Re: Loading RSA keys from file.
Hello:
I send you a function that read RSA public and
private key from a file:
RSA *RecuperaClavesRSA(int type, char
*pemfile){ FILE *fp; RSA *key=NULL; switch
(type){ case READPUB: if((fp =
fopen(pemfile,"r")) == NULL)
{ fprintf(stderr,"Error:
Public Key file doesn't
exists.\n");
exit(EXIT_FAILURE);
} if((key =
PEM_read_RSAPublicKey(fp,NULL,NULL,NULL)) == NULL)
{ fprintf(stderr,"Error:
problems while reading Public
Key.\n");
exit(EXIT_FAILURE);
} fclose(fp);
printf("RSA size: %d", RSA_size(key));
return
key; break; case
READSEC: if((fp = fopen(pemfile,"r")) == NULL)
{ fprintf(stderr,"Error:
Private Key file doesn't
exists.\n");
exit(EXIT_FAILURE);
} if((key =
PEM_read_RSAPrivateKey(fp,NULL,NULL,NULL)) == NULL)
{ fprintf(stderr,"Error:
problmes while reading Private Key. %d
%s\n",type,pemfile);
exit(EXIT_FAILURE);
}
fclose(fp); if(RSA_check_key(key) == -1)
{ fprintf(stderr,"Error:
Problems while reading RSA Private Key in
\ '%s'
file.\n",pemfile);
exit(EXIT_FAILURE); } else
if(RSA_check_key(key) == 0)
{ fprintf(stderr,"Error: Bad
RSA Private Key readed in '%s'
\
file.\n",pemfile);
exit(EXIT_FAILURE);
}
else return
key; break; } return
key;}
If the parameter "type" is "READPUB" it read the
public key from the file "pemfile", and if this parameter is "READSEC", it read
the private key.
Too, this function show RSA size
correctly.
I hope this function solve your
problem.
Regards.
P.D.: Your name remember me a very famous song of
Eric Clapton ... ;-)
- Original Message -
From:
Layla
To: openssl-users@openssl.org
Sent: Tuesday, May 10, 2005 3:55 PM
Subject: Re: Loading RSA keys from
file.
Hi Angel,
Thank you for your response. I have changed my code with accordance to
your suggestion but I'm still getting a runtime error when attempting to read
the key from its file.
So far I'm having trouble with 1- reading the key from file, and 2-
RSA_size() , this function generates a runtime error when encountered as well.
I can't think of anything since I'm initializing my RSA object.
Suggestions ?
Angel Martinez Gonzalez [EMAIL PROTECTED]
wrote:
Hello Layla:
Maybe, your error disapear if you will change
the following:
apub = PEM_read_RSAPublicKey(f, NULL, NULL, NULL);
Regards.
- Original Message -
From:
Layla
To: openssl-users@openssl.org
Sent: Tuesday, May 10, 2005 9:30
AM
Subject: Loading RSA keys from
file.
I'm still not able to load the key from its file and I'm still
encountering an error when I use RSA_size();a run time error occured
when I try to print the returned size. I'm including a segment of my code
after modification:
RSA *apub;
FILE *f;
seed_prng(); // my function for seeding PRNG
//Allocating apub
apub = RSA_new();
if ( apub == NULL)
//print error mesage
//open key file
f= fopen ("a_rsa_public","r");
if (f == NULL)
//print error message
//Loading key
apub = PEM_read_RSAPublicKey(f, apub, 0,0); //a run
time error occurs here
if (apub == NULL)
{
// print error message
return -1;
}
/* if I try the following line after the allocation of the RSA object
I get a runtime error as well*/
printf("RSA size: %d", RSA_size(apub);
***
I'm thankful for any help I can get.
Sebastian
[EMAIL PROTECTED] wrote:
Hmm,take
a look at routines like RSA_new() to create RSA structures. As you coded
'sizeof apub', this will return the size of a _pointer_ - assuming a
32-bit architecture you will get round about four bytes ;-).See:
http://www.openssl.org/docs/crypto/RSA_new.htmlThe
runtime error is caused by calling RSA_size() with a null pointer -
unfortnunfortunately RSA_size() doesn't like null pointers.See:
http://www.openssl.org/docs/crypto/RSA_size.htmlGood
luck,Sebastian Hi all, I'm trying
to develop a C++ application to encrypt and decrypt data using
RSA public key cryptography scheme. I have generated the
public/private keys using OpenSSL command line tool. The following C++
code should read a public key, encrypt data, read private key
and decrypt the data:
#include #include #include
#include #include
int main() {
char *message ="Hello World!"; RSA *apub; RSA
*aprivate; FILE *f; int ret; unsigned char
*buf; unsigned char
Re: SHA2
Milan Tomic wrote: I'm trying to generate self signed certificates with sha256, sha384 and sha512 algorithms for testing purposes. It seems openssl.exe doesn't understand it, although I have downloaded latest version (openssl-0.9.7g). try a recent snapshot from 0.9.8-dev (the cvs head) Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
Andreas Hoffmann wrote:
...
md_ctx = EVP_MD_CTX_create();
EVP_VerifyInit_ex(md_ctx, EVP_sha1(), NULL );
EVP_VerifyUpdate(md_ctx, data, data_length);
sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey);
if (sig_err == -1) {
printf(An error occured while verifying the signature!\n);
ERR_print_errors_fp (stderr);
exit(1);
}
else if (sig_err == 0) {
printf(The signature does not match the data\n);
ERR_print_errors_fp (stderr);
exit(1);
}
else {
printf(OK - The signature does match the data\n);
}
But the result is always signature does not match - although it should.
The errors are:
9876:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long:asn1_lib.c:132:
9876:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:tasn_dec.c:935:
9876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:304:Type=X509_SIG
what's in signature ?
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Problem to cipher/decypher a struct with RSA
Angel Martinez Gonzalez wrote:
Hello:
I want to cypher/decypher an struct:
struct PeticionSeudonimo
{
char *mensaje;
int id_peticion;
DES_cblock *clave_simetrica;
}peticion_seudonimo;
To do this, I first convert this struct to char *:
char *ptrPeticionSeudonimo = (char *)peticion_seudonimo;
Then I use this function to cipher:
char *CifradoClavePublica(RSA *claveRSA, char *texto)
{
char *textocifrado;
textocifrado =malloc(RSA_size(claveRSA));
RSA_public_encrypt(strlen(texto)+1, texto, textocifrado, claveRSA,
I wouldn't use strlen(), sizeof() might be more appropriate
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
Nils Larsch wrote:
Andreas Hoffmann wrote:
...
md_ctx = EVP_MD_CTX_create();
EVP_VerifyInit_ex(md_ctx, EVP_sha1(), NULL );
EVP_VerifyUpdate(md_ctx, data, data_length);
sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey);
if (sig_err == -1) {
printf(An error occured while verifying the signature!\n);
ERR_print_errors_fp (stderr);
exit(1);
}
else if (sig_err == 0) {
printf(The signature does not match the data\n);
ERR_print_errors_fp (stderr);
exit(1);
}
else {
printf(OK - The signature does match the data\n);
}
But the result is always signature does not match - although it
should.
The errors are:
9876:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long:asn1_lib.c:132:
9876:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:tasn_dec.c:935:
9876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested
asn1 error:tasn_dec.c:304:Type=X509_SIG
what's in signature ?
signature is a uint8_t *signature; - it is a signed value, which is
received within an IKE-exchange and has to be verified.
BTW: EVP_VerifyFinal returns 0 not -1
Thanks
Andreas
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Problem to cipher/decypher a struct with RSA
Hello:
Thanks Nils for you help, but I obtain the problem. I have tried your
advice:
RSA_public_encrypt(sizeof(texto)+1, texto, textocifrado, claveRSA,
RSA_PKCS1_PADDING);
but the problem is the same.
- Original Message -
From: Nils Larsch [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Thursday, May 12, 2005 9:51 AM
Subject: Re: Problem to cipher/decypher a struct with RSA
Angel Martinez Gonzalez wrote:
Hello:
I want to cypher/decypher an struct:
struct PeticionSeudonimo
{
char *mensaje;
int id_peticion;
DES_cblock *clave_simetrica;
}peticion_seudonimo;
To do this, I first convert this struct to char *:
char *ptrPeticionSeudonimo = (char *)peticion_seudonimo;
Then I use this function to cipher:
char *CifradoClavePublica(RSA *claveRSA, char *texto)
{
char *textocifrado;
textocifrado =malloc(RSA_size(claveRSA));
RSA_public_encrypt(strlen(texto)+1, texto, textocifrado, claveRSA,
I wouldn't use strlen(), sizeof() might be more appropriate
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
I think that the format of the signature make problem, normally the standard format of signature is a DER format. Abdou, __ Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem to cipher/decypher a struct with RSA
I'm afraid sizeof(texto) returns the size of the pointer itself (4 in case of
IA-32), not the data length. sizeof(struct PeticionSeudonimo) would be more
effective.
Also, you are using pointers in your struct (like char *mensaje), which means
you are ciphering the pointer only, not the data it is pointing to.
HTH,
Gyorgy
[EMAIL PROTECTED] 5/11/2005 10:07:28
Hello:
Thanks Nils for you help, but I obtain the problem. I have tried your
advice:
RSA_public_encrypt(sizeof(texto)+1, texto, textocifrado, claveRSA,
RSA_PKCS1_PADDING);
but the problem is the same.
- Original Message -
From: Nils Larsch [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Thursday, May 12, 2005 9:51 AM
Subject: Re: Problem to cipher/decypher a struct with RSA
Angel Martinez Gonzalez wrote:
Hello:
I want to cypher/decypher an struct:
struct PeticionSeudonimo
{
char *mensaje;
int id_peticion;
DES_cblock *clave_simetrica;
}peticion_seudonimo;
To do this, I first convert this struct to char *:
char *ptrPeticionSeudonimo = (char *)peticion_seudonimo;
Then I use this function to cipher:
char *CifradoClavePublica(RSA *claveRSA, char *texto)
{
char *textocifrado;
textocifrado =malloc(RSA_size(claveRSA));
RSA_public_encrypt(strlen(texto)+1, texto, textocifrado, claveRSA,
I wouldn't use strlen(), sizeof() might be more appropriate
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
The signature contains the value which is extracted from the socket-datastream and is 128Bytes (1024bit) long. What is in a signature in DER format? - Is it just the signature itself or is there additional information? What do the error-messages mean - - Is there some problem while verifying (wrong input-values,...) OR - Is the verification completed successfully but the signature simply does not match the data? Andreas the errors again: 9876:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: 9876:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:935: 9876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509_SIG El hallabi-Kettani Abderrahmane schrieb: I think that the format of the signature make problem, normally the standard format of signature is a DER format. Abdou, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
make this test to see exactly what you have as
errors.
if (err != 1) {
ERR_print_errors_fp (stderr);
exit (1);
}
Abdou,
__
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
make this test to see exactly what you have as
errors.
if (err != 1) {
ERR_print_errors_fp (stderr);
exit (1);
}
Abdou,
That's almost exactly how I got the errors
I did:
sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey);
printf(Signature-Verification: %d\n,sig_err);
if (sig_err == -1) {
printf(An error occured while verifying the signature!\n);
ERR_print_errors_fp (stderr);
exit(1);
}
else if (sig_err == 0) {
printf(The signature does not match the data\n);
ERR_print_errors_fp (stderr);
exit(1);
}
else {
printf(OK - The signature does match the data\n);
}
And got:
Signature-Verification: 0
The signature does not match the data
9876:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long:asn1_lib.c:132:
9876:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:tasn_dec.c:935:
9876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:304:Type=X509_SIG
Any ideas?
Andreas
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
On Wed, May 11, 2005, Andreas Hoffmann wrote:
The signature contains the value which is extracted from the
socket-datastream and is 128Bytes (1024bit) long.
What is in a signature in DER format? - Is it just the signature itself
or is there additional information?
What do the error-messages mean -
- Is there some problem while verifying (wrong input-values,...) OR
- Is the verification completed successfully but the signature simply
does not match the data?
Andreas
the errors again:
9876:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long:asn1_lib.c:132:
9876:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:tasn_dec.c:935:
9876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:304:Type=X509_SIG
This needs a bit of background first.
EVP_{Sign,Verify}*() with an RSA key use PKCS#1 for signatures. This consists
of DER DigestInfo structure (X509_SIG in OpenSSL) encrypted using the
appropriate RSA key. This structure is simply the digest value and the digest
algorithm in use.
When the signature is verified OpenSSL decrypts and attempts to ASN1 parse the
result.
If the ASN1 parsing fails you get that error. It is unlikely that that error
could be produce by an accident: it may well be in a different format.
To see the format used you can do:
openssl rsautl -verify -certin -in signature -inkey cert.pem -hexdump
and post the result. Also try it with the -asn1parse option instead of
-hexdump.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Callback function in c++ methods
Hello, I am implementing an object model for secure communications and secure sessions gestor. I am using the openSSL library for this task. My problem is when I define the callback functions for external SSL sessions, the callback functions cannot methods of a class if these are not static, but I cannot define these static because some attributs of the class are not static and either know how I can pass the this if I define the callback function static. Somebody has some idea? Thank you very much! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
hmac problem in fips mode
Hi!
I have a problem with hmac in fips mode.
The following code always returns the same fingerprint. It doesn't depend on
the data.
#includeopenssl/ssl.h
#includeopenssl/hmac.h
.
.
.
unsigned char data[16384];
unsigned char md[256];
unsigned int no;
.
.
.
HMAC_CTX ctx;
HMAC_CTX_init(ctx);
FILE *fh=fopen(file,rb);
HMAC_Init_ex(ctx, (unsigned char *)etaonrishdlcupfm, 16,EVP_sha1(),NULL);
//HMAC_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
do
{
no=fread(data,1,16384,fh);
if( no0 ) HMAC_Update(ctx, data, no);
}
while(!feof(fh));
HMAC_Final(ctx, md, no);
HMAC_CTX_cleanup(ctx);
So md always contains the same values in fips mode. However in non fips mode
this code works properly and md contains the proper sha1 hmac fingerprint.
I tried openssl 0.9.7g stable and snapshot 2005.05.11. I built them on
Windows XP. VS .NET 2003 using masm, both static and dynamic linking.
Thanks,
Matyas Majzik
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
To see the format used you can do: openssl rsautl -verify -certin -in signature -inkey cert.pem -hexdump and post the result. Also try it with the -asn1parse option instead of -hexdump. # openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem -asn1parse Error in encoding 15952:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: # openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem -hexdump - 4f 23 50 15 e1 24 51 a2-4d 86 28 4c 4a 3b 50 29 O#P..$Q.M.(LJ;P) 0010 - f0 13 ad 14 this is exactly the expected data: 4f235015 e12451a2 4d86284c 4a3b5029 f013ad14 So is there a way to verify the hex-data? Andreas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
On Wed, May 11, 2005, Andreas Hoffmann wrote:
To see the format used you can do:
openssl rsautl -verify -certin -in signature -inkey cert.pem -hexdump
and post the result. Also try it with the -asn1parse option instead of
-hexdump.
# openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem
-asn1parse
Error in encoding
15952:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long:asn1_lib.c:132:
# openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem
-hexdump
- 4f 23 50 15 e1 24 51 a2-4d 86 28 4c 4a 3b 50 29 O#P..$Q.M.(LJ;P)
0010 - f0 13 ad 14
this is exactly the expected data:
4f235015 e12451a2 4d86284c 4a3b5029 f013ad14
So is there a way to verify the hex-data?
Well that means whatever generated that signature is using a non-standard
technique, if it can be made to use PKCS#1 then that would be best. That isn't
hard to do if you've any control over the format.
Alternatively you can manually do the compare. In outline you'd call
RSA_public_decrypt() to obtain the signed digest, check its length is correct,
call EVP_Digest{Init,Update,Final) to calculate the expected digest and
finally compare the two.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
No show errors with ERR_print_errors_fp()
Hello: I want to obtain the errors that I have, and I use the function ERR_print_errors_fp(). But , this give a empty file. And I have errors ... My code: ERR_load_crypto_strings(); fp = fopen(fileError, w); ERR_print_errors_fp(fp); fclose(fp); Can somebody help me? Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: hmac problem in fips mode
On Wed, May 11, 2005, Matyas Majzik wrote:
Hi!
I have a problem with hmac in fips mode.
The following code always returns the same fingerprint. It doesn't depend
on the data.
#includeopenssl/ssl.h
#includeopenssl/hmac.h
.
.
.
unsigned char data[16384];
unsigned char md[256];
unsigned int no;
.
.
.
HMAC_CTX ctx;
HMAC_CTX_init(ctx);
FILE *fh=fopen(file,rb);
HMAC_Init_ex(ctx, (unsigned char *)etaonrishdlcupfm, 16,EVP_sha1(),NULL);
//HMAC_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
do
{
no=fread(data,1,16384,fh);
if( no0 ) HMAC_Update(ctx, data, no);
}
while(!feof(fh));
HMAC_Final(ctx, md, no);
HMAC_CTX_cleanup(ctx);
So md always contains the same values in fips mode. However in non fips
mode this code works properly and md contains the proper sha1 hmac
fingerprint.
I tried openssl 0.9.7g stable and snapshot 2005.05.11. I built them on
Windows XP. VS .NET 2003 using masm, both static and dynamic linking.
Check that you have successfully entered FIPS mode. It may be that an error
occurred there.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
RE: Callback function in c++ methods
Hello, I have also defined an object model and the workaround to this problem is like this. I made a static list of class pointers, thus whenever an object is formed it is put into that list. Now in the callback i had the ssl pointe (SSL*) with me and every class had the ssl pointer. I simply compared and found the exact class. you can also define a map(std::mapSSL*, CSSLClass). Regards, Ahmad. From: Tyler Durden [EMAIL PROTECTED] Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: Callback function in c++ methods Date: Wed, 11 May 2005 13:23:04 +0200 Hello, I am implementing an object model for secure communications and secure sessions gestor. I am using the openSSL library for this task. My problem is when I define the callback functions for external SSL sessions, the callback functions cannot methods of a class if these are not static, but I cannot define these static because some attributs of the class are not static and either know how I can pass the this if I define the callback function static. Somebody has some idea? Thank you very much! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] _ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
problems in nt.mak file
There is an error in ms\nt.mak file. I think. The following line is generated improperly: CFLAG= /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fdout32 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS It should be /MT instead of /MD because it is used to be a static library not a dynamic. I always have to edit this makefile manually after running ms\do_masm.bat. I cannot use the created library if I leave it to /MD. I am using visual c++. Matyas Majzik __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: hmac problem in fips mode
Check that you have successfully entered FIPS mode. It may be that an error occurred there. Thanks. It was my fault. However I do not understand why I should switch back to non fips mode if failed to switch to fips mode. I thought that if entering fips mode is impossible then it remains in non-fips mode. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
PKCS12 function problem
Hi there!!
I'm trying to use the high level function PKCS12_create in my appto get a p12 file to import it in MSIE and MS Outlook but it seems to be nothing, I mean, I get an empty p12 file.
Ifollowed the pkwrite example in \demos\pkcs12 but it doesn't works..
follow mi code:
out = BIO_new_file(outfile, "wb");
if (out==NULL){//Error}
fp = fopen("Prueba1.p12", "wb");
if ( fp == NULL){//Error}
// load the privkey, thecertificate and the password for the p12 file
p12 = PKCS12_create (pass, outfile, key, ucert, NULL, 0,0,0,0,0); // No problem
res = i2d_PKCS12_fp(fp, p12); //this crashes myprogram
fprintf(stderr, "fp res=%d\n", res);
res = i2d_PKCS12_bio(out, p12); // No problem
fprintf(stderr, "res=%d\n", res); // res =1
if (BIO_write_filename(out, outfile) = 0){fprintf(stdout,"Error generando file p12 \n");}I need some help please
TIA
ZainosDo You Yahoo!?
Yahoo! Net: La mejor conexión a internet y 25MB extra a tu correo por
$100 al mes.
Re: No show errors with ERR_print_errors_fp()
Hi I want to obtain the errors that I have, and I use the function ERR_print_errors_fp(). But , this give a empty file. And I have errors ... My code: ERR_load_crypto_strings(); fp = fopen(fileError, w); ERR_print_errors_fp(fp); fclose(fp); Have you tried to direct the errors to stderr? using: ERR_print_errors_fp (stderr); Do you do multiple fopen ... fclose in your code? Then you should use fp = fopen(fileError,a); as the w option overwrites the file contents. So may be your last write contained no errors. I hope this helps. Andreas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Callback function in c++ methods
ahmad hassan wrote:
Hello,
Hello Ahmad,
I have also defined an object model and the workaround to this problem
is like this.
I made a static list of class pointers, thus whenever an object is
formed it is put into that list.
Now in the callback i had the ssl pointe (SSL*) with me and every class
had the ssl pointer. I simply compared and found the exact class. you
can also define a map(std::mapSSL*, CSSLClass).
And why didn't you define simple C-functions that get the pointer to
the object with a SSL_get_app_data() (or SSL_get_ex_data()) from the
SSL structure and call the wanted method of the object there ?
something like:
[...]
static void callback_info(const SSL *ssl,int type,int val)
{
MyObject *obj=(MyObject*)SSL_get_app_data(ssl);
if (!obj) return;
obj-info(ssl,type,val);
}
[...]
void MyObject::Prepare(SSL* ssl)
{
SSL_set_app_data(ssl,this);
SSL_set_info_callback(ssl,callback_info);
[...]
}
[...]
Bye
Goetz
--
DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
Re: Using RC4 vs EVP_CIPHER
Steve,
Salt shouldn't be predictable so using a fixed string isn't an option but it
isn't secret.
I'm using rand_bytes() to create the salt.
IV. I should really use an IV with some modes. Again, its random
bytes, but it doesn't have to be secret. I will also have to transmit
the IV to the other side. That's not a security problem is it?
Is is a problem if you use the same random bytes for the SALT and the IV?
EVP_BytesToKey() also generates an IV so that isn't a problem.
I'm attempting to use EVP_aes_128_ofb(). OFB mode should have an IV.
I'm passing in 16 char of rand_bytes to EVP_CipherInit_ex(). Currently
I'm not passing the IV to the other side. I would expect the decryption
to fail since the client and the server aren't using the save IV. Its
doesn't fail. This leads me to believe that the cipher isn't actually
using the IV. What am I missing?
int count = 0;
int datal = 0;
unsigned char * someSalt;
unsigned char * theIV;
if (!rand_seeded_p)
{
rand_seed();
rand_seeded_p = 1;
}
//setup the salt for the password
someSalt = new unsigned char[saltSize];
rand_bytes(someSalt,saltSize);
theIV = new unsigned char[saltSize];
rand_bytes(theIV,saltSize);
//hash the password into a 128bit key
datal = (unsigned long)strlen((const char *)password);
EVP_BytesToKey(EVP_aes_128_ofb(), EVP_md5(), (unsigned char *)
someSalt, (const unsigned char *)password, datal, count, keystr, NULL);
EVP_CIPHER_CTX_init(ctx);
EVP_CipherInit_ex(ctx, EVP_aes_128_ofb(), NULL, NULL, NULL, 1);
/* We finished modifying parameters so now we can set key and IV */
EVP_CipherInit_ex(ctx, NULL, NULL, keystr, theIV, 1);
Thanks,
Sean
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
