http://www.php.net/manual/en/function.openssl-error-string.php

Categories : PHP

AES (aes-ige-128, aes-ige-192, aes-ige-256) encryption/decryption with openssl C
The error message says it all. aes_ige.c(88): OpenSSL internal error, assertion failed: (length%AES_BLOCK_SIZE) == 0 This is basically a run-time-check (assertion) that fails due to invalid input provided to the function AES_ige_encrypt() present in the source at line 88 of aes_ige.c. OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); The assertion basically checks if length (the 3rd parameter passed to the function) is an integral multiple of AES_BLOCK_SIZE. If yes, the execution continues, otherwise the program halts and prints warning about the assertion having failed. So ensure that the size of the data being passed to AES_ige_encrypt() is a multiple of AES_BLOCK_SIZE. If size of the data is not an integral multiple, then append NUL bytes to it to make the total size the nearest mul

Categories : C

OpenSSL fingerprint embedding on Mac OS X
incore-macho will only run on type 2 files (i.e. MH_EXECUTE from , in other words, executables). Type 6 is the MH_DYLIB (the dynamic library you are checking). That's what the error message is saying. According to it, it's just not suited for dylibs.

Categories : Xcode

MD4 openssl core dumped
You are passing a NULL pointer to EVP_Digest as the output length variable. You need to do the following: unsigned int digestLen; EVP_Digest(string, strlen(string), digest, &digestLen, EVP_md4(), NULL); Even if you don't use the output length (you should rather than relying on a constant), you still need to give a valid memory location for the EVP_Digest function to write the size value to. Also, you should #include <openssl/evp.h>.

Categories : C

Encrypt file with PHP OpenSSL
Looks like for php it's not possible to use aes-256-ctr without temporary file. But for next chiper types: OPENSSL_CIPHER_RC2_40 OPENSSL_CIPHER_RC2_128 OPENSSL_CIPHER_RC2_64 OPENSSL_CIPHER_DES OPENSSL_CIPHER_3DES OPENSSL_CIPHER_AES_128_CBC OPENSSL_CIPHER_AES_192_CBC OPENSSL_CIPHER_AES_256_CBC you can use generating key on the fly: $res = openssl_pkey_new('chiper args here'); openssl_pkey_export($res, $private_key); $public_key = openssl_pkey_get_details($res); $public_key = $public_key["key"]; Then encrypt: $crypted_text = openssl_get_privatekey($private_key,'your data'); And decrypt: openssl_public_decrypt($crypted_text,$decrypted_text,$public_key); So if you don't want to use files, may be switching to OPENSSL_CIPHER_AES_256_CBC will help you?

Categories : PHP

AES (aes-cbc-128, aes-cbc-192, aes-cbc-256) encryption/decryption with openssl C
Take a peek at this modified version of your code. Note the following: Added hex_print (minor) Added proper sizing of key buffer (medium). Added proper sizing of output encryption buffer (which must be a block-size multiple, and if original source buffer is an exact block-size multiple, you still need one full block of padding (see PKCS 5 padding for more info). Same IV used for both encrypt and decrypt. Finally, odd as it may seem AES_cbc_encrypt() is used for both encryption and decryption (see the last parameter in the call). Source Code #include <stdio.h> #include <stdlib.h> #include <string.h> #include <openssl/aes.h> #include <openssl/rand.h> // a simple hex-print routine. could be modified to print 16 bytes-per-line static void hex_print(const voi

Categories : C

Updating openssl in python 2.7
Outdated SSL is a common issue on multiple platforms: Here's the general approach... 0. Install OpenSSL Option I: Install system packages of side-by-side OpenSSL 1.x libs (-dev or -devel) packages. # FreeBSD pkg install openssl OPENSSL_ROOT=/usr/local # Mac (brew) brew install openssl # DO NOT DO ANY WEIRD SYMLINK HACKS, ITS KEG-ONLY FOR A REASON! OPENSSL_ROOT="$(brew --prefix openssl)" Option II: Install OpenSSL from source to a temporary directory OPENSSL_ROOT="$HOME/.build/openssl-1.0.1e" curl http://www.openssl.org/source/openssl-1.0.1e.tar.gz | tar zxvf - cd openssl-1.0.1e mkdir -p "$OPENSSL_ROOT" ./config no-hw --prefix="$OPENSSL_ROOT" --openssldir=... # osx (instead of previous line): ./Configure darwin64-x86_64-cc no-hw --prefix="$OPENSSL_ROOT" --openssldir=... make in

Categories : Python

OpenSSL threads and Helgrind
You should read exactly. openSSL provides two possibilities to set callbacks for to do locking. The so called "static" and "dynamic" way. You are configuring both. I use the old fashioned static one and there are no problems. I think there is only thing why you should use the dynamic one: Decrease used memory. But this is ridiculous regarding the used memory. At the end you can see at the threads(3).html in section "Notes" the dynamic way of mutexing is not enabled.

Categories : Multithreading

openssl: how can i get public key from modulus
You can get the public key in a more standardized format using phpseclib, a pure PHP RSA implementation. eg. <?php include('Crypt/RSA.php'); $modulus = 'yEQs2LxSHBZgZCH0rRQQy9kmry8g2tNhQL1B9f5azNz9Ce9pXPgSRjVUo1B9Ggb/FK3jy41wWd2IfS6rse3vBzRsabMj29CVODM/19yZPmwEmjJHCgYd+AA2qweKZanDp4FLsSw/kyV5WoPN16GHEMLmLGkJFNIWtzzH5jV+S80='; $exponent = 'AQAB'; $rsa = new Crypt_RSA(); $modulus = new Math_BigInteger(base64_decode($modulus), 256); $exponent = new Math_BigInteger(base64_decode($exponent), 256); $rsa->loadKey(array('n' => $modulus, 'e' => $exponent)); $rsa->setPublicKey(); echo $rsa->getPublicKey();

Categories : PHP

Enabling OpenSSL on EC2 instance
I believe you would use yum install openssl on your server. Try yum search opennsll if you dont see it They have instructions here for install openssl another way: http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html

Categories : PHP

How to use rdrand with Ruby and openssl?
Found it, you have to load all engines first: $ ruby -ropenssl -e 'OpenSSL::Engine.load; e = OpenSSL::Engine.by_id("rdrand"); p e;' #<OpenSSL::Engine id="rdrand" name="Intel RDRAND engine"> Embarassingly simple, actually.

Categories : Ruby

OpenSSL: print X and Y of EC_POINT
You have to associate an EC_GROUP object to the EC_KEY before calling EC_KEY_generate_key: EC_KEY *ec_key = EC_KEY_new(); EC_GROUP *ec_group = EC_GROUP_new_by_curve_name(NID_secp521r1); EC_KEY_set_group(ec_key, ec_group); EC_KEY_generate_key(ec_key); then print the public key: const EC_POINT *pub = EC_KEY_get0_public_key(ec_key); BIGNUM *x = BN_new(); BIGNUM *y = BN_new(); if (EC_POINT_get_affine_coordinates_GFp(ec_group, pub, x, y, NULL)) { BN_print_fp(stdout, x); putc(' ', stdout); BN_print_fp(stdout, y); putc(' ', stdout); } Don't forget to add error and memory handling, the sample code above leaks.

Categories : Objective C

Unexpected MD5 hash value using openssl/md5
You are using a pointer to a pointer here, instead of a pointer to the data: MD5((unsigned char*) &fullname, strlen(fullname), (unsigned char*) &digest); It should be: MD5((unsigned char*) fullname, strlen(fullname), (unsigned char*) &digest); In your first example it happened to work because a pointer to an array points to the same place in memory as a pointer to its first element (depsite having different types). But even there it would be preferable to remove the &.

Categories : C++

Getting openssl stream in node.js
I think something like that should solve your problem. var terminal = require('child_process').spawn('bash'); terminal.stdout.on('data', function (data) { console.log('stdout: ' + data); }); terminal.on('exit', function (code) { console.log('child process exited with code ' + code); }); setTimeout(function() { console.log('Sending stdin to terminal'); terminal.stdin.write("openssl s_client -connect 'serveraddress':5000"); terminal.stdin.end(); }, 1000); Edit: Try this for a working example: terminal.stdin.write("ping www.google.de");

Categories : Javascript

How to decrypt ciphertext using openssl in C?
#include "openssl/aes.h" char buffer[1000]; AES_KEY dec_key; AES_set_decrypt_key(key, 128, &dec_key); AES_cbc_encrypt(otherString, buffer, strlen(line) - 16, &dec_key, array, AES_DECRYPT); //AES_KEY dec_key; //AES_set_decrypt_key(key, keySize, &dec_key); //AES_cbc_encrypt(ciphertext, result, textLen, &dec_key, iv, AES_DECRYPT); This works for me. 128 is bits for 16-byte key. But i believe, you also have bug somewhere in -1 -15 -16 string length. This part of while loop can be changed to fix the problem: int strLen = strlen(line) - 16; char otherString[strLen + 1]; strncpy(otherString, p, strLen); otherString[strLen] = ''; array = array + strLen; Here is also nice AES CBC encryption/decryption example code and your working c

Categories : Python

How to check FIPS 140-2 support in OpenSSL?
Here what i found to check support. # openssl ciphers FIPS -v ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1 ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1 EDH-RSA

Categories : Linux

using OpenSSL in Visual Studio 2012
What compiler did you use to compile OpenSSL? Did you use MinGW? If so, make sure you don't strip them (or just with --strip-unneeded) otherwise import symbols will be stripped. Do the header and lib version match? Maybe you want to try pre built ones from: http://slproweb.com/products/Win32OpenSSL.html those work for sure.

Categories : C++

OpenSSL BIGNUM — is there a bitwise & function?
The function you are looking for is: bool BN_is_bit_set( const BIGNUM *a, int n ); ... it behaves exactly like the bitwise operator AND. For example, to see if the right-most bit is on I would call the function as follows: bool is_set = BN_is_bit_set( ptr_my_bignum, 0x1 ); ... notice my mask is 0x1 (which implies 1 in binary). More information on the BIGNUM library can be found here.

Categories : C

.Net RSA verification of data signed by OpenSSL
You are using RSA_sign incorrectly - per the documentation (emphasis mine): RSA_sign() signs the message digest m of size m_len using the private key rsa as specified in PKCS #1 v2.0 In other words, you must hash your message first, and then pass the message hash to RSA_sign. It should then be verifiable in .NET. The following change should work: unsigned char* hash = SHA1((unsigned char *)reply, strlen(reply), NULL); if (RSA_sign(NID_sha1, hash, SHA_DIGEST_LENGTH, signature, &siglen, privateKey)) { ...

Categories : C#

OpenSSL how to load CA cert with DER format
First of all, DER files can have .crt, .cer, and .der endings. As for your question it may be one of many issues. Does your existing server project already work, and to what extent? Could you first try and convert the DER file to PEM and tell us how it went? openssl x509 -inform der -in certificate.cer -out certificate.pem

Categories : C

How do I refactor OpenSSL pkcs5_keyivgen in ruby?
Was trying to solve this problem, but I think there is no easy solution or i just can't see one). Pkcs5_keyivgen() is deprecated and implements non-standard pass key derivation for AES 256. From this docs and this source code Pkcs5_keyivgen (pass, SALT = nil, num = 2048, digest = "MD5") -> nil Generates some key and IV from salt and pass. No salt in your case. Generation method is defined in v1.5 PKCS #5 (deprecated) So you are looking for "Password Based Key Derivation Function". PBKDF1 Pkcs5_keyivgen() function calls EVP_BytesToKey() from Openssl and EVP_BytesToKey() generates key bytes for larger key size in a non-standard way So MD5 generates hash of size EVP_MAX_MD_SIZE (16 + 20) // 16 for MD5 But AES key(32) + IV(16) sizes > EVP_MAX_MD_SIZE, so AES 256 will need multip

Categories : Ruby

OpenSSL Failed for Specific Provider?
A certificate verification failure indicates that your Ruby instance was unable to find a way to chain the endpoint's certificate up to a trusted root that it is aware of. This can be a few different things: The endpoint may have changed certificate providers and their new source is not in the default trust tore. The endpoint may not have the proper intermediates installed. The endpoint may have an untrusted certificate on it. To narrow it down you can try loading the endpoint via a web browser. Do you get an untrusted error then? If so, time to contact your provider. If not, you'll need to look at the certificate and see what root it's using. Then you'll want to add that to the Ruby list of trusted certs (which is sourced differently depending on how you compiled it and on what platfo

Categories : Ruby On Rails

Using trusted certificate on Windows with OpenSSL
OpenSSL also supports DER format or PKCS #8 format. You can get certificate in PKCS #8 or DER format using CryptoAPI and then load them into the certificate store given by OpenSSL. So, there is better way of doing it. Once you have certificate in DER format, you can used d2i functions to get certificate into X509 certificate.

Categories : C++

Openssl: encryption output issue
Change your printf format string to require that each char is output as two hex digits - currently you're losing leading zeroes. printf("%02x",outdata[i]); The zero tells it to pad up to two digits using zeroes, the default would be spaces.

Categories : C



© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.