PKCS7_digest_from_attributes
Hi, can somebody tell me what does exactly the function PKCS_digest_from_attributes do? Does it calculates the digest from the attributes passing to the function? If so, how does it know what algorithm to use? Thanks, Christian Wiesbauer
RE: RSA_public_decrypt problem
I'm trying to use the RSA_public_decrypt function but I need to set up the public key manually. I have the public exponent and modulus in the form of an array of 'unsigned char' and have converted these to BIGNUM format using BN_bin2bn. I assigned them to the RSA fields n and e. The I call RSA_public_decrypt, but it is returning -1. Calling ERR_GET_REASON returns 101 (RSA_F_RSA_EAY_PRIVATE_DECRYPT?)? What does this mean and how do I need to change my program? No, reason 101 is RSA_R_BAD_E_VALUE, assuming you're sure this was the return value from ERR_GET_REASON. This can only come from RSA_F_RSA_GENERATE_KEY. So either you're not giving the correct reason code or you're getting an error from a previous function. I'm using OpenSSL 0.9.8e and WinXP/Visual Studio 2005. The modulus and exponent values I set to the structure are read from a smartcard. Are you sure you want RSA_public_decrypt? This is normally only used for cust signature processing. (Normally decryption requires the private key.) DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RSA_public_decrypt problem
Hi, I'm trying to use the RSA_public_decrypt function but I need to set up the public key manually. I have the public exponent and modulus in the form of an array of 'unsigned char' and have converted these to BIGNUM format using BN_bin2bn. I assigned them to the RSA fields n and e. The I call RSA_public_decrypt, but it is returning -1. Calling ERR_GET_REASON returns 101 (RSA_F_RSA_EAY_PRIVATE_DECRYPT?)? What does this mean and how do I need to change my program? I'm using OpenSSL 0.9.8e and WinXP/Visual Studio 2005. The modulus and exponent values I set to the structure are read from a smartcard. Thanks in advance Frank Wockenfuß __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: RSA_public_decrypt problem
You're right, I get RSA_R_BAD_E_VALUE (101). Just took the wrong define for the mail. ERR_GET_REASON returns 101. I want to use RSA_public_decrypt to get back the hashvalue that was encrypted with RSA inside the smartcardterminal. And I don't get the private key of the card so I have to use the public key. This is only for verification purpose. Frank -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von David Schwartz Gesendet: Mittwoch, 1. August 2007 10:22 An: openssl-users@openssl.org Betreff: RE: RSA_public_decrypt problem I'm trying to use the RSA_public_decrypt function but I need to set up the public key manually. I have the public exponent and modulus in the form of an array of 'unsigned char' and have converted these to BIGNUM format using BN_bin2bn. I assigned them to the RSA fields n and e. The I call RSA_public_decrypt, but it is returning -1. Calling ERR_GET_REASON returns 101 (RSA_F_RSA_EAY_PRIVATE_DECRYPT?)? What does this mean and how do I need to change my program? No, reason 101 is RSA_R_BAD_E_VALUE, assuming you're sure this was the return value from ERR_GET_REASON. This can only come from RSA_F_RSA_GENERATE_KEY. So either you're not giving the correct reason code or you're getting an error from a previous function. I'm using OpenSSL 0.9.8e and WinXP/Visual Studio 2005. The modulus and exponent values I set to the structure are read from a smartcard. Are you sure you want RSA_public_decrypt? This is normally only used for cust signature processing. (Normally decryption requires the private key.) DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: RSA_public_decrypt problem
It should be pRSA-n = BN_bin2bn( pPublicModulus, nPublicModulusLength, NULL ); pRSA-e = BN_bin2bn( pPublicExponent, nPublicExponentLength, NULL ); Frank Wockenfuß -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Wockenfuß, Frank Gesendet: Mittwoch, 1. August 2007 11:08 An: openssl-users@openssl.org Betreff: AW: RSA_public_decrypt problem I understood, that n should be the modulus and e the exponent. pRSA-n = BN_bin2bn( pPublicModulus, nPublicModulusLength, NULL ); e = pRSA-BN_bin2bn( pPublicExponent, nPublicExponentLength, NULL ); Frank Wockenfuß -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Marek Marcola Gesendet: Mittwoch, 1. August 2007 11:02 An: openssl-users@openssl.org Betreff: Re: RSA_public_decrypt problem Hello, I'm trying to use the RSA_public_decrypt function but I need to set up the public key manually. I have the public exponent and modulus in the form of an array of 'unsigned char' and have converted these to BIGNUM format using BN_bin2bn. I assigned them to the RSA fields n and e. The I call RSA_public_decrypt, but it is returning -1. Calling ERR_GET_REASON returns 101 (RSA_F_RSA_EAY_PRIVATE_DECRYPT?)? What does this mean and how do I need to change my program? I'm using OpenSSL 0.9.8e and WinXP/Visual Studio 2005. The modulus and exponent values I set to the structure are read from a smartcard. Looks like swapped n and e in RSA (if correctly read to BN). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: AW: RSA_public_decrypt problem
I've tested it and it looks good. I get back the values I have set. Frank Wockenfuß -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Marek Marcola Gesendet: Mittwoch, 1. August 2007 11:18 An: openssl-users@openssl.org Betreff: Re: AW: RSA_public_decrypt problem Hello, It should be pRSA-n = BN_bin2bn( pPublicModulus, nPublicModulusLength, NULL ); e = pRSA-BN_bin2bn( pPublicExponent, nPublicExponentLength, NULL ); After that, you may try: bn_hex = BN_bn2hex(pRSA-n); printf(n: %s\n, bn_hex); free(bn_hex); bn_hex = BN_bn2hex(pRSA-e); printf(e: %s\n, bn_hex); free(bn_hex); to check that you have good big numbers. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: RSA_public_decrypt problem
Hello, I'm trying to use the RSA_public_decrypt function but I need to set up the public key manually. I have the public exponent and modulus in the form of an array of 'unsigned char' and have converted these to BIGNUM format using BN_bin2bn. I assigned them to the RSA fields n and e. The I call RSA_public_decrypt, but it is returning -1. Calling ERR_GET_REASON returns 101 (RSA_F_RSA_EAY_PRIVATE_DECRYPT?)? What does this mean and how do I need to change my program? I'm using OpenSSL 0.9.8e and WinXP/Visual Studio 2005. The modulus and exponent values I set to the structure are read from a smartcard. Looks like swapped n and e in RSA (if correctly read to BN). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: RSA_public_decrypt problem
You're right, I get RSA_R_BAD_E_VALUE (101). Just took the wrong define for the mail. ERR_GET_REASON returns 101. Only the RSA key generation function can produce this error. Perhaps you had it left over from a previous function you called? Perhaps your engine can generate this error in response to other commands? I want to use RSA_public_decrypt to get back the hashvalue that was encrypted with RSA inside the smartcardterminal. And I don't get the private key of the card so I have to use the public key. This is only for verification purpose. You may be misunderstanding the purpose of this function. It's not clear. Normally, we encrypt with the public key and decrypt with the private key. When you encrypt with the private key such that anyone with the public key can decrypt it, that's called a signature. In this 'encryption' is really signing and 'decrypting' is signature verification. You cannot decrypt something with the public key unless it's a signature. It is easy to confuse two meanings of the word encrypt. One is the mathematical operation in the RSA cipher that doesn't necessarily provide any actual encryption (in the sense of security from interception) at all. The RSA_public_decrypt function performs the RSA cipher function of decryption using the public key. This is normally used to verify a signature. It cannot be used to actually decrypt anything since real decryption requires the private key -- that's its entire point. Again, RSA_public_decrypt and RSA_private_encrypt are signature generation and validation functions. They have nothing to do with encrypting or decrypting information to prevent interception by nefarious third parties. (Why 'encrypt'4 something so that anyone with the public key can decrypt it? Simple -- that makes perfect sense if you're signing it.) So what you are attempting may be fundamentally broken. Are you trying to verify an RSA signature? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: RSA_public_decrypt problem
Yes, I'm trying to verify a RSA signature. What can I do to verify it correctly? Frank Wockenfuß -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von David Schwartz Gesendet: Mittwoch, 1. August 2007 11:01 An: openssl-users@openssl.org Betreff: RE: RSA_public_decrypt problem You're right, I get RSA_R_BAD_E_VALUE (101). Just took the wrong define for the mail. ERR_GET_REASON returns 101. Only the RSA key generation function can produce this error. Perhaps you had it left over from a previous function you called? Perhaps your engine can generate this error in response to other commands? I want to use RSA_public_decrypt to get back the hashvalue that was encrypted with RSA inside the smartcardterminal. And I don't get the private key of the card so I have to use the public key. This is only for verification purpose. You may be misunderstanding the purpose of this function. It's not clear. Normally, we encrypt with the public key and decrypt with the private key. When you encrypt with the private key such that anyone with the public key can decrypt it, that's called a signature. In this 'encryption' is really signing and 'decrypting' is signature verification. You cannot decrypt something with the public key unless it's a signature. It is easy to confuse two meanings of the word encrypt. One is the mathematical operation in the RSA cipher that doesn't necessarily provide any actual encryption (in the sense of security from interception) at all. The RSA_public_decrypt function performs the RSA cipher function of decryption using the public key. This is normally used to verify a signature. It cannot be used to actually decrypt anything since real decryption requires the private key -- that's its entire point. Again, RSA_public_decrypt and RSA_private_encrypt are signature generation and validation functions. They have nothing to do with encrypting or decrypting information to prevent interception by nefarious third parties. (Why 'encrypt'4 something so that anyone with the public key can decrypt it? Simple -- that makes perfect sense if you're signing it.) So what you are attempting may be fundamentally broken. Are you trying to verify an RSA signature? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: AW: RSA_public_decrypt problem
Hello, It should be pRSA-n = BN_bin2bn( pPublicModulus, nPublicModulusLength, NULL ); pRSA-e = BN_bin2bn( pPublicExponent, nPublicExponentLength, NULL ); After that, you may try: bn_hex = BN_bn2hex(pRSA-n); printf(n: %s\n, bn_hex); free(bn_hex); bn_hex = BN_bn2hex(pRSA-e); printf(e: %s\n, bn_hex); free(bn_hex); to check that you have good big numbers. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: RSA_public_decrypt problem
I understood, that n should be the modulus and e the exponent. pRSA-n = BN_bin2bn( pPublicModulus, nPublicModulusLength, NULL ); pRSA-e = BN_bin2bn( pPublicExponent, nPublicExponentLength, NULL ); Frank Wockenfuß -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Marek Marcola Gesendet: Mittwoch, 1. August 2007 11:02 An: openssl-users@openssl.org Betreff: Re: RSA_public_decrypt problem Hello, I'm trying to use the RSA_public_decrypt function but I need to set up the public key manually. I have the public exponent and modulus in the form of an array of 'unsigned char' and have converted these to BIGNUM format using BN_bin2bn. I assigned them to the RSA fields n and e. The I call RSA_public_decrypt, but it is returning -1. Calling ERR_GET_REASON returns 101 (RSA_F_RSA_EAY_PRIVATE_DECRYPT?)? What does this mean and how do I need to change my program? I'm using OpenSSL 0.9.8e and WinXP/Visual Studio 2005. The modulus and exponent values I set to the structure are read from a smartcard. Looks like swapped n and e in RSA (if correctly read to BN). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: RSA_public_decrypt problem
This is the first call in the engine and the set of n and e doesn't raise any error (I've just tested it). The error occurs on RSA_public_decrypt. Frank Wockenfuß -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von David Schwartz Gesendet: Mittwoch, 1. August 2007 12:18 An: openssl-users@openssl.org Betreff: RE: RSA_public_decrypt problem You're right, I get RSA_R_BAD_E_VALUE (101). Just took the wrong define for the mail. ERR_GET_REASON returns 101. Only the RSA key generation function can produce this error. Perhaps you had it left over from a previous function you called? Perhaps your engine can generate this error in response to other commands? Confirm that this isn't the issue. Make sure that ERR_GET_REASON does not return 101 prior to your call to RSA_public_decrypt. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: RSA_public_decrypt problem
You're right, I get RSA_R_BAD_E_VALUE (101). Just took the wrong define for the mail. ERR_GET_REASON returns 101. Only the RSA key generation function can produce this error. Perhaps you had it left over from a previous function you called? Perhaps your engine can generate this error in response to other commands? Confirm that this isn't the issue. Make sure that ERR_GET_REASON does not return 101 prior to your call to RSA_public_decrypt. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Constraints on the length of certificate subject DN
Dear openssl developers, Doesn't anybody know the answer to the posed question? Is there any limit on the length of the subject DN string in X.509 certificates issued using openssl? Arsen. On Thu, 26 Jul 2007, Arsen Hayrapetyan wrote: Hello, Does OpenSSL put length constraints on the length of subject DN of X.509certificate? If not, what is the maximum length of the subject DN string? Thanks in advance, Arsen. -- Best regards, Arsen. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: RSA_public_decrypt problem
This is the first call in the engine and the set of n and e doesn't raise any error (I've just tested it). The error occurs on RSA_public_decrypt. Frank Wockenfuß I see no way RSA_public_decrypt can make ERR_GET_REASON return 101. If you're 100% absolutely positively sure that's happening, then the most rational explanation would be that you are calling an engine's implementation of RSA_public_decrypt rather than OpenSSL's and that engine doesn't like your exponent for some reason. Do you know if your call to RSA_public_decrypt is being handled by an engine? If so, do you have the source code to that engine? You might want to grep it for any code that can return an error reason of 101. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: RSA_public_decrypt problem
I do ENGINE_load_builtin_engines(); before calling the decrypt function. There is no other engine attached, I use the standard engines from OpenSSL 0.9.8e. Are there other way to verify the signature with only the public key? Frank Wockenfuß -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von David Schwartz Gesendet: Mittwoch, 1. August 2007 12:57 An: openssl-users@openssl.org Betreff: RE: RSA_public_decrypt problem This is the first call in the engine and the set of n and e doesn't raise any error (I've just tested it). The error occurs on RSA_public_decrypt. Frank Wockenfuß I see no way RSA_public_decrypt can make ERR_GET_REASON return 101. If you're 100% absolutely positively sure that's happening, then the most rational explanation would be that you are calling an engine's implementation of RSA_public_decrypt rather than OpenSSL's and that engine doesn't like your exponent for some reason. Do you know if your call to RSA_public_decrypt is being handled by an engine? If so, do you have the source code to that engine? You might want to grep it for any code that can return an error reason of 101. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: RSA_public_decrypt problem
I do ENGINE_load_builtin_engines(); before calling the decrypt function. There is no other engine attached, I use the standard engines from OpenSSL 0.9.8e. Are there other way to verify the signature with only the public key? RSA_verify. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: RSA_public_decrypt problem
I tried it and now I get 119 (RSA_F_RSA_VERIFY). Does this mean that it just failed. How can I get extended error informations? Frank Wockenfuß -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von David Schwartz Gesendet: Mittwoch, 1. August 2007 13:41 An: openssl-users@openssl.org Betreff: RE: RSA_public_decrypt problem I do ENGINE_load_builtin_engines(); before calling the decrypt function. There is no other engine attached, I use the standard engines from OpenSSL 0.9.8e. Are there other way to verify the signature with only the public key? RSA_verify. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: RSA_public_decrypt problem
Same mistake as before: 119 means RSA_R_WRONG_SIGNATURE_LENGTH Frank Wockenfuß -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von David Schwartz Gesendet: Mittwoch, 1. August 2007 13:41 An: openssl-users@openssl.org Betreff: RE: RSA_public_decrypt problem I do ENGINE_load_builtin_engines(); before calling the decrypt function. There is no other engine attached, I use the standard engines from OpenSSL 0.9.8e. Are there other way to verify the signature with only the public key? RSA_verify. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: double free or corruption (!prev) in CRYPTO_free()?
I shall use the tool to get more insights. In line with the issue reported(application crash if too many simultaneous SSL handshake occurs) , I am seeing application crash under stress performance(with valid SSL sessions). The stack trace is quite identical to posted earlier: #0 0x4402 in __kernel_vsyscall () #1 0x001fc1f8 in raise () from /lib/libc.so.6 #2 0x001fd948 in abort () from /lib/libc.so.6 #3 0x0023152a in __libc_message () from /lib/libc.so.6 #4 0x00237424 in _int_free () from /lib/libc.so.6 #5 0x0023795f in free () from /lib/libc.so.6 #6 0x4057d602 in CRYPTO_free (str=0x9dc98360) at mem.c:378 #7 0x405e84f5 in ERR_clear_error () at err.c:722 #8 0x403999ad in ssl3_connect (s=0xa0d6aa58) at s3_clnt.c:169 #9 0x403b06ac in SSL_connect (s=0xa0d6aa58) at ssl_lib.c:850 About 600 threads keep connecting to server in a cyclic manner. Thanks, Prabhu. S On 7/27/07, Darryl Miles [EMAIL PROTECTED] wrote: Prabhu S wrote: Hi David, I enabled the debug flags in the OpenSSL makefiles and recompiled for the libraries. The stack trace is obtained is as follows: #0 0x4402 in __kernel_vsyscall () #1 0x001fc1f8 in raise () from /lib/libc.so.6 #2 0x001fd948 in abort () from /lib/libc.so.6 #3 0x0023152a in __libc_message () from /lib/libc.so.6 #4 0x00237424 in _int_free () from /lib/libc.so.6 #5 0x0023795f in free () from /lib/libc.so.6 #6 0x4057b602 in CRYPTO_free (str=0x640f9c38) at mem.c:378 #7 0x405e64f5 in ERR_clear_error () at err.c:722 #8 0x403999ad in ssl3_connect (s=0x63e384c8) at s3_clnt.c:169 #9 0x403b06ac in SSL_connect (s=0x63e384c8) at ssl_lib.c:850 Does it indicate a OpenSSL problem?..I have dug the application code and so far appears it appears to be clean. It only indicate that OpenSSL was the user freeing the memory at the time glibc detected a problem. Glibc's detection of these problems is not fool proof, maybe you should look at valgrind (but dont forget to compile OpenSSL with -DPURIFY) before using the package. Darryl __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: RSA_public_decrypt problem
Same mistake as before: 119 means RSA_R_WRONG_SIGNATURE_LENGTH Frank Wockenfuß Perhaps you aren't using the same padding as the signature was made with? Perhaps what you have isn't really a signature at all. It's hard to say. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Cert Serial number
Hi,how do i convert ASN1_INTEGER to either an int or long.thanks ! _ See what you’re getting into…before you go there. http://newlivehotmail.com
Re: AW: AW: RSA_public_decrypt problem
Hello, I've tested it and it looks good. I get back the values I have set. Frank Wockenfuß -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Marek Marcola Gesendet: Mittwoch, 1. August 2007 11:18 An: openssl-users@openssl.org Betreff: Re: AW: RSA_public_decrypt problem Hello, It should be pRSA-n = BN_bin2bn( pPublicModulus, nPublicModulusLength, NULL ); e = pRSA-BN_bin2bn( pPublicExponent, nPublicExponentLength, NULL ); After that, you may try: bn_hex = BN_bn2hex(pRSA-n); printf(n: %s\n, bn_hex); free(bn_hex); bn_hex = BN_bn2hex(pRSA-e); printf(e: %s\n, bn_hex); free(bn_hex); to check that you have good big numbers. Best regards, -- Marek Marcola [EMAIL PROTECTED] Simple test program attached, hope this helps. Best regards, -- Marek Marcola [EMAIL PROTECTED] #include stdio.h #include string.h #include openssl/ssl.h #include openssl/rsa.h #include openssl/err.h #include openssl/rand.h #include openssl/bn.h int print_hex(unsigned char *buf, int len) { int i; int n; printf( ); for (i = 0, n = 0; i len; i++) { if (n 7) { printf(\n ); n = 0; } printf(0x%02x , buf[i]); n++; } printf(\n); return (0); } int log_ssl(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } return (0); } int main() { RSA *rsa_priv; RSA *rsa_pub; unsigned char enc_bin[1024]; int enc_len; unsigned char dec_bin[1024]; int dec_len; char N[] = { CB2DA098676495E3BEE8807573B658A3 }; char E[] = { 010001 }; char D[] = { AE6BB41341A75AF849C19ADD86E4C751 }; char P[] = { ECB6D81B9A287E2B }; char Q[] = { DBBB525D666C4B69 }; char DMP1[] = { 3381857C5C0ABB89 }; char DMQ1[] = { C11B735B5A343A61 }; char IQMP[] = { DECAD6D4EF77DE64 }; char msg[] = { xyz }; SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); RAND_load_file(/dev/urandom, 1024); if ((rsa_priv = RSA_new()) == NULL) { goto err; } if ((rsa_pub = RSA_new()) == NULL) { goto err; } /* load public key */ printf(public key parameters:\n); if (!BN_hex2bn(rsa_pub-n, N)) { goto err; } printf( N: %s\n, N); printf( n: %s\n, BN_bn2hex(rsa_pub-n)); if (!BN_hex2bn(rsa_pub-e, E)) { goto err; } printf( E: %s\n, E); printf( e: %s\n, BN_bn2hex(rsa_pub-e)); printf(public key size : %d bits\n, RSA_size(rsa_pub) * 8); /* load private key */ printf(private key parameters:\n); if (!BN_hex2bn(rsa_priv-n, N)) { goto err; } printf( N: %s\n, N); printf( n: %s\n, BN_bn2hex(rsa_priv-n)); if (!BN_hex2bn(rsa_priv-d, D)) { goto err; } printf( D: %s\n, D); printf( d: %s\n, BN_bn2hex(rsa_priv-d)); if (!BN_hex2bn(rsa_priv-e, E)) { goto err; } printf( E: %s\n, E); printf( e: %s\n, BN_bn2hex(rsa_priv-e)); printf(private key size: %d bits\n, RSA_size(rsa_priv) * 8); printf(clear data:\n); print_hex(msg, strlen(msg)); /* encrypt */ if ((enc_len = RSA_private_encrypt(strlen(msg), msg, enc_bin, rsa_priv, RSA_PKCS1_PADDING)) 0) { goto err; } printf(encrypted data:\n); print_hex(enc_bin, enc_len); /* decrypt */ if ((dec_len = RSA_public_decrypt(enc_len, enc_bin, dec_bin, rsa_pub, RSA_PKCS1_PADDING)) 0) { goto err; } printf(decrypted data:\n); print_hex(dec_bin, dec_len); return (0); err: log_ssl(); return (1); }
Re: Cert Serial number
Hello, how do i convert ASN1_INTEGER to either an int or long. WARNING: asn1 integers may be bigger than int or long! Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL
Hi, This looks more like a network issue than programming issue. The same server when tested from a different network, it works without problems. Warm Regards, Arun S. On 7/31/07, jimmy bahuleyan [EMAIL PROTECTED] wrote: Arun Singarajipura wrote: Hi, Thanks for the reply. I used WSAGetLastError() just after SSL_read() and the result of this is *Read failed with error 10054: An existing connection was forcibly closed by the remote host.* well if the remote side is also your code, you could try debugging/finding why it closed the connection. you could also try setting the info callback to see what is happening inside the SSL connection (SSL_CTX_set_info_callback()). Hi, Arun Singarajipura wrote: Hi All, we are working on client - server architecture. We are using openssl for communication. My problem is that - while transferring data, SSL_read() always fails (after transferring few KB of data). The follwoing error is returned - -- SSL_read() returns SSL_ERROR_SYSCALL error:0005:lib(0):func(0):DH lib --- In that case you better check what errno has. That can give you a better idea of what went wrong. (although i don't know why that DH lib is present above. I don't think DH is involved in any SSL read/write unless your handshake isn't over and your SSL_read() is in fact completing the handshake). This always happens between data transfer. Here's the code snippet gSSL = SSL_new(ctx); SSL_set_fd(gSSL, m_Socket); result = SSL_connect(gSSL); //Get certificate ** the following piece of code is giving problem ret=select(1,sckt,NULL,NULL, timeout); check what 'ret' is. ERR_clear_error(); ret = SSL_read(gSSL,buffer,size); check errno here if you get a SSL_ERROR_SYSCALL. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]