Re: Loading RSA keys from file.
Hello: I send you a function that read RSA public and private key from a file: RSA *RecuperaClavesRSA(int type, char *pemfile){ FILE *fp; RSA *key=NULL; switch (type){ case READPUB: if((fp = fopen(pemfile,"r")) == NULL) { fprintf(stderr,"Error: Public Key file doesn't exists.\n"); exit(EXIT_FAILURE); } if((key = PEM_read_RSAPublicKey(fp,NULL,NULL,NULL)) == NULL) { fprintf(stderr,"Error: problems while reading Public Key.\n"); exit(EXIT_FAILURE); } fclose(fp); printf("RSA size: %d", RSA_size(key)); return key; break; case READSEC: if((fp = fopen(pemfile,"r")) == NULL) { fprintf(stderr,"Error: Private Key file doesn't exists.\n"); exit(EXIT_FAILURE); } if((key = PEM_read_RSAPrivateKey(fp,NULL,NULL,NULL)) == NULL) { fprintf(stderr,"Error: problmes while reading Private Key. %d %s\n",type,pemfile); exit(EXIT_FAILURE); } fclose(fp); if(RSA_check_key(key) == -1) { fprintf(stderr,"Error: Problems while reading RSA Private Key in \ '%s' file.\n",pemfile); exit(EXIT_FAILURE); } else if(RSA_check_key(key) == 0) { fprintf(stderr,"Error: Bad RSA Private Key readed in '%s' \ file.\n",pemfile); exit(EXIT_FAILURE); } else return key; break; } return key;} If the parameter "type" is "READPUB" it read the public key from the file "pemfile", and if this parameter is "READSEC", it read the private key. Too, this function show RSA size correctly. I hope this function solve your problem. Regards. P.D.: Your name remember me a very famous song of Eric Clapton ... ;-) - Original Message - From: Layla To: openssl-users@openssl.org Sent: Tuesday, May 10, 2005 3:55 PM Subject: Re: Loading RSA keys from file. Hi Angel, Thank you for your response. I have changed my code with accordance to your suggestion but I'm still getting a runtime error when attempting to read the key from its file. So far I'm having trouble with 1- reading the key from file, and 2- RSA_size() , this function generates a runtime error when encountered as well. I can't think of anything since I'm initializing my RSA object. Suggestions ? Angel Martinez Gonzalez [EMAIL PROTECTED] wrote: Hello Layla: Maybe, your error disapear if you will change the following: apub = PEM_read_RSAPublicKey(f, NULL, NULL, NULL); Regards. - Original Message - From: Layla To: openssl-users@openssl.org Sent: Tuesday, May 10, 2005 9:30 AM Subject: Loading RSA keys from file. I'm still not able to load the key from its file and I'm still encountering an error when I use RSA_size();a run time error occured when I try to print the returned size. I'm including a segment of my code after modification: RSA *apub; FILE *f; seed_prng(); // my function for seeding PRNG //Allocating apub apub = RSA_new(); if ( apub == NULL) //print error mesage //open key file f= fopen ("a_rsa_public","r"); if (f == NULL) //print error message //Loading key apub = PEM_read_RSAPublicKey(f, apub, 0,0); //a run time error occurs here if (apub == NULL) { // print error message return -1; } /* if I try the following line after the allocation of the RSA object I get a runtime error as well*/ printf("RSA size: %d", RSA_size(apub); *** I'm thankful for any help I can get. Sebastian [EMAIL PROTECTED] wrote: Hmm,take a look at routines like RSA_new() to create RSA structures. As you coded 'sizeof apub', this will return the size of a _pointer_ - assuming a 32-bit architecture you will get round about four bytes ;-).See: http://www.openssl.org/docs/crypto/RSA_new.htmlThe runtime error is caused by calling RSA_size() with a null pointer - unfortnunfortunately RSA_size() doesn't like null pointers.See: http://www.openssl.org/docs/crypto/RSA_size.htmlGood luck,Sebastian Hi all, I'm trying to develop a C++ application to encrypt and decrypt data using RSA public key cryptography scheme. I have generated the public/private keys using OpenSSL command line tool. The following C++ code should read a public key, encrypt data, read private key and decrypt the data: #include #include #include #include #include int main() { char *message ="Hello World!"; RSA *apub; RSA *aprivate; FILE *f; int ret; unsigned char *buf; unsigned char
Re: SHA2
Milan Tomic wrote: I'm trying to generate self signed certificates with sha256, sha384 and sha512 algorithms for testing purposes. It seems openssl.exe doesn't understand it, although I have downloaded latest version (openssl-0.9.7g). try a recent snapshot from 0.9.8-dev (the cvs head) Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
Andreas Hoffmann wrote: ... md_ctx = EVP_MD_CTX_create(); EVP_VerifyInit_ex(md_ctx, EVP_sha1(), NULL ); EVP_VerifyUpdate(md_ctx, data, data_length); sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey); if (sig_err == -1) { printf(An error occured while verifying the signature!\n); ERR_print_errors_fp (stderr); exit(1); } else if (sig_err == 0) { printf(The signature does not match the data\n); ERR_print_errors_fp (stderr); exit(1); } else { printf(OK - The signature does match the data\n); } But the result is always signature does not match - although it should. The errors are: 9876:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: 9876:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:935: 9876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509_SIG what's in signature ? Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem to cipher/decypher a struct with RSA
Angel Martinez Gonzalez wrote: Hello: I want to cypher/decypher an struct: struct PeticionSeudonimo { char *mensaje; int id_peticion; DES_cblock *clave_simetrica; }peticion_seudonimo; To do this, I first convert this struct to char *: char *ptrPeticionSeudonimo = (char *)peticion_seudonimo; Then I use this function to cipher: char *CifradoClavePublica(RSA *claveRSA, char *texto) { char *textocifrado; textocifrado =malloc(RSA_size(claveRSA)); RSA_public_encrypt(strlen(texto)+1, texto, textocifrado, claveRSA, I wouldn't use strlen(), sizeof() might be more appropriate Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
Nils Larsch wrote: Andreas Hoffmann wrote: ... md_ctx = EVP_MD_CTX_create(); EVP_VerifyInit_ex(md_ctx, EVP_sha1(), NULL ); EVP_VerifyUpdate(md_ctx, data, data_length); sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey); if (sig_err == -1) { printf(An error occured while verifying the signature!\n); ERR_print_errors_fp (stderr); exit(1); } else if (sig_err == 0) { printf(The signature does not match the data\n); ERR_print_errors_fp (stderr); exit(1); } else { printf(OK - The signature does match the data\n); } But the result is always signature does not match - although it should. The errors are: 9876:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: 9876:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:935: 9876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509_SIG what's in signature ? signature is a uint8_t *signature; - it is a signed value, which is received within an IKE-exchange and has to be verified. BTW: EVP_VerifyFinal returns 0 not -1 Thanks Andreas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem to cipher/decypher a struct with RSA
Hello: Thanks Nils for you help, but I obtain the problem. I have tried your advice: RSA_public_encrypt(sizeof(texto)+1, texto, textocifrado, claveRSA, RSA_PKCS1_PADDING); but the problem is the same. - Original Message - From: Nils Larsch [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, May 12, 2005 9:51 AM Subject: Re: Problem to cipher/decypher a struct with RSA Angel Martinez Gonzalez wrote: Hello: I want to cypher/decypher an struct: struct PeticionSeudonimo { char *mensaje; int id_peticion; DES_cblock *clave_simetrica; }peticion_seudonimo; To do this, I first convert this struct to char *: char *ptrPeticionSeudonimo = (char *)peticion_seudonimo; Then I use this function to cipher: char *CifradoClavePublica(RSA *claveRSA, char *texto) { char *textocifrado; textocifrado =malloc(RSA_size(claveRSA)); RSA_public_encrypt(strlen(texto)+1, texto, textocifrado, claveRSA, I wouldn't use strlen(), sizeof() might be more appropriate Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
I think that the format of the signature make problem, normally the standard format of signature is a DER format. Abdou, __ Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem to cipher/decypher a struct with RSA
I'm afraid sizeof(texto) returns the size of the pointer itself (4 in case of IA-32), not the data length. sizeof(struct PeticionSeudonimo) would be more effective. Also, you are using pointers in your struct (like char *mensaje), which means you are ciphering the pointer only, not the data it is pointing to. HTH, Gyorgy [EMAIL PROTECTED] 5/11/2005 10:07:28 Hello: Thanks Nils for you help, but I obtain the problem. I have tried your advice: RSA_public_encrypt(sizeof(texto)+1, texto, textocifrado, claveRSA, RSA_PKCS1_PADDING); but the problem is the same. - Original Message - From: Nils Larsch [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, May 12, 2005 9:51 AM Subject: Re: Problem to cipher/decypher a struct with RSA Angel Martinez Gonzalez wrote: Hello: I want to cypher/decypher an struct: struct PeticionSeudonimo { char *mensaje; int id_peticion; DES_cblock *clave_simetrica; }peticion_seudonimo; To do this, I first convert this struct to char *: char *ptrPeticionSeudonimo = (char *)peticion_seudonimo; Then I use this function to cipher: char *CifradoClavePublica(RSA *claveRSA, char *texto) { char *textocifrado; textocifrado =malloc(RSA_size(claveRSA)); RSA_public_encrypt(strlen(texto)+1, texto, textocifrado, claveRSA, I wouldn't use strlen(), sizeof() might be more appropriate Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
The signature contains the value which is extracted from the socket-datastream and is 128Bytes (1024bit) long. What is in a signature in DER format? - Is it just the signature itself or is there additional information? What do the error-messages mean - - Is there some problem while verifying (wrong input-values,...) OR - Is the verification completed successfully but the signature simply does not match the data? Andreas the errors again: 9876:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: 9876:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:935: 9876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509_SIG El hallabi-Kettani Abderrahmane schrieb: I think that the format of the signature make problem, normally the standard format of signature is a DER format. Abdou, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
make this test to see exactly what you have as errors. if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } Abdou, __ Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
make this test to see exactly what you have as errors. if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } Abdou, That's almost exactly how I got the errors I did: sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey); printf(Signature-Verification: %d\n,sig_err); if (sig_err == -1) { printf(An error occured while verifying the signature!\n); ERR_print_errors_fp (stderr); exit(1); } else if (sig_err == 0) { printf(The signature does not match the data\n); ERR_print_errors_fp (stderr); exit(1); } else { printf(OK - The signature does match the data\n); } And got: Signature-Verification: 0 The signature does not match the data 9876:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: 9876:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:935: 9876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509_SIG Any ideas? Andreas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
On Wed, May 11, 2005, Andreas Hoffmann wrote: The signature contains the value which is extracted from the socket-datastream and is 128Bytes (1024bit) long. What is in a signature in DER format? - Is it just the signature itself or is there additional information? What do the error-messages mean - - Is there some problem while verifying (wrong input-values,...) OR - Is the verification completed successfully but the signature simply does not match the data? Andreas the errors again: 9876:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: 9876:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:935: 9876:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509_SIG This needs a bit of background first. EVP_{Sign,Verify}*() with an RSA key use PKCS#1 for signatures. This consists of DER DigestInfo structure (X509_SIG in OpenSSL) encrypted using the appropriate RSA key. This structure is simply the digest value and the digest algorithm in use. When the signature is verified OpenSSL decrypts and attempts to ASN1 parse the result. If the ASN1 parsing fails you get that error. It is unlikely that that error could be produce by an accident: it may well be in a different format. To see the format used you can do: openssl rsautl -verify -certin -in signature -inkey cert.pem -hexdump and post the result. Also try it with the -asn1parse option instead of -hexdump. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Callback function in c++ methods
Hello, I am implementing an object model for secure communications and secure sessions gestor. I am using the openSSL library for this task. My problem is when I define the callback functions for external SSL sessions, the callback functions cannot methods of a class if these are not static, but I cannot define these static because some attributs of the class are not static and either know how I can pass the this if I define the callback function static. Somebody has some idea? Thank you very much! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
hmac problem in fips mode
Hi! I have a problem with hmac in fips mode. The following code always returns the same fingerprint. It doesn't depend on the data. #includeopenssl/ssl.h #includeopenssl/hmac.h . . . unsigned char data[16384]; unsigned char md[256]; unsigned int no; . . . HMAC_CTX ctx; HMAC_CTX_init(ctx); FILE *fh=fopen(file,rb); HMAC_Init_ex(ctx, (unsigned char *)etaonrishdlcupfm, 16,EVP_sha1(),NULL); //HMAC_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); do { no=fread(data,1,16384,fh); if( no0 ) HMAC_Update(ctx, data, no); } while(!feof(fh)); HMAC_Final(ctx, md, no); HMAC_CTX_cleanup(ctx); So md always contains the same values in fips mode. However in non fips mode this code works properly and md contains the proper sha1 hmac fingerprint. I tried openssl 0.9.7g stable and snapshot 2005.05.11. I built them on Windows XP. VS .NET 2003 using masm, both static and dynamic linking. Thanks, Matyas Majzik __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
To see the format used you can do: openssl rsautl -verify -certin -in signature -inkey cert.pem -hexdump and post the result. Also try it with the -asn1parse option instead of -hexdump. # openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem -asn1parse Error in encoding 15952:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: # openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem -hexdump - 4f 23 50 15 e1 24 51 a2-4d 86 28 4c 4a 3b 50 29 O#P..$Q.M.(LJ;P) 0010 - f0 13 ad 14 this is exactly the expected data: 4f235015 e12451a2 4d86284c 4a3b5029 f013ad14 So is there a way to verify the hex-data? Andreas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verifying a signature
On Wed, May 11, 2005, Andreas Hoffmann wrote: To see the format used you can do: openssl rsautl -verify -certin -in signature -inkey cert.pem -hexdump and post the result. Also try it with the -asn1parse option instead of -hexdump. # openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem -asn1parse Error in encoding 15952:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:132: # openssl rsautl -verify -certin -in signature -inkey vpn_test_konz.pem -hexdump - 4f 23 50 15 e1 24 51 a2-4d 86 28 4c 4a 3b 50 29 O#P..$Q.M.(LJ;P) 0010 - f0 13 ad 14 this is exactly the expected data: 4f235015 e12451a2 4d86284c 4a3b5029 f013ad14 So is there a way to verify the hex-data? Well that means whatever generated that signature is using a non-standard technique, if it can be made to use PKCS#1 then that would be best. That isn't hard to do if you've any control over the format. Alternatively you can manually do the compare. In outline you'd call RSA_public_decrypt() to obtain the signed digest, check its length is correct, call EVP_Digest{Init,Update,Final) to calculate the expected digest and finally compare the two. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
No show errors with ERR_print_errors_fp()
Hello: I want to obtain the errors that I have, and I use the function ERR_print_errors_fp(). But , this give a empty file. And I have errors ... My code: ERR_load_crypto_strings(); fp = fopen(fileError, w); ERR_print_errors_fp(fp); fclose(fp); Can somebody help me? Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: hmac problem in fips mode
On Wed, May 11, 2005, Matyas Majzik wrote: Hi! I have a problem with hmac in fips mode. The following code always returns the same fingerprint. It doesn't depend on the data. #includeopenssl/ssl.h #includeopenssl/hmac.h . . . unsigned char data[16384]; unsigned char md[256]; unsigned int no; . . . HMAC_CTX ctx; HMAC_CTX_init(ctx); FILE *fh=fopen(file,rb); HMAC_Init_ex(ctx, (unsigned char *)etaonrishdlcupfm, 16,EVP_sha1(),NULL); //HMAC_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); do { no=fread(data,1,16384,fh); if( no0 ) HMAC_Update(ctx, data, no); } while(!feof(fh)); HMAC_Final(ctx, md, no); HMAC_CTX_cleanup(ctx); So md always contains the same values in fips mode. However in non fips mode this code works properly and md contains the proper sha1 hmac fingerprint. I tried openssl 0.9.7g stable and snapshot 2005.05.11. I built them on Windows XP. VS .NET 2003 using masm, both static and dynamic linking. Check that you have successfully entered FIPS mode. It may be that an error occurred there. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Callback function in c++ methods
Hello, I have also defined an object model and the workaround to this problem is like this. I made a static list of class pointers, thus whenever an object is formed it is put into that list. Now in the callback i had the ssl pointe (SSL*) with me and every class had the ssl pointer. I simply compared and found the exact class. you can also define a map(std::mapSSL*, CSSLClass). Regards, Ahmad. From: Tyler Durden [EMAIL PROTECTED] Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: Callback function in c++ methods Date: Wed, 11 May 2005 13:23:04 +0200 Hello, I am implementing an object model for secure communications and secure sessions gestor. I am using the openSSL library for this task. My problem is when I define the callback functions for external SSL sessions, the callback functions cannot methods of a class if these are not static, but I cannot define these static because some attributs of the class are not static and either know how I can pass the this if I define the callback function static. Somebody has some idea? Thank you very much! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] _ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
problems in nt.mak file
There is an error in ms\nt.mak file. I think. The following line is generated improperly: CFLAG= /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fdout32 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS It should be /MT instead of /MD because it is used to be a static library not a dynamic. I always have to edit this makefile manually after running ms\do_masm.bat. I cannot use the created library if I leave it to /MD. I am using visual c++. Matyas Majzik __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: hmac problem in fips mode
Check that you have successfully entered FIPS mode. It may be that an error occurred there. Thanks. It was my fault. However I do not understand why I should switch back to non fips mode if failed to switch to fips mode. I thought that if entering fips mode is impossible then it remains in non-fips mode. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
PKCS12 function problem
Hi there!! I'm trying to use the high level function PKCS12_create in my appto get a p12 file to import it in MSIE and MS Outlook but it seems to be nothing, I mean, I get an empty p12 file. Ifollowed the pkwrite example in \demos\pkcs12 but it doesn't works.. follow mi code: out = BIO_new_file(outfile, "wb"); if (out==NULL){//Error} fp = fopen("Prueba1.p12", "wb"); if ( fp == NULL){//Error} // load the privkey, thecertificate and the password for the p12 file p12 = PKCS12_create (pass, outfile, key, ucert, NULL, 0,0,0,0,0); // No problem res = i2d_PKCS12_fp(fp, p12); //this crashes myprogram fprintf(stderr, "fp res=%d\n", res); res = i2d_PKCS12_bio(out, p12); // No problem fprintf(stderr, "res=%d\n", res); // res =1 if (BIO_write_filename(out, outfile) = 0){fprintf(stdout,"Error generando file p12 \n");}I need some help please TIA ZainosDo You Yahoo!? Yahoo! Net: La mejor conexión a internet y 25MB extra a tu correo por $100 al mes.
Re: No show errors with ERR_print_errors_fp()
Hi I want to obtain the errors that I have, and I use the function ERR_print_errors_fp(). But , this give a empty file. And I have errors ... My code: ERR_load_crypto_strings(); fp = fopen(fileError, w); ERR_print_errors_fp(fp); fclose(fp); Have you tried to direct the errors to stderr? using: ERR_print_errors_fp (stderr); Do you do multiple fopen ... fclose in your code? Then you should use fp = fopen(fileError,a); as the w option overwrites the file contents. So may be your last write contained no errors. I hope this helps. Andreas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Callback function in c++ methods
ahmad hassan wrote: Hello, Hello Ahmad, I have also defined an object model and the workaround to this problem is like this. I made a static list of class pointers, thus whenever an object is formed it is put into that list. Now in the callback i had the ssl pointe (SSL*) with me and every class had the ssl pointer. I simply compared and found the exact class. you can also define a map(std::mapSSL*, CSSLClass). And why didn't you define simple C-functions that get the pointer to the object with a SSL_get_app_data() (or SSL_get_ex_data()) from the SSL structure and call the wanted method of the object there ? something like: [...] static void callback_info(const SSL *ssl,int type,int val) { MyObject *obj=(MyObject*)SSL_get_app_data(ssl); if (!obj) return; obj-info(ssl,type,val); } [...] void MyObject::Prepare(SSL* ssl) { SSL_set_app_data(ssl,this); SSL_set_info_callback(ssl,callback_info); [...] } [...] Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many smime.p7s Description: S/MIME Cryptographic Signature
Re: Using RC4 vs EVP_CIPHER
Steve, Salt shouldn't be predictable so using a fixed string isn't an option but it isn't secret. I'm using rand_bytes() to create the salt. IV. I should really use an IV with some modes. Again, its random bytes, but it doesn't have to be secret. I will also have to transmit the IV to the other side. That's not a security problem is it? Is is a problem if you use the same random bytes for the SALT and the IV? EVP_BytesToKey() also generates an IV so that isn't a problem. I'm attempting to use EVP_aes_128_ofb(). OFB mode should have an IV. I'm passing in 16 char of rand_bytes to EVP_CipherInit_ex(). Currently I'm not passing the IV to the other side. I would expect the decryption to fail since the client and the server aren't using the save IV. Its doesn't fail. This leads me to believe that the cipher isn't actually using the IV. What am I missing? int count = 0; int datal = 0; unsigned char * someSalt; unsigned char * theIV; if (!rand_seeded_p) { rand_seed(); rand_seeded_p = 1; } //setup the salt for the password someSalt = new unsigned char[saltSize]; rand_bytes(someSalt,saltSize); theIV = new unsigned char[saltSize]; rand_bytes(theIV,saltSize); //hash the password into a 128bit key datal = (unsigned long)strlen((const char *)password); EVP_BytesToKey(EVP_aes_128_ofb(), EVP_md5(), (unsigned char *) someSalt, (const unsigned char *)password, datal, count, keystr, NULL); EVP_CIPHER_CTX_init(ctx); EVP_CipherInit_ex(ctx, EVP_aes_128_ofb(), NULL, NULL, NULL, 1); /* We finished modifying parameters so now we can set key and IV */ EVP_CipherInit_ex(ctx, NULL, NULL, keystr, theIV, 1); Thanks, Sean Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]