Re: function PEM_read_RSAPrivateKey not returning
Kyle Hamilton wrote: msvcr71d.dll? That looks like a debug version of the VC library to me. It was compiled and run in debug mode. Incidentally, I'm getting the same problem on VC8 (VC++2005 Express Edition). And I'm getting it even in release configuration. Somehow I am relieved and worried the same time that it affects not only me... Did you use the precompiled binaries or compiled yourself? Do you consider it a bug? Do you plan to fix it? (in case you are able to do so) Bye, Matthias __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
OnReceive() not getting called
Hello, I have an FTPServer application developed using CAysncSocket, which is running quite well from the past 4 years. I have added SSL support to this application recently. This is how my application works exactly. A connection is established from a client. Once the connection (command socket) is established, a thread is created and the socket is transferred into the thread. Then a set of commands are transferred between the client and the server (My app) Then another socket is created, (data socket), in which the actual data or files is tansferred. The connection for both the sockets are established successfully. The SSL handshake also happens correctly. When I am trying to transfer the file in the data socket, a portion of the data is transferred successfully and socket is timedout aborting the data transfer. When I have debugged the application I have found that MySocket::OnReceive() is not getting called, where I have put a breakpoint. Note: SSL connection is done seperately for both the sockets. Can any one please help why this is happening or how I can make the OnReceive() fn get called so that my data is transferred completely. Thanks in Advance. Seetharam Seetharam, MTS Project Lead, Sharp Software Development India, Unit 5, Level 3, Innovator, ITPL, Bangalore. Telephone: Mob# 94488 53090 Res# 080-25240789 Yahoo! Mail Use Photomail to share photos without annoying attachments.
Re: function PEM_read_RSAPrivateKey not returning
On Thu, Feb 16, 2006, Matthias wrote: Somehow I am relieved and worried the same time that it affects not only me... I recently noticed a problem when attempting to use an OpenSSL DLL compiled against Visual Studio 2005 with an OpenSSL application compiled with another compiler. When both application and DLL were compiled with Visual Studio 2005 there were no problems. So as I asked earlier: please try compiling a recent 0.9.8 snapshot of OpenSSL using the same version of VC++ and link your application to that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: AES cipher
I tried adding : as suggested, but this still did not work. :(
Does anyone have other suggestions?
-Chris
I'm trying to allow my program to be configurable for either AES 128
bit, or AES 256 bit. The problem is that when I select only the
AES128-SHA cipher, the AES256-SHA cipher gets added
automaticlly.
Is this a limitation of selecting AES, or am I doing something wrong?
Here is my code:
1. Set cyphers:
CString Shif = AES128-SHA;
Shif+=!IDEA:!ADH:;
You probably have to add some : here. With the explicit selection of
AES128-SHA you do not have to remove the other ciphers anyway.
SSL_CTX_set_cipher_list(m_ctx, Shif.GetBuffer());
SSL_CTX_set_options(SSL_OP_NO_SSLv2);
2. Display chypers:
SSL* lSSL = SSL_new(lCTX);
int ccnt=0;
const char *res=(char*)1;
for (int i=0;res!=NULL;i++)
{
res = SSL_get_cipher_list(lSSL, i);
if (res)
{
m_List.AddString((char*)res);
ccnt++;
}
}
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Which algorithms are need for PKCS12_parse?
I'm trying to use PKCS12_parse and it's failing with: error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt error error:23076072:PKCS12 routines:PKCS12_parse:parse error This is a PKCS#12 container I created with OpenSSL 0.9.7 using whatever default algorithms it uses (the manual says RC2-40 and 3DES but I have added those without luck). Now, I am manually adding the algorithms and I absolutely do not want to use any sort of all_all_algorithms function because that makes my final application way too large (I'm statically linking to OpenSSL). It does actually work if I add all algorithms but as I said I do not want to do that. I have tried adding all this: EVP_add_cipher(EVP_des_ede()); EVP_add_cipher(EVP_des_ede3()); EVP_add_cipher(EVP_des_ede_ecb()); EVP_add_cipher(EVP_des_ede3_ecb()); EVP_add_cipher(EVP_des_cfb64()); EVP_add_cipher(EVP_des_cfb1()); EVP_add_cipher(EVP_des_cfb8()); EVP_add_cipher(EVP_des_ede_cfb64()); EVP_add_cipher(EVP_des_ede3_cfb64()); EVP_add_cipher(EVP_des_ede3_cfb1()); EVP_add_cipher(EVP_des_ede3_cfb8()); EVP_add_cipher(EVP_des_ofb()); EVP_add_cipher(EVP_des_ede_ofb()); EVP_add_cipher(EVP_des_ede3_ofb()); EVP_add_cipher(EVP_des_ede_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); EVP_add_cipher(EVP_desx_cbc()); EVP_add_cipher(EVP_rc2_ecb()); EVP_add_cipher(EVP_rc2_cbc()); EVP_add_cipher(EVP_rc2_40_cbc()); EVP_add_cipher(EVP_rc2_64_cbc()); EVP_add_cipher(EVP_rc2_cfb64()); EVP_add_cipher(EVP_rc2_ofb()); EVP_add_cipher(EVP_rc4()); EVP_add_cipher(EVP_rc4_40()); EVP_add_cipher(EVP_des_ecb()); EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_aes_256_ecb()); EVP_add_cipher(EVP_aes_256_cbc()); EVP_add_digest(EVP_md5()); EVP_add_digest(EVP_sha1()); No luck... I wish the error messages would tell me _which_ algorithm is missing. ? When searching for other people having this problem the answer is always add all algorithms. Thanks for any help. -- // Chris
Re: Which algorithms are need for PKCS12_parse?
On Thu, Feb 16, 2006, Chris wrote: error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt error error:23076072:PKCS12 routines:PKCS12_parse:parse error [snip] No luck... I wish the error messages would tell me _which_ algorithm is missing. ? When searching for other people having this problem the answer is always add all algorithms. Its a password based encryption (PBE) algorithm. Probably 40 bit RC2 and/or 3DES using the PKCS#12 key derivation algorihtm. Try calling PKCS12_PBE_add(). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Which algorithms are need for PKCS12_parse?
On 2/16/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote: Its a password based encryption (PBE) algorithm. Probably 40 bit RC2 and/or3DES using the PKCS#12 key derivation algorihtm. Try calling PKCS12_PBE_add().Steve. Thanks! That did the trick. I wish all these _add() functions were listed somewhere or at least listed in the relevant sections of the documentation. I spent much time looking through evp.h and other headers trying to find something that made sense and the whole time all I needed was PKCS12_PBE_add(). Thanks again! -- // Chris
Cryptographic Hardware Accelerators for OpenSSL
Is it possible to add a new Hardware Accelerator beside those that are already supported as an Engine object in the OpenSSL implementation? My intent is trying to add as a new Engine some crypto modules from a Coldfire device..., but after reading some information and some links, it seem that it is not possible... is this correct? regards Lech Olmedo
Re: Cryptographic Hardware Accelerators for OpenSSL
On Thu, Feb 16, 2006, Lech Olmedo wrote: My intent is trying to add as a new Engine some crypto modules from a Coldfire device..., but after reading some information and some links, it seem that it is not possible... is this correct? I'm not sure what would make you think it isn't possible. The preferred way is to compile then engine as a shared library and then it can be loaded and used either using the auto config mechanism (if the application supports it) or by installing it in the appropriate directory and using its name. For example looking up an engine called coldfire might try to load a shared library called libcoldfire.so Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Which algorithms are need for PKCS12_parse?
On Thu, Feb 16, 2006, Chris wrote: On 2/16/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote: Its a password based encryption (PBE) algorithm. Probably 40 bit RC2 and/or 3DES using the PKCS#12 key derivation algorihtm. Try calling PKCS12_PBE_add(). Steve. Thanks! That did the trick. I wish all these _add() functions were listed somewhere or at least listed in the relevant sections of the documentation. I spent much time looking through evp.h and other headers trying to find something that made sense and the whole time all I needed was PKCS12_PBE_add(). It is documented in doc/openssl.txt and that file is referred to in the FAQ... http://www.openssl.org/support/faq.html#MISC2 At some point I'll tidy that up and place it in an appropriate manual page or better still tidy up the PBE API and document the tidied version... Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Cryptographic Hardware Accelerators for OpenSSL
I'm assuming it's also possible to statically link/bind (at build time) engine drivers. Is this the case? R. On Feb 16, 2006, at 3:50 PM, Dr. Stephen Henson wrote: On Thu, Feb 16, 2006, Lech Olmedo wrote: My intent is trying to add as a new Engine some crypto modules from a Coldfire device..., but after reading some information and some links, it seem that it is not possible... is this correct? I'm not sure what would make you think it isn't possible. The preferred way is to compile then engine as a shared library and then it can be loaded and used either using the auto config mechanism (if the application supports it) or by installing it in the appropriate directory and using its name. For example looking up an engine called coldfire might try to load a shared library called libcoldfire.so Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Cryptographic Hardware Accelerators for OpenSSL
On Thu, Feb 16, 2006, Randy Turner wrote: I'm assuming it's also possible to statically link/bind (at build time) engine drivers. Is this the case? Yes. An application then would need to make an explicit call to the static engine code to either reference it explicitly or register it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Which algorithms are need for PKCS12_parse?
On 2/16/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Thu, Feb 16, 2006, Chris wrote:It is documented in doc/openssl.txt and that file is referred to in the FAQ...http://www.openssl.org/support/faq.html#MISC2 At some point I'll tidy that up and place it in an appropriate manual page orbetter still tidy up the PBE API and document the tidied version...Steve. Ah, OK I'll have to widen my documentation search next time. There are so many documents it's hard to know where to look. I was reading the manual pages at openssl.org/docs/... Heh, sometimes I think I spend more time trying to find OpenSSL documentation than actually developing. ;) Thanks! -- // Chris
Re: function PEM_read_RSAPrivateKey not returning
I was using the precompiled binaries when that test failed. After I rebuilt the libraries with the VC8 compiler as Dr. Henson suggested, it worked. I consider it a bug in the Application Binary Interface of Windows, not a bug that OpenSSL can work around. -Kyle H On 2/16/06, Matthias [EMAIL PROTECTED] wrote: Kyle Hamilton wrote: msvcr71d.dll? That looks like a debug version of the VC library to me. It was compiled and run in debug mode. Incidentally, I'm getting the same problem on VC8 (VC++2005 Express Edition). And I'm getting it even in release configuration. Somehow I am relieved and worried the same time that it affects not only me... Did you use the precompiled binaries or compiled yourself? Do you consider it a bug? Do you plan to fix it? (in case you are able to do so) Bye, Matthias __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: AES cipher
Yeah. Any cipher that is not explicitly added is denied. So, try just doing: CString Shif = AES128-SHA; // C++ automatic type conversion converts Shif appropriately to LPSTR SSL_CTX_set_cipher_list(m_ctx, Shif); /* SSL_CTX_set_options(SSL_OP_NO_SSLv2); */ /* Since AES128 isn't an SSLv2 cipher it doesn't matter */ I'd also point out that if you do use a CString::GetBuffer, you need to specify how many characters longer you need the buffer as the parameter to GetBuffer(), else you'll end up with a buffer overrun. Cheers, -Kyle H On 2/16/06, Chris Clark [EMAIL PROTECTED] wrote: I tried adding : as suggested, but this still did not work. :( Does anyone have other suggestions? -Chris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
how to generate Private for Blowfish, CAST and rc4
Hi, I am using the 0.9.7e version of the openssl and i am having trouble with generating the private key for Blowfish, CAST and rc4. Was wondering how do i actually go about doing it. I have search the internet for any command lines related to them was unable to find any. Hope there is someone who can give me some advice. thank you Danny Ng HP:0423750935 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl on arm
hi: I'm now trying to realize a SSL connection on embedded system.But I had some problems in the beginning.how can i compile the OpenSSL in arm-linux-gcc? Simple by changing thegcc to arm-linux-gcc in the Makefile? But i got the error as in the ScreenShot.png. how can i do with this ? Great thanks. Sun Ying-ming免费下载 MSN Explorer __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
