Re: Problem Compiling OpenSSL for RSA Support
David G. Hesprich [EMAIL PROTECTED]: ./config rsaref make make test make install it compiles, all tests appear to complete, and installs. However, OpenSSH complains of the lack of RSA support in the libraries. [...] I have contacted Damien Miller at the OpenSSH project, and he was kind enough to send me some test code that he was working on to briefly test the compiled libs for the necessary RSA functionality: #include #include int main(void) { RSA *key; key=RSA_generate_key(32,3,NULL,NULL); if(key==NULL) printf("NO RSA!\n"); else printf("RSA OK!\n"); return(0); } [...] I have tried compliling without the "rsaref" parameter, with the same results. In that test program, insert "ERR_print_errors_fp(stdout);" before the "return(0);" statement and recompile. Running the program then will output the notorious "prng not seeded" error message, which is discussed in the OpenSSL FAQ. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem Compiling OpenSSL for RSA Support
On Fri, Mar 03, 2000 at 09:08:49PM -0500, David G. Hesprich wrote: int main(void) { RSA *key; key=RSA_generate_key(32,3,NULL,NULL); if(key==NULL) printf("NO RSA!\n"); else printf("RSA OK!\n"); return(0); } You have RSA support, but you can't use it because you don't seed the PRNG. Inform the application developer about http://www.openssl.org/support/faq.html#6 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem Compiling OpenSSL for RSA Support
In that test program, insert "ERR_print_errors_fp(stdout);" before the "return(0);" statement and recompile. Running the program then will output the notorious "prng not seeded" error message, which is discussed in the OpenSSL FAQ. It needs a few more bits of glue to see it clearly, which become pretty clear when I put your message together with the FAQ, and went back and grepped the test sources to see what went on there. I re-cobbled together the test program to read as such: #include openssl/rsa.h #include openssl/bn.h #include openssl/err.h #include openssl/rand.h static const char rnd_seed[] = "string to make the random number generator thin$ int main(void) { RSA *key; // RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ key=RSA_generate_key(32,3,NULL,NULL); if(key==NULL) { printf("NO RSA!\n\n"); ERR_load_crypto_strings(); ERR_print_errors_fp(stdout); } else printf("RSA OK!\n"); return(0); } Leaving the RAND_seed() function commendted out, as above, causes the test to fail, as it should, and it does return the correct error. Guess this one goes back to openssh-dev... Thank you very much for the help! -David Hesprich -- David G. Hesprich, CISSP Technical Solutions Consultant Sprint Enterprise Network Services Numeric Pager:800-724-3329 PIN 382-8387 Alpha Pager: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem Compiling OpenSSL for RSA Support
Turns out my problem is just a variation of the Why do I get a "PRNG not seeded" error message? at http://www.openssl.org/support/faq.html#6 If I revise the test program to read: #include openssl/rsa.h #include openssl/bn.h #include openssl/err.h #include openssl/rand.h static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int main(void) { RSA *key; // RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ key=RSA_generate_key(32,3,NULL,NULL); if(key==NULL) { printf("NO RSA!\n\n"); ERR_load_crypto_strings(); ERR_print_errors_fp(stdout); } else printf("RSA OK!\n"); return(0); } Leaving the RAND_seed() function commented out, as above, causes the test to fail, as it should, and it does return the correct error. Removing the comments gets "RSA OK!". So it appears there's nothing wrong with my build of OpenSSL (I do have to go back and test a build with rsaref2 to see if that was working all along, too). Thank you to the folks that responded. I never would have figured it out on my own. -David Hesprich -- David G. Hesprich, CISSP Technical Solutions Consultant Sprint Enterprise Network Services Numeric Pager:800-724-3329 PIN 382-8387 Alpha Pager: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problem Compiling OpenSSL for RSA Support
I'm trying to compile OpenSSL with rsaref2 on a SPARCserver 1000 running Solaris 7. GCC is version 2.8.1, OpenSSL is the 0.9.5 source distribution, and OpenSSH is the 1.2.2 source distribution. I've compliled rsaref2 with the CERT vulnerbility patch and installed librsaref.a into /usr/local/lib and rsa.h into /usr/local/include. After unpacking the OpenSSL source, I perform a: ./config rsaref make make test make install it compiles, all tests appear to complete, and installs. However, OpenSSH complains of the lack of RSA support in the libraries. (LibRSAglue.a is being installed into the /usr/local/ssl/lib directory correctly.) I have contacted Damien Miller at the OpenSSH project, and he was kind enough to send me some test code that he was working on to briefly test the compiled libs for the necessary RSA functionality: #include #include int main(void) { RSA *key; key=RSA_generate_key(32,3,NULL,NULL); if(key==NULL) printf("NO RSA!\n"); else printf("RSA OK!\n"); return(0); } I've compiled it with: #!/bin/sh gcc -o testrsa testrsa.c -I/usr/local/ssl/include -L/usr/local/lib -L/usr/local/ ssl/lib \ -lcrypto -lRSAglue -lrsaref ./testrsa Not surprisingly, it reports "NO RSA!" Although I am a (noncommercial) USA resident (it isn't Christmas I'm waiting for, it's September 20th!), and nominally supposed to use rsaref, I have tried compliling without the "rsaref" parameter, with the same results. I've also tried compiling SNAP-2302, SNAP-2302 w/"no-asm" no luck. Here's the "make report" from the latest attempts (these builds take quite some time on my SPARCserver 1000): OpenSSL self-test report: OpenSSL version: 0.9.6-dev Last change: Include RAND_status() into RAND_METHOD instead of imple... Options: no-asm OS (uname): SunOS megaboz 5.7 Generic_106541-08 sun4d sparc SUNW,SPARCserv er-1000 OS (config): sun4d-sun-solaris2 Target (default): solaris-sparcv8-gcc Target: solaris-sparcv8-gcc Compiler: gcc version 2.8.1 Test passed. Anyone experienced this, know anything about it? I'm going nuts! Thanks, -David Hesprich -- David G. Hesprich, CISSP Technical Solutions Consultant Sprint Enterprise Network Services Numeric Pager:800-724-3329 PIN 382-8387 Alpha Pager: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]