EVP_SignFinal() throws access violation - wrong documentation
Hello I have problems running an application under Windows XP, which uses EVP functionality. EVP_SignFinal() always fails. After some days of lost time I compiled a debugable version of OpenSSL and the error always occurred in line 86 in the file p_sign.c int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; MS_STATIC EVP_MD_CTX tmp_ctx; *siglen=0; The problem is the the wrong documentation. There is written (http://www.openssl.org/docs/crypto/EVP_SignInit.html#): EVP_SignFinal() signs the data in ctx using the private key pkey and places the signature in sig. If the s parameter is not NULL then the number of bytes of data written (i.e. the length of the signature) will be written to the integer at s, at most EVP_PKEY_size(pkey) bytes will be written. This is NOT true. If you see the function, if ever the parameter s is NULL there is an access violation, because it is a NULL pointer. Maybe also the behavior of this function in this case should be changed. Apart from this, have you ever thought of a documentation system like Doxygen? Could the possibility of a debug build during the generation of the Makefile be included? I had to change manually the flags in the ntddl.mak CFLAG= /MD /W3 /WX /G5 /Od /Gs0 /GF /Gy /nologo /ZI -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll -DOPENSSL_NO_KRB5 LFLAGS=/nologo /subsystem:console /machine:I386 /debug /opt:ref MLFLAGS= /nologo /subsystem:console /debug /machine:I386 /opt:ref /dll Bye, Karsten __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Need RFC compliances for the Signing alogrithms
Hi all I need to check for RFC conformations for the following alogorithms P_MD5_RSA_512 P_SHA1_RSA P_SHA1_DSA P_OSA_MD5 P_OSA_HMAC_SH1_96 P_OSA_HMAC_MD5_96 Details of each is provide below Wether any of you have checked for the RFC compliances of these alogrithem If so can u please provide me the results.. with Thanks Rafeeq SigningAlgorithm: P_MD5_RSA_512 MD5 takes an input message of arbitrary length and produces as output a 128bit message digest of the input. This is then encrypted with the private key under the RSA publickey cryptography system using a 512bit modulus. The signaturegeneration follows the process and format defined in RFC 2313 (PKCS#1 v1.5). P_MD5_RSA_1024 MD5 takes an input message of arbitrary length and produces as output a 128bit message digest of the input. This is the encrypted with the private key under the RSA public key cryptography system using a 1024bit modulus. The signature generation follows the process and format defined in RFC 2313 (PKCS#1 v1.5). P_RSASSA_PKCS1_v1_5_SHA1_1024 SHA1 is used to produce a 160bit message digest based on the input message to be signed. RSA is then used to generate the signature value, following the process defined in section 8 of RFC 2437 and format defined in section 9.2.1 of RFC 2437. The RSA private/public key pair is using a 1024bit modulus. P_SHA1_DSA SHA1 is used to produce a 160bit message digest based on the input message to be signed. DSA is then used to generate the signature value. The signature generation follows the process and format defined in section 7.2.2 of RFC 2459. AuthMechanism : P_OSA_MD5 Authentication is based on the use of MD5 (RFC 1321) hashing algorithm to generate a response based on a shared secret and a challenge received via challenge() method. The capability touse this algorithm is required to be supported when using CHAP (RFC 1994) P_OSA_HMAC_SH1_96 Authentication is based on the use of HMAC-SHA1 (RFC 2404) hashing algorithm to generate a response based on a shared secret and a challenge received via challenge() method. P_OSA_HMAC_MD5_96 Authentication is based on the use ofHMAC-MD5 (RFC 2403) hashing algorithm to generate a response based on ashared secret and a challenge received via challenge() method. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
SSL Client Proxy
Hi all, Does anyone have any information on how to do client side proxying? Im trying to add support for corporate proxies in our application and cant seem to find any good source of info. If anyone has any experience on this or knows of a good source of documents it would be greatly appreciated. Thanks in advance, Darya
RE: SSL Client Proxy
Disregard my email, I found the documentation on the headers that need to be included. Thanks Darya -Original Message- From: Darya Mazandarany Sent: Wednesday, March 09, 2005 9:49 AM To: openssl-dev@openssl.org Subject: SSL Client Proxy Hi all, Does anyone have any information on how to do client side proxying? Im trying to add support for corporate proxies in our application and cant seem to find any good source of info. If anyone has any experience on this or knows of a good source of documents it would be greatly appreciated. Thanks in advance, Darya
[openssl.org #1017] Bug in EC_GROUP_cmp
Thanks for the correction. This will be in the next snapshot. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: sha test failing on MkLinux PPC
Hello, it is nice to see how my messages are totally ignored... I hope this doesn't mean that everybody is clueless. I did further tests though. test 1 ok test 2 ok error calculating SHA on '3c48692aceb44f85cf99c985154c15b79e6baef0' got 3c48692aceb44f85cf99c985154c15b79e6baef0 instead of 3232affa48628a26653b5aaa44541fd90d690603 make[1]: *** [test_sha] Error 1 make[1]: Leaving directory `/usr/src/redhat/BUILD/openssl-0.9.7e/test' make: *** [tests] Error 2 where could the problem lie? I am going to try and see if 0.9.6m already has this problem. The distribution shipped 0.9.6i... I tried to build and test 0.9.6i and even 0.9.5 and they both fail the same way (buit not using rpm, but make and make test). Another more experienced developer of MkLinux hints the test program is wrong, I prefer some help and hints on how to proceed to identify the soruce of the problem Cheers, Riccardo __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Bug in BN_generate_prime?
I am running into a problem where BN_generate_prime always returns a BIGNUM with the value 35879 if the number of bits is less than 16. Here is an example program that illustrates this: $ ./BNTest 15 Bits: 15 1287302641 = 35879 * 35879 1287302641 = 35879 * 35879 1287302641 = 35879 * 35879 1287302641 = 35879 * 35879 $ ./BNTest 16 #works as expected Bits: 16 3319015657 = 57503 * 57719 3203515489 = 61343 * 52223 2981297941 = 58403 * 51047 3599545897 = 58679 * 61343 $ cat BNTest.cpp #include openssl/bn.h #include iostream int main (int argc, char**argv) { if (argc 2) { std::cerr Usage: BNTest bits std::endl; return 1; } int bits = atoi (argv[1]); std::cout Bits: bits std::endl; BN_CTX* ctx = BN_CTX_new(); BN_CTX_init (ctx); BIGNUM* prime1 = BN_new(); BIGNUM* prime2 = BN_new(); BIGNUM* product = BN_new(); BN_init (prime1); BN_init (prime2); BN_init (product); for (int i=0; i4; ++i) { BN_generate_prime (prime1, bits, 0, 0, 0, 0, 0); BN_generate_prime (prime2, bits, 0, 0, 0, 0, 0); BN_mul (product, prime1, prime2, ctx); char* pz_Prime1 = BN_bn2dec (prime1); char* pz_Prime2 = BN_bn2dec (prime2); char* pz_Product = BN_bn2dec (product); std::cout pz_Product = pz_Prime1 * ; std::cout pz_Prime2 std::endl; } return 0; } __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Bug in BN_generate_prime?
Michael D'Errico wrote: I am running into a problem where BN_generate_prime always returns a BIGNUM with the value 35879 if the number of bits is less than 16. Here is an example program that illustrates this: $ ./BNTest 15 Bits: 15 1287302641 = 35879 * 35879 1287302641 = 35879 * 35879 1287302641 = 35879 * 35879 1287302641 = 35879 * 35879 $ ./BNTest 16 #works as expected Bits: 16 3319015657 = 57503 * 57719 3203515489 = 61343 * 52223 2981297941 = 58403 * 51047 3599545897 = 58679 * 61343 this is a known problem. have a look at http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=487 Nils __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Need RFC compliances for the Signing alogrithms
Hi all I need to check for RFC conformations for the following alogorithmsP_MD5_RSA_512P_SHA1_RSAP_SHA1_DSAP_OSA_MD5P_OSA_HMAC_SH1_96P_OSA_HMAC_MD5_96Details of each is provide belowWether any of you have checked for the RFC compliances of these alogrithemIf so can u please provide me the results.. with ThanksNagabhushana Rao Devineni P_MD5_RSA_512 MD5 takes an input message of arbitrary length andproduces as output a 128bit message digest of the input. This is thenencrypted with the private key under the RSA publickey cryptographysystem using a 512bit modulus. The signature generation follows theprocess and format defined in RFC 2313 (PKCS#1 v1.5) P_MD5_RSA_1024 MD5 takes an input message of arbitrary length andproduces as output a 128bit message digest of the input. This is theencrypted with the private key under the RSA public key cryptographysystem using a 1024bit modulus. The signature generation follows theprocess and format defined in RFC 2313 (PKCS#1 v1.5).P_RSASSA_PKCS1_v1_5_SHA1_1024 SHA1 is used to produce a 160bit messagedigest based on the input message to be signed. RSA is then used togenerate the signature value, following the process defined in section8 of RFC 2437 and format defined in section 9.2.1 of RFC 2437. The RSAprivate/public key pair is using a 1024bit modulus.P_SHA1_DSA SHA1 is used to produce a 160bit message digest based onthe input message to be signed. DSA is then used to generate thesignature value. The signature generation follows the process andformat defined in section 7.2.2 of RFC 2459.AuthMechanism :P_OSA_MD5 Authentication is based on the use of MD5 (RFC 1321) hashingalgorithm to generate a response based on a shared secret and achallenge received via challenge() method. The capability touse thisalgorithm is required to be supported when using CHAP (RFC 1994)P_OSA_HMAC_SH1_96 Authentication is based on the use of HMAC-SHA1 (RFC2404) hashing algorithm to generate a response based on a sharedsecret and a challenge received via challenge() method.P_OSA_HMAC_MD5_96 Authentication is based on the use ofHMAC-MD5 (RFC2403) hashing algorithm to generate a response based on a sharedsecret and a challenge received via challenge() method Do you Yahoo!? Yahoo! Small Business - Try our new resources site!