EVP_SignFinal() throws access violation - wrong documentation

2005-03-09 Thread Karsten Ohme 
Hello
I have problems running an application under Windows XP, which uses EVP
functionality.
EVP_SignFinal() always fails.
After some days of lost time I compiled a debugable version of OpenSSL
and the error always occurred in line 86 in the file p_sign.c
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int
*siglen,
 EVP_PKEY *pkey)
{
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len;
int i,ok=0,v;
MS_STATIC EVP_MD_CTX tmp_ctx;
*siglen=0;
The problem is the the wrong documentation.
There is written (http://www.openssl.org/docs/crypto/EVP_SignInit.html#):
EVP_SignFinal() signs the data in ctx using the private key pkey and
places the signature in sig. If the s parameter is not NULL then the
number of bytes of data written (i.e. the length of the signature) will
be written to the integer at s, at most EVP_PKEY_size(pkey) bytes will
be written.
This is NOT true. If you see the function, if ever the parameter s is
NULL there is an access violation, because it is a NULL pointer. Maybe
also the behavior of this function in this case should be changed.
Apart from this, have you ever thought of a documentation system like
Doxygen?
Could the possibility of a debug build during the generation of the
Makefile be included?
I had to change manually the flags in the ntddl.mak
CFLAG= /MD /W3 /WX /G5 /Od /Gs0 /GF /Gy /nologo /ZI
-DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32
-DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll -DOPENSSL_NO_KRB5
LFLAGS=/nologo /subsystem:console /machine:I386 /debug /opt:ref
MLFLAGS= /nologo /subsystem:console /debug /machine:I386 /opt:ref /dll
Bye, Karsten
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Need RFC compliances for the Signing alogrithms

2005-03-09 Thread Rafeeq Ahmed 
Hi all

  I need to check for RFC conformations for the following alogorithms

P_MD5_RSA_512
P_SHA1_RSA
P_SHA1_DSA
P_OSA_MD5
P_OSA_HMAC_SH1_96
P_OSA_HMAC_MD5_96

Details of each is provide below
Wether any of you have checked for the RFC compliances of these alogrithem
If so can u please provide me the results..

with Thanks
Rafeeq


SigningAlgorithm:   

P_MD5_RSA_512   MD5 takes an input message of arbitrary length and
produces as output a 128bit message digest of the input. This is then
encrypted with the private key under the RSA  publickey cryptography
system using a 512bit modulus. The signaturegeneration follows the
process and format defined in RFC 2313 (PKCS#1 v1.5).

P_MD5_RSA_1024  MD5 takes an input message of arbitrary length and
produces as output a 128bit message digest of the input. This is the
encrypted with the private key under the RSA public key cryptography
system using a 1024bit modulus. The signature generation follows the
process and format defined in RFC 2313 (PKCS#1 v1.5).

P_RSASSA_PKCS1_v1_5_SHA1_1024   SHA1 is used to produce a 160bit message
digest based on the input message to be signed. RSA is then  used to
generate the signature value, following the process defined in section
8 of RFC 2437 and format defined in section 9.2.1 of RFC 2437. The RSA
private/public key pair is using a 1024bit modulus.

P_SHA1_DSA  SHA1 is used to produce a 160bit message digest based on
the input message to be signed. DSA is then used to generate the
signature value. The signature generation follows the process and
format  defined in section 7.2.2 of RFC 2459.


AuthMechanism   :

P_OSA_MD5   Authentication is based on the use of MD5 (RFC 1321) hashing
algorithm to  generate a response based on a shared secret and a
challenge received via  challenge() method. The capability touse this
algorithm is required to be supported when using CHAP (RFC 1994)

P_OSA_HMAC_SH1_96   Authentication is based on the use of HMAC-SHA1 (RFC
2404) hashing   algorithm to generate a response based on a shared
secret and a  challenge received via challenge() method.

P_OSA_HMAC_MD5_96   Authentication is based on the use ofHMAC-MD5 (RFC
2403) hashing algorithm to generate a response based on ashared
secret and a challenge received via challenge() method.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

SSL Client Proxy

2005-03-09 Thread Darya Mazandarany 








Hi all,



Does anyone have any information on how to do client side proxying?
Im trying to add support for corporate proxies in our application and cant
seem to find any good source of info. If anyone has any experience on this or
knows of a good source of documents it would be greatly appreciated.



Thanks in advance,

Darya

RE: SSL Client Proxy

2005-03-09 Thread Darya Mazandarany 








Disregard my email, I found the
documentation on the headers that need to be included.



Thanks

Darya



-Original Message-
From: Darya Mazandarany 
Sent: Wednesday, March 09, 2005
9:49 AM
To: openssl-dev@openssl.org
Subject: SSL Client Proxy



Hi all,



Does anyone have any information on
how to do client side proxying? Im trying to add support for corporate
proxies in our application and cant seem to find any good source of
info. If anyone has any experience on this or knows of a good source of
documents it would be greatly appreciated.



Thanks in advance,

Darya

[openssl.org #1017] Bug in EC_GROUP_cmp

2005-03-09 Thread Bodo Moeller via RT 

Thanks for the correction.  This will be in the next snapshot.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: sha test failing on MkLinux PPC

2005-03-09 Thread Riccardo Mottola 
Hello,

it is nice to see how my messages are totally ignored... I hope this
doesn't mean that everybody is clueless. I did further tests though.

 test 1 ok
 test 2 ok
 error calculating SHA on '3c48692aceb44f85cf99c985154c15b79e6baef0'
 got 3c48692aceb44f85cf99c985154c15b79e6baef0 instead of
 3232affa48628a26653b5aaa44541fd90d690603
 make[1]: *** [test_sha] Error 1
 make[1]: Leaving directory `/usr/src/redhat/BUILD/openssl-0.9.7e/test'
 make: *** [tests] Error 2
 
 where could the problem lie? I am going to try and see if 0.9.6m already
 has this problem. The distribution shipped 0.9.6i...

I tried to build and test 0.9.6i and even 0.9.5 and they both fail the
same way (buit not using rpm, but make and make test). Another more
experienced developer of MkLinux hints the test program is wrong, I
prefer some help and hints on how to proceed to identify the soruce of
the problem

Cheers,
  Riccardo
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Bug in BN_generate_prime?

2005-03-09 Thread Michael D'Errico 
I am running into a problem where BN_generate_prime
always returns a BIGNUM with the value 35879 if the
number of bits is less than 16.  Here is an example
program that illustrates this:
$ ./BNTest 15
Bits: 15
1287302641 = 35879 * 35879
1287302641 = 35879 * 35879
1287302641 = 35879 * 35879
1287302641 = 35879 * 35879
$ ./BNTest 16  #works as expected
Bits: 16
3319015657 = 57503 * 57719
3203515489 = 61343 * 52223
2981297941 = 58403 * 51047
3599545897 = 58679 * 61343
$ cat BNTest.cpp
#include openssl/bn.h
#include iostream
int main (int argc, char**argv)
{
if (argc  2)
{
std::cerr  Usage: BNTest bits  std::endl;
return 1;
}
int bits = atoi (argv[1]);
std::cout  Bits:   bits  std::endl;
BN_CTX* ctx = BN_CTX_new();
BN_CTX_init (ctx);
BIGNUM* prime1  = BN_new();
BIGNUM* prime2  = BN_new();
BIGNUM* product = BN_new();
BN_init (prime1);
BN_init (prime2);
BN_init (product);
for (int i=0; i4; ++i)
{
BN_generate_prime (prime1, bits, 0, 0, 0, 0, 0);
BN_generate_prime (prime2, bits, 0, 0, 0, 0, 0);
BN_mul (product, prime1, prime2, ctx);
char* pz_Prime1  = BN_bn2dec (prime1);
char* pz_Prime2  = BN_bn2dec (prime2);
char* pz_Product = BN_bn2dec (product);
std::cout  pz_Product   =   pz_Prime1   * ;
std::cout  pz_Prime2  std::endl;
}
return 0;
}
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Bug in BN_generate_prime?

2005-03-09 Thread Nils Larsch 
Michael D'Errico wrote:
I am running into a problem where BN_generate_prime
always returns a BIGNUM with the value 35879 if the
number of bits is less than 16.  Here is an example
program that illustrates this:
$ ./BNTest 15
Bits: 15
1287302641 = 35879 * 35879
1287302641 = 35879 * 35879
1287302641 = 35879 * 35879
1287302641 = 35879 * 35879
$ ./BNTest 16  #works as expected
Bits: 16
3319015657 = 57503 * 57719
3203515489 = 61343 * 52223
2981297941 = 58403 * 51047
3599545897 = 58679 * 61343
this is a known problem. have a look at
http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=487
Nils
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Need RFC compliances for the Signing alogrithms

2005-03-09 Thread Naresh Devineni 

Hi all I need to check for RFC conformations for the following alogorithmsP_MD5_RSA_512P_SHA1_RSAP_SHA1_DSAP_OSA_MD5P_OSA_HMAC_SH1_96P_OSA_HMAC_MD5_96Details of each is provide belowWether any of you have checked for the RFC compliances of these alogrithemIf so can u please provide me the results..

with ThanksNagabhushana Rao Devineni


P_MD5_RSA_512

MD5 takes an input message of arbitrary length andproduces as output a 128bit message digest of the input. This is thenencrypted with the private key under the RSA publickey cryptographysystem using a 512bit modulus. The signature generation follows theprocess and format defined in RFC 2313 (PKCS#1 v1.5)


P_MD5_RSA_1024 MD5
takes an input message of arbitrary length andproduces as output a 128bit message digest of the input. This is theencrypted with the private key under the RSA public key cryptographysystem using a 1024bit modulus. The signature generation follows theprocess and format defined in RFC 2313 (PKCS#1 v1.5).P_RSASSA_PKCS1_v1_5_SHA1_1024 
SHA1 is used to produce a 160bit messagedigest based on the input message to be signed. RSA is then used togenerate the signature value, following the process defined in section8 of RFC 2437 and format defined in section 9.2.1 of RFC 2437. The RSAprivate/public key pair is using a 1024bit modulus.P_SHA1_DSA SHA1
is used to produce a 160bit message digest based onthe input message to be signed. DSA is then used to generate thesignature value. The signature generation follows the process andformat defined in section 7.2.2 of RFC 2459.AuthMechanism :P_OSA_MD5
 Authentication is based on the use of MD5 (RFC 1321) hashingalgorithm to generate a response based on a shared secret and achallenge received via challenge() method. The capability touse thisalgorithm is required to be supported when using CHAP (RFC 1994)P_OSA_HMAC_SH1_96
Authentication is based on the use of HMAC-SHA1 (RFC2404) hashing algorithm to generate a response based on a sharedsecret and a challenge received via challenge() method.P_OSA_HMAC_MD5_96
 Authentication is based on the use ofHMAC-MD5 (RFC2403) hashing algorithm to generate a response based on a sharedsecret and a challenge received via challenge() method





		Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!