Re: Problem Compiling OpenSSL for RSA Support

2000-03-04 Thread Bodo Moeller 

David G. Hesprich [EMAIL PROTECTED]:

 ./config rsaref
 make
 make test
 make install
 
 it compiles, all tests appear to complete, and installs. However, OpenSSH
 complains of the lack of RSA support in the libraries. [...]
 
 I have contacted Damien Miller at the OpenSSH project, and he was kind
 enough to send me some test code that he was working on to briefly test the
 compiled libs for the necessary RSA functionality:
 
 #include
 #include
 int main(void)
 {
 RSA *key;
 
 key=RSA_generate_key(32,3,NULL,NULL);
 if(key==NULL)
 printf("NO RSA!\n");
 else
 printf("RSA OK!\n");
 return(0);
 }

 [...] I have tried compliling without the "rsaref" parameter, with
 the same results.

In that test program, insert "ERR_print_errors_fp(stdout);" before the
"return(0);" statement and recompile.  Running the program then will
output the notorious "prng not seeded" error message, which is
discussed in the OpenSSL FAQ.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Problem Compiling OpenSSL for RSA Support

2000-03-04 Thread Ulf Möller 

On Fri, Mar 03, 2000 at 09:08:49PM -0500, David G. Hesprich wrote:

 int main(void)
 {
 RSA *key;
 
 key=RSA_generate_key(32,3,NULL,NULL);
 if(key==NULL)
 printf("NO RSA!\n");
 else
 printf("RSA OK!\n");
 return(0);
 }

You have RSA support, but you can't use it because you don't seed the
PRNG.

Inform the application developer about http://www.openssl.org/support/faq.html#6
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Problem Compiling OpenSSL for RSA Support

2000-03-04 Thread David G. Hesprich 

 In that test program, insert "ERR_print_errors_fp(stdout);" before the
 "return(0);" statement and recompile.  Running the program then will
 output the notorious "prng not seeded" error message, which is
 discussed in the OpenSSL FAQ.

It needs a few more bits of glue to see it clearly, which become pretty
clear when I put your message together with the FAQ, and went back and
grepped the test sources to see what went on there. I re-cobbled together
the test program to read as such:

#include openssl/rsa.h
#include openssl/bn.h
#include openssl/err.h
#include openssl/rand.h

static const char rnd_seed[] = "string to make the random number generator
thin$

int main(void) {
  RSA *key;

//  RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */

  key=RSA_generate_key(32,3,NULL,NULL);

  if(key==NULL) {
printf("NO RSA!\n\n");
ERR_load_crypto_strings();
ERR_print_errors_fp(stdout);
  }
  else
printf("RSA OK!\n");

  return(0);
}

Leaving the RAND_seed() function commendted out, as above, causes the test
to fail, as it should, and it does return the correct error.

Guess this one goes back to openssh-dev...

Thank you very much for the help!


-David Hesprich

--
David G. Hesprich, CISSP
Technical Solutions Consultant
Sprint Enterprise Network Services
Numeric Pager:800-724-3329 PIN 382-8387
Alpha Pager: [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Problem Compiling OpenSSL for RSA Support

2000-03-04 Thread David G. Hesprich 

Turns out my problem is just a variation of the Why do I get a "PRNG not
seeded" error message? at http://www.openssl.org/support/faq.html#6

If I revise the test program to read:

#include openssl/rsa.h
#include openssl/bn.h
#include openssl/err.h
#include openssl/rand.h

static const char rnd_seed[] = "string to make the random number generator
think it has entropy";

int main(void) {
  RSA *key;

//  RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */

  key=RSA_generate_key(32,3,NULL,NULL);

  if(key==NULL) {
printf("NO RSA!\n\n");
ERR_load_crypto_strings();
ERR_print_errors_fp(stdout);
  }
  else
printf("RSA OK!\n");

  return(0);
}

Leaving the RAND_seed() function commented out, as above, causes the test to
fail, as it should, and it does return the correct error. Removing the
comments gets "RSA OK!".

So it appears there's nothing wrong with my build of OpenSSL (I do have to
go back and test a build with rsaref2 to see if that was working all along,
too).

Thank you to the folks that responded. I never would have figured it out on
my own.

-David Hesprich

--
David G. Hesprich, CISSP
Technical Solutions Consultant
Sprint Enterprise Network Services
Numeric Pager:800-724-3329 PIN 382-8387
Alpha Pager: [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Problem Compiling OpenSSL for RSA Support

2000-03-03 Thread David G. Hesprich 

I'm trying to compile OpenSSL with rsaref2 on a SPARCserver 1000 running
Solaris 7.

GCC is version 2.8.1, OpenSSL is the 0.9.5 source distribution, and OpenSSH
is the 1.2.2 source distribution.

I've compliled rsaref2 with the CERT vulnerbility patch and installed
librsaref.a into /usr/local/lib and rsa.h into /usr/local/include.

After unpacking the OpenSSL source, I perform a:

./config rsaref
make
make test
make install

it compiles, all tests appear to complete, and installs. However, OpenSSH
complains of the lack of RSA support in the libraries. (LibRSAglue.a is
being installed into the /usr/local/ssl/lib directory correctly.)

I have contacted Damien Miller at the OpenSSH project, and he was kind
enough to send me some test code that he was working on to briefly test the
compiled libs for the necessary RSA functionality:

#include
#include
int main(void)
{
RSA *key;

key=RSA_generate_key(32,3,NULL,NULL);
if(key==NULL)
printf("NO RSA!\n");
else
printf("RSA OK!\n");
return(0);
}

I've compiled it with:

#!/bin/sh

gcc -o testrsa
testrsa.c -I/usr/local/ssl/include -L/usr/local/lib -L/usr/local/
ssl/lib \
-lcrypto -lRSAglue -lrsaref

./testrsa

Not surprisingly, it reports "NO RSA!"

Although I am a (noncommercial) USA resident (it isn't Christmas I'm waiting
for, it's September 20th!), and nominally supposed to use rsaref, I have
tried compliling without the "rsaref" parameter, with the same results.

I've also tried compiling SNAP-2302, SNAP-2302 w/"no-asm" no luck.
Here's the "make report" from the latest attempts (these builds take quite
some time on my SPARCserver 1000):

OpenSSL self-test report:

OpenSSL version:  0.9.6-dev
Last change:  Include RAND_status() into RAND_METHOD instead of imple...
Options:  no-asm
OS (uname):   SunOS megaboz 5.7 Generic_106541-08 sun4d sparc
SUNW,SPARCserv
er-1000
OS (config):  sun4d-sun-solaris2
Target (default): solaris-sparcv8-gcc
Target:   solaris-sparcv8-gcc
Compiler: gcc version 2.8.1

Test passed.

Anyone experienced this, know anything about it? I'm going nuts!


Thanks,
-David Hesprich

--
David G. Hesprich, CISSP
Technical Solutions Consultant
Sprint Enterprise Network Services
Numeric Pager:800-724-3329 PIN 382-8387
Alpha Pager: [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]