RE: OpenSSL version 3.1.0-alpha1 published
The changes show a jump from 3.0 to 3.2 https://github.com/openssl/openssl/blob/master/CHANGES.md smime.p7s Description: S/MIME cryptographic signature
RE: RSA and DES encryption and decryption with C++ on Windows
Anyway, I'm trying to encrypt/decrypt using RSA and DES schemes. I've tried some of the older code examples I could find, but some of the functions weren't recognized by my header files. [kgold] You cannot encrypt long streams with RSA. DES is deprecated. Can anyone help me with this? I want to encrypt fairly long strings. A few hundred bytes or so. Maybe longer. If I can do a continuous stream of blocks that would be great, as well. [kgold] Post a short example that did not work.
RE: EVP_PKEY_get_int_param is not getting degree from EC key -> man page use of integer for BIGNUM
> From: openssl-users On Behalf Of > Blumenthal, Uri - 0553 - MITLL > Sent: Wednesday, January 5, 2022 6:41 PM > To: Dr Paul Dale ; openssl-users@openssl.org > Subject: [EXTERNAL] Re: EVP_PKEY_get_int_param is not getting degree from > EC key > > The problem that I see is that there's a set of parameters (such as > OSSL_PKEY_PARAM_EC_COFACTOR), not described in the man pages, with > under-specified type. > E.g., how is one to know where's "normal" ~~sloppiness~~ imperfection in > writing, and where "unsigned integer" truly means 'NOT C type "unsigned int"', > especially since it's all in a C API description (so one tends to expect C > types, > unless CLEARLY stated otherwise)? > > Beneficial - would be a man page that lists these parameters, their types, and > the appropriate method for retrieving them (e.g., EVP_PKEY_get_int_param() > or EVP_PKEY_get_bn_param()). > > I support specifying the type in the comments as "unsigned BIGNUM" over > "just adding a note". > > I like this suggestion. I had the same issue with https://www.openssl.org/docs/man3.0/man7/EVP_PKEY-EC.html which uses 'unsigned integer' to mean a BIGNUM. https://www.mail-archive.com/openssl-users@openssl.org/msg90149.html The C language uses 'integer' to mean a basic type of various lengths - 8,16,32, etc bot surely not a structure or pointer. https://www.gnu.org/software/libc/manual/html_node/Integers.html I think integer has a common enough understanding in C that OpenSSL should use a different term for a BIGNUM.
Documentation on openssl 1.0.2 / FIPS module version support for PPC LE
> From: "Bhadri Madapusi" > > Is there any documentation on which version of openssl are supported > on PPC LE. I am trying to figure out which version of 1.0.2 source > and FIPS module to use to compile my nginx with openssl and FIPS. Thank you. Not documentation, but my power machines run OpenSSL 1.1.111 Sep 2018 OpenSSL 1.1.0f-fips 25 May 2017 OpenSSL 1.1.0i-fips 14 Aug 2018 OpenSSL 1.1.1i FIPS 8 Dec 2020
RE: Random and rare Seg faults at openssl library level
From: Gimhani Uthpala To: Ken Goldman Cc: openssl-users@openssl.org Date: 01/07/2021 05:53 PM Subject:[EXTERNAL] Re: Random and rare Seg faults at openssl library level I only have this 1.0.2.k-fips one version installed in both compiling and running machines. However, I am compiling the application in RH7.4 and running in RH7.8 linking to openssl library dynamically. I assume no issue with that as I am using the same version of openssl in both. You are having a problem, and that is a typical cause. Try compiling and running on the exact same OS. If you installed openssl yourself, not using the RHEL yum installer, I would expect random and rare issues.
Re: Compiling OpenSSL shared libraries with custom name on Unix platforms
> From: shivaramakrishna chakravarthula > > Is it possible to compile OpenSSL shared libraries with custom > names on Linux/ Unix platforms to avoid conflicts with installed > OpenSSL libraries? > I have tried to modify the SHLIB_EXT in Configure script but it is > not working. I am sure it is a common problem and someone in this > group can help. If this is just for local testing, I typically build but don't install. By changing my paths, I can use the local copy. If you're sure you have ABI compatibility, could you manually copy and rename the .so files to /usr/include, /usr/local/include or equivalent?
Re: get data from X509_EXTENSION in openSSL 1.1.1.
> From: prudvi raj > To: openssl-users@openssl.org > Date: 07/10/2020 07:55 AM > Subject: [EXTERNAL] get data from X509_EXTENSION in openSSL 1.1.1. > Sent by: "openssl-users" > > Hi All, > > we are upgrading our codebase to 1.1.1 from 1.0.2k.Here's a code > snippet causing error : > > ext = X509_get_ext(X509, n); > data = ext->value->data; > > How do i get the data value from X509_EXTENSION object. > since forward declarations are not allowed (compiler error) & i > couldn't find a suitable 'getter' function. > Can someone please help me out in resolving this issue.?? This may work: ASN1_BIT_STRING *keyUsage = X509_get_ext_d2i(X509Certificate, NID_key_usage, NULL, NULL); uint8_t bitmap = bitmap = keyUsage->data[0]; keyEncipherment = bitmap & (1<<5); /* bit 2 little endian */
RE: SOLVED: Force use of engine all the time
From: Frederick Gotham To: openssl-users@openssl.org Date: 11/07/2019 10:39 AM Subject:[EXTERNAL] Re: SOLVED: Force use of engine all the time Sent by:"openssl-users" Frederick Gotham wrote: > I don't think any code other than "libcrypto.so" is using the TPM2, and so > I don't know why I'm getting "device or resource busy" (considering I'm > using a global named mutex)". I see that there's also a TPM2 tcti called > "abrmd", and I'm not sure if this purpose is exactly what it's for. Just FYI, abrmd was a TPM 2.0 user space resource manager, similar to the TPM 1.2 tcsd. Recent Linux kernels have a kernel driver resource manager at /dev/tpmrm0 that removes the need for a user space daemon. /dev/tpmrm0 supports multiple opens and does the swapping and scheduling. /dev/tpm0 is the original single open entry point, and would not normally be used.
Re: Issue in linking Openssl1.1.1b to application
> From: vin > To: openssl-users@openssl.org > Date: 05/10/2019 12:44 AM > Subject: Re: Issue in linking Openssl1.1.1b to application > Sent by: "openssl-users" > > Hi Ken > > I am almost struck in registering the built dll to windows 7 32 bit machine. > > Can you provide me the details on which all openssl1.1.1b output lib files > and output dll files that needs to be linked to any application while > building in visual studio?? With mingw, I specify this to the linker c:/program files/openssl/lib/mingw/libcrypto-1_1.a In Visual Studio, Linker - Input - Additional Dependencies: libcrypto32mdd.lib Linker - General - Additional Library Directory: c:\program files\openssl \lib\vc However, it sounded like you were linking correctly, but Windows could not find the dll at runtime. That points to a PATH issue. > > Or any steps needs to be added while building openssl1.1.1b,I am following > the steps below > Windows 32-bit >1. perl Configure VC-WIN32 >2. nmake >3. nmake test >4. nmake install I don't build myself. I use Shining Light: http://slproweb.com/products/Win32OpenSSL.html
Re: Issue in linking Openssl1.1.1b to application
> From: vin > To: openssl-users@openssl.org > Date: 05/09/2019 01:24 PM > Subject: Re: Issue in linking Openssl1.1.1b to application > Sent by: "openssl-users" > > Hi Ken > > Thanks for the reply.If I am not wrong ,You are asking me to set the path of > the dll in set path environment variable in testing machine (windows 7 32 > bit) right?? Right. In the PATH environment variable. > > But the issue is if same dll built with openssl0.9.8k is registering > properly in same test machine. If 098 used the Shining Light installer, I recall that there was/is an option to install the dlls in the system area or not. Perhaps you installed 098 in the system area but not 111. > After replacing openssl libraries by openssl1.1.1b I am facing this issue.So > I guess building dll using visual studio 2008 is missing some steps . Oh, wait!!! I didn't notice that you're building openssl yourself. I've always used Shining Light. So it could be a problem in the way they're being build. > Can you please help me further?? Sure. I have 1.1 working with Visual Studio, although I still can't get 1.1 64-bit working with mingw.
RE: Using (not building) openssl with mingw on Windows 10
> From: Michael Wojcik > Without picking at the problem files myself, not really. It's > probably something that will be fairly obvious in retrospect but I'm > not seeing it from here. > > The import libraries (I'm assuming libssl.lib is one as well, on > your system) basically tell the linker "for this symbol, insert a > runtime load reference to this DLL". The Cygwin nm can display the > symbols in an import library; I don't remember if MingW includes nm, > or know if it understands import libraries. > > So well-formed import versions of libcrypto.lib and libssl.lib > should name all the public OpenSSL symbols, and you shouldn't get > resolution errors when linking against them. You might well get > resolution errors at runtime, if the corresponding DLLs can't be > found; but not a link time. Here's a new attempt. I added -lcrypto. I also added -L and the path to libcrypto.lib. The error makes sense because -lcrypto should search for libcrypto.a, and there is none in the Shining Light build. I also tried pointing directly to "c:/program files/openssl64/lib/libcrypto.lib", but the link failed. ~~ "c:/program files/mingw/bin/gcc.exe" -D_MT -DTPM_WINDOWS -I. -shared -o libibmtss.dll tssfile.o tsscryptoh.o tsscrypto.o tssprintcmd.o tss.o tssproperties.o tssmarshal.o tssauth.o tssutils.o tsssocket.o tssdev.o tsstransmit.o tssresponsecode.o tssccattributes.o tssprint.o Unmarshal.o CommandAttributeData.o tss20.o tssauth20.o Commands.o ntc2lib.o tssntc.o \ -Wl,--out-implib,libibmtss.a -L"c:/program files/openssl64/lib" -lcrypto "c:/program files/MinGW/lib/libws2_32.a" c:/program files/mingw/bin/../lib/gcc/mingw32/6.3.0/../../../../mingw32/bin/ld.exe: cannot find -lcrypto
Re: ECC keypair generation with password
> From: Viktor Dukhovni > > > > In the script, I used this: > > > > openssl ec -aes128 -passout pass: -in tmpecprivkeydec.pem > -out tmpecprivkey.pem > > I try to avoid putting sensitive information in command-line arguments. > > If you're using "bash" (which has "printf" as a built-in) you could use: > >-passout file:<(printf "\n") > > which does not create any processes with the password in the argument vector. > Example: > > $ openssl enc -aes128 -pass file:<(printf "\n") < enc -d -aes128 -pass file:<(printf "\n") > > foobar > > EOF > foobar Understood, but this is just for a regression test script. Thanks.
[openssl-users] I failed to add a git pull request for openssl
What is the process for adding a pull request to an openssl branch? I tried from the web site, selecting 102stable and clicking 'new pull request'. It uploaded but said "kgoldman wants to merge 4,027 commits into master from OpenSSL_1_0_2-stable". I wanted to push one patch to 102stable. The status says "closed", presumably because I did something wrong. However, it also says 'approved'. ~ openssl-dev seems to be closed now. I will post the patch to this list. Can a developer pick it up? -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Openssl 1.1 RSA_get0_key() documentation -> needs-cla
"openssl-users"wrote on 07/31/2017 09:20:59 AM: > From: Matt Caswell > To: openssl-users@openssl.org > Date: 07/31/2017 09:21 AM > > Click "New Issue" on this page: > > https://github.com/openssl/openssl/issues > > You'll need a github user id. > > > > > I'd also be willing to help with documentation, if that's possible. > > It is possible. Make the relevant changes (file > doc/man3/RSA_get0_key.pod) in a recent checkout of master and then > create a github pull request: > > https://github.com/openssl/openssl/pulls I have an ID, but the pull request is marked needs-cla. How do I sign it? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Openssl and floating point
We have a platform that does not support floating point operations. We discovered that openssl uses floating point in the random number generator. Is there any build or compile time flag that uses an alternative to floating point? -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: What does RSA_public_encrypt use for hash and mgf
The documentation says: RSA_PKCS1_OAEP_PADDING EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty encoding parameter. This mode is recommended for all new applications. -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) From: Dereck Hurtubise djhurtub...@gmail.com To: openssl-users@openssl.org Date: 12/12/2013 07:55 AM Subject:What does RSA_public_encrypt use for hash and mgf Sent by:owner-openssl-us...@openssl.org Can someone tell me what hash algorithm the RSA_public_encrypt function uses? Is this SHA1 only for both? Dereck
Re: openssl RSA_sign() and Java verify how
I'd suggest as a next step to see if you're using the same public key for both the Java and openssl verify. After that, the next step would be, in Java, to do a raw public key operation and examine the result. That will tell you whether it's the public key, the padding, the OID, or the hash that has the problem. -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) From: R Redpath/Raleigh/IBM@IBMUS To: openssl-users@openssl.org, Date: 10/30/2012 04:59 PM Subject:openssl RSA_sign() and Java verify how Sent by:owner-openssl-us...@openssl.org I am using openssl to create a signature for a file contents and use openssl to verify the contents using the signature file. The public key is from an x509 cert. All works great. I need to verify a file contents using Java. So I have written a sample Java application and it returns false and should return true. I use the same artifacts as I did for the openssl. I think the saved binary file of the signature may need some conversion for Java but thats my guess? The computed SHA1 for the message digest by openssl and by Java are the same. So thats a good start. The Java Application is enclosed below. Basically 1 open the x509 and extract the public key. 2 read the contents of the file and make a SHA1 message digest 3 read the binary signature file 4 check signature against message digest using public key.
Re: Parsing X509 certificate subjectAltName
If I shouldn't use GEN_IPADD, what should I use? The goal is to extract the text value associated with several OIDs. dumpasn1 says the values are PrintableString. -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org, Date: 09/11/2012 06:49 PM Subject:Re: Parsing X509 certificate subjectAltName Sent by:owner-openssl-us...@openssl.org On Tue, Sep 11, 2012, Charles Mills wrote: { case GEN_DNS: case GEN_URI: case GEN_IPADD: ASN1_STRING_to_UTF8(pBuffer, pName-d.ia5); b = isWildcardedCNcompare(reinterpret_castchar *(pBuffer), nodeName); Don't do that with the GEN_IPADD: it isn't an IA5String it is an OCTETSTRING representing the IP address in a format described by RFC3280 et al. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Parsing X509 certificate subjectAltName
I'm 90% deep into parsing an X509 certificate, but I can't find sample code for the last piece. I found the extension, and located the ASN1_OBJECT with nid 85, OID 2.5.29.17, the subjectAltName. From the dumpasn output, I see that this is an octet string of a sequence, etc. I have to pull out the three OIDs '2.23.133.2. [1, 2, and 3]' which are presumably in the ASN1_OBJECT. Can anyone point me to sample code or a hint? ~~ 515 3: . . . . . OBJECT IDENTIFIER subjectAltName (2 5 29 17) : . . . . . . (X.509 extension) 01 01 FF 520 1: . . . . . BOOLEAN TRUE 04 4A 30 48 A4 46 30 44 31 42 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 523 74: . . . . . OCTET STRING, encapsulates { 30 48 A4 46 30 44 31 42 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 35 37 525 72: . . . . . . SEQUENCE { A4 46 30 44 31 42 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 35 37 34 35 527 70: . . . . . . . [4] { 30 44 31 42 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 35 37 34 35 34 33 529 68: . . . . . . . . SEQUENCE { 31 42 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 35 37 34 35 34 33 30 30 531 66: . . . . . . . . . SET { 30 14 06 05 67 81 05 02 01 13 0B 69 64 3A 35 37 34 35 34 33 30 30 533 20: . . . . . . . . . . SEQUENCE { 06 05 67 81 05 02 01 535 5: . . . . . . . . . . . OBJECT IDENTIFIER '2 23 133 2 1' 13 0B 69 64 3A 35 37 34 35 34 33 30 30 542 11: . . . . . . . . . . . PrintableString 'id:57454300' : . . . . . . . . . . . } 30 18 06 05 67 81 05 02 02 13 0F 4E 50 43 54 34 32 78 2F 4E 50 43 54 35 555 24: . . . . . . . . . . SEQUENCE { 06 05 67 81 05 02 02 557 5: . . . . . . . . . . . OBJECT IDENTIFIER '2 23 133 2 2' 13 0F 4E 50 43 54 34 32 78 2F 4E 50 43 54 35 30 78 564 15: . . . . . . . . . . . PrintableString 'NPCT42x/NPCT50x' : . . . . . . . . . . . } 30 10 06 05 67 81 05 02 03 13 07 69 64 3A 30 33 39 31 581 16: . . . . . . . . . . SEQUENCE { 06 05 67 81 05 02 03 583 5: . . . . . . . . . . . OBJECT IDENTIFIER '2 23 133 2 3' 13 07 69 64 3A 30 33 39 31 590 7: . . . . . . . . . . . PrintableString 'id:0391' : . . . . . . . . . . . } : . . . . . . . . . . } : . . . . . . . . . } : . . . . . . . . } : . . . . . . . } : . . . . . . } : . . . . . } -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415)
Re: asn1 parsing tutorial
The piece that openssl doesn't handle is the rsaOAEP OID for the public key. Here's a typical certificate dump. I'm trying to extract the public modulus. 158 74: . . . SEQUENCE { 160 9: . . . . OBJECT IDENTIFIER rsaOAEP (1 2 840 113549 1 1 7) : . . . . . (PKCS #1) 171 61: . . . . SEQUENCE { 173 11: . . . . . [0] { 175 9: . . . . . . SEQUENCE { 177 5: . . . . . . . OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : . . . . . . . . (OIW) 184 0: . . . . . . . NULL : . . . . . . . } : . . . . . . } 186 24: . . . . . [1] { 188 22: . . . . . . SEQUENCE { 190 9: . . . . . . . OBJECT IDENTIFIER pkcs1-MGF (1 2 840 113549 1 1 8) : . . . . . . . . (PKCS #1) 201 9: . . . . . . . SEQUENCE { 203 5: . . . . . . . . OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : . . . . . . . . . (OIW) 210 0: . . . . . . . . NULL : . . . . . . . . } : . . . . . . . } : . . . . . . } 212 20: . . . . . [2] { 214 18: . . . . . . SEQUENCE { 216 9: . . . . . . . OBJECT IDENTIFIER : . . . . . . . . rsaOAEP-pSpecified (1 2 840 113549 1 1 9) : . . . . . . . . (PKCS #1) 227 5: . . . . . . . OCTET STRING 54 43 50 41 00 TCPA. : . . . . . . . } : . . . . . . } : . . . . . } : . . . . } 234 271: . . . BIT STRING, encapsulates { 239 266: . . . . SEQUENCE { 243 257: . . . . . INTEGER : . . . . . . 00 FB FD F9 09 63 15 A4.c.. : . . . . . . 62 5F 79 C7 A9 E2 F8 FFb_y. : . . . . . . B4 C9 68 2F 32 F0 D4 3A..h/2..: : . . . . . . 78 AF A3 51 D1 95 DF E3x..Q [snip many lines of public modulus] : . . . . . . 93 05 99 B3 0C 4C B7 FA.L.. : . . . . . . C4 36 BB 52 D1 B6 D5 9E.6.R : . . . . . . D7 . 504 3: . . . . . INTEGER 65537 : . . . . . } : . . . . } : . . . } -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415) From: Peter Sylvester peter.sylves...@edelweb.fr To: Cc: Kenneth Goldman/Watson/IBM@IBMUS Date: 09/05/2012 02:09 AM Subject:Re: asn1 parsing tutorial On 09/04/2012 10:47 PM, Ken Goldman wrote: Is there any tutorial or other documentation on how to use the openssl asn1 parsing C functions? That is, not the command line. The man pages are empty. I found that the asn1parse command line utility works, but the asn1pars.c code is completely uncommented. It will be a chore to reverse engineer it with a debugger. ~~ Use case: I have to parse a non-standard X.509 certificate that openssl cannot handle at a higher level. I think I have to parse at a low level and pull out the data I need. Any better ideas? give more details about what you mean by non-standard x509? are you talking about an non recognized extension for example? or just show an example and what you want to extract. /P
X509 certificate algorithm
I call these: d2i_X509() X509_print_fp() which calls pkey_set_type() EVP_PKEY_asn1_find() and that call fails. I've traced the following error down to the rsaOAEP algorithm, which has a nid of 919. I've included both the openssl and dumpasn1 dump of the X509 certificate. Am I doing something wrong in openssl, or is there a problem with the certificate? I tried certificates from two vendors, and they both fail at the same point. X509_print_fp() gives Subject Public Key Info: Public Key Algorithm: rsaesOaep Unable to load Public Key 140243704706728:error:0609E09C:lib(6):func(158):reason(156):p_lib.c:239: 140243704706728:error:0B07706F:lib(11):func(119):reason(111):x_pubkey.c:155: ~~ dumpasn1 gives () 152 0: . . SEQUENCE {} 154 351: . . SEQUENCE { 158 74: . . . SEQUENCE { 160 9: . . . . OBJECT IDENTIFIER rsaOAEP (1 2 840 113549 1 1 7) : . . . . . (PKCS #1) 171 61: . . . . SEQUENCE { 173 11: . . . . . [0] { 175 9: . . . . . . SEQUENCE { 177 5: . . . . . . . OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : . . . . . . . . (OIW) 184 0: . . . . . . . NULL : . . . . . . . } : . . . . . . } 186 24: . . . . . [1] { 188 22: . . . . . . SEQUENCE { 190 9: . . . . . . . OBJECT IDENTIFIER pkcs1-MGF (1 2 840 113549 1 1 8) : . . . . . . . . (PKCS #1) 201 9: . . . . . . . SEQUENCE { 203 5: . . . . . . . . OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : . . . . . . . . . (OIW) 210 0: . . . . . . . . NULL : . . . . . . . . } : . . . . . . . } : . . . . . . } 212 20: . . . . . [2] { 214 18: . . . . . . SEQUENCE { 216 9: . . . . . . . OBJECT IDENTIFIER : . . . . . . . . rsaOAEP-pSpecified (1 2 840 113549 1 1 9) : . . . . . . . . (PKCS #1) 227 5: . . . . . . . OCTET STRING 54 43 50 41 00 TCPA. : . . . . . . . } : . . . . . . } : . . . . . } : . . . . } 234 271: . . . BIT STRING, encapsulates { 239 266: . . . . SEQUENCE { 243 257: . . . . . INTEGER : . . . . . . 00 FB FD F9 09 63 15 A4.c.. : . . . . . . 62 5F 79 C7 A9 E2 F8 FFb_y. : . . . . . . B4 C9 68 2F 32 F0 D4 3A..h/2..: : . . . . . . 78 AF A3 51 D1 95 DF E3x..Q : . . . . . . 83 BE BF 74 D2 61 03 F6...t.a.. : . . . . . . 82 8C D6 3C C6 86 1A 73..s : . . . . . . 09 5A A5 9E 5D 1B D6 D8.Z..]... : . . . . . . 72 50 BE 02 D7 0A 8B 8CrP.. : . . . . . . BC BF 92 CF 7D 25 62 E0}%b. : . . . . . . D5 96 4D 04 96 95 83 24..M$ : . . . . . . A5 23 1E 10 21 06 16 06.#..!... : . . . . . . BF 33 99 F7 D1 F0 BF 18.3.. : . . . . . . 7C B3 1E B6 D2 20 F6 DF| .. : . . . . . . 09 52 F5 2C 3E D0 2D 82.R.,.-. : . . . . . . D8 AB A6 6A 34 73 8E 9E...j4s.. : . . . . . . D8 B7 7B 4B 5F DE 4B 9F..{K_.K. : . . . . . . 31 4A 7D C4 EC 81 EC 231J}# : . . . . . . 79 AD E4 78 DA 52 41 BBy..x.RA. : . . . . . . 03 6B 1A 3F 9C A6 E5 7F.k.? : . . . . . . 3F B9 62 03 55 01 E7 44?.b.U..D : . . . . . . C9 88 B5 90 A8 CE 3E E3... : . . . . . . 62 D2 34 56 E8 02 C2 F4b.4V : . . . . . . 09 4E 58 71 32 29 D4 DF.NXq2).. : . . . . . . 05 8B 37 58 06 66 9A 91..7X.f.. : . . . . . . 1A 20 B2 3A 0A 5F 35 F2. .:._5. : . . . . . . 9E 7A 39 79 EA 97 1D B0.z9y : . . . . . . 39 2B AA 93 BB 94 8F 159+.. : . . . . . . 30 03 C5 38 28 53 1D 610..8(S.a : . . . . . . 3E EB AB 3B E7 98 96 A1..; : . . . . . . D2 35 0E 3D 37 26 F9 D0.5.=7.. : . . . . . . 93 05 99 B3 0C 4C B7 FA.L.. : . . . . . . C4 36 BB 52 D1 B6 D5 9E.6.R : . . . . . . D7 . 504 3: . . . . . INTEGER 65537 : . . . . . } : . . . . } : . . . } -- Ken Goldman kgold...@us.ibm.com 914-784-7646 (863-7646)
Re: Custom free routine is invoked with NULL argument in openssl 1.0.1
From: Jakob Bohm jb-open...@wisemo.com Which version of the ANSI Spec, and where did you get a copy? I have to rely on secondary sources and experience using various implementations that claim conformance. I generally refer to Plauger's The Standard C Library, where he quotes the spec with commentary and implementation. Plauger was a co-author of the standard. Google finds this copy of the spec: http://flash-gordon.me.uk/ansi.c.txt Even KR say free(NULL) is a noop.
Re: weak key check?
From: John Hascall j...@iastate.edu To: openssl-users@openssl.org, Date: 02/16/2012 09:54 AM Richard writes: Well, seeding the PRNG correctly seems not to be a trivial task, Which is really sad, because you can buy a hardware RNG for diddly-squat these days, for example http://www.entropykey.co.uk/ Many laptops and desktops and some servers now come with a TPM chip, a free source of hardware random numbers.
Re: Separating the digest and signature steps of RSA signing
From: Peter Eckersley peter.eckers...@gmail.com To: openssl-users@openssl.org, Date: 01/26/2012 04:42 PM Subject: Separating the digest and signature steps of RSA signing I have an offline system that needs to compute RSA signatures over large blobs of data, given only hashes of the data as input and not the entire blobs (something like the NONEwithRSA algorithm in Java's RSA implementation http://www.docjar.com/docs/api/sun/security/mscapi/RSASignature.html) Is there any way to do that with openssl? Yes. - start with the hash - prepend the OID of your choice - prepend the desired padding if it's not supported, or RSA_padding_add_PKCS1_type_1(), etc. - RSA_private_encrypt(RSA_NO_PADDING)
Re: 100 bits of entropy with FIPS/EAL4 certified hw RNG?
From: Magosányi Árpád m...@magwas.rulez.org To: openssl-users@openssl.org, Date: 01/18/2012 03:38 AM Subject: 100 bits of entropy with FIPS/EAL4 certified hw RNG? 1. (yes, I realise that RTFM, but which one?): The openssl crypto library manual. How should I/can I seed 100 bits of entropy into the openssl-fips RNG? What is the function call for this? RAND_add()
Re: openssl and SHA256
From: Scott Wilson excell...@hotmail.com Date: 01/18/2012 01:52 PM Does openssl support SHA256? Yes If SHA256 is supported, how do I get it to work? Thanks!! SHA256_Init/Update/Final()
Re: decrypt with a public key
When you use public key algorithms: You encrypt with the recipient's public key and the recipient decrypts with their private key. You sign with your private key and the recipient verifies with your public key. owner-openssl-us...@openssl.org wrote on 12/28/2011 01:43:17 PM: From: Ireneusz Szcześniak irek.szczesn...@gmail.com To: openssl-users@openssl.org, Date: 12/28/2011 01:45 PM Subject: Re: decrypt with a public key Sent by: owner-openssl-us...@openssl.org Thank you, Steve, for your post. Let me explain what I'm trying to do. In the public key cryptography: message = Dprv(Epub(message)) = Dpub(Eprv(message) D stands for decrypt, E for encrypt prv - private key, pub - private key And so I tried to do this with the openssl command. On 28.12.2011 18:28, Dr. Stephen Henson wrote: On Wed, Dec 28, 2011, Ireneusz Szcze??niak wrote: Hi, In public key cryptography, a message encrypted with a private key can be decrypted with a public key, and so I tried: openssl rsautl -encrypt -inkey private-key -in message -out cryptogram openssl rsautl -decrypt -inkey public-key -pubin -in cryptogram The problem is that the second command gives me: A private key is needed for this operation Why can't one decrypt with a public key? I do realize that I can convince the recipient of the message that the message is indeed mine by signing the message. Try the -sign and -verify options instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Ireneusz (Irek) Szczesniak http://www.irkos.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Is there another way to load RSA public than from a file?
From: Väinö Leppänen narcomaco...@gmail.com Date: 10/21/2011 03:27 AM I'm just starting with openssl and public key encryption. I'm trying to encrypt certain knowledge in a C++ application, and I already have a working code but functions such as PEM_read_RSA_PUBKEY read the public key data from a file. The natural workaround of course is to implant the public key in a header and write it to a temporary file at runtime and then load it to the RSA- structure. Is there a way to load the header data directly to the RSA- structure? Do I understand that you have a raw public key as a byte array in a header, and you want to create the RSA structure from it? If so: RSA_new() BN_bin2bn(n) convert public modulus to bignum BN_bin2bn(e) convert exponent to bignum RSA-n = n bignum RSA-e = e bignum
Re: Problem with signature verification on microchip embedded controller
Yes, you can verify 'by hand' by doing the raw public key operation, stripping off the padding and OID (what you call the asn1 formatting), and then comparing the hashes. When you say this is what I got from the PIC controller, I assume you mean the result of applying the public key to the signature. Since you don't see the obvious 00 01 ff ... padding, there are three possibilities: - you're using the wrong public key, or it got altered, or it's in the wrong format for the crypto library - you're using the wrong signature, or it got altered - the raw public key operation isn't working correctly, or you called it incorrectly It's not a hashing issue, since you don't see the padding. From: TSCOconan chu...@tsco.ca To: openssl-users@openssl.org, Date: 10/18/2011 03:03 PM Subject: Problem with signature verification on microchip embedded controller Sent by: owner-openssl-us...@openssl.org Hi, I'm trying to implement certificate signature verification (certificates are generated and signed using OpenSSL) on a Microchip pic controller. The Microchip PIC controller doesn't support OpenSSL libraries, but it does have an encryption/decryption function. I was successful in getting a SSL connection between PIC controller and a web server. My next step is to setup signature verification on the PIC controller. After reading PKCS#1 V2.1 RSA Cryptography Standard (http://www.rsa.com/rsalabs/node.asp?id=2125) I realized that encryption is essentially the same as signature verification and decryption is the same as signing. More specifically both encryption and verification uses the public key and the following formula: m = s^e mod n. Where s is the signature or the message, e is the public exponent, n is the modulus and m is the encrypted message or decoded signature. Therefore, I'm trying to use the encryption algorithm provided to perform signature verification. In order to verify the certificate, I generate the SHA1 hash of the certificate; Decode signature using CA's public key and encryption algorithm. Remove the padding from the decoded signature, the result hash should be equal to the SHA1 hash of the certificate. However, I cannot get the two hash values to be equal. I tried to verify my assumption and PIC controller results using OpenSSL command line. openssl rsautl -in signature.txt -verify -asn1parse -inkey pubkey.pem -pubin db e8 c6 cb 78 19 3c 0f-fd 96 1c 4f ed bd b2 34 45 60 bf 65 this matches the hash value I'm getting from PIC controller openssl rsautl -verify -in signature.txt -inkey pubkey.pem -pubin -raw -hexdump 00 01 ff ff ff ff ff ff-ff ff ff ff 00 30 21 30 09 06 05 2b 0e 03 02 1a-05 00 04 14 db e8 c6 cb 78 19 3c 0f fd 96 1c 4f-ed bd b2 34 45 60 bf 65 I believe this is what I should get after decoding the signature. After removing ff paddings I'll end up with asn1 format of the certificate hash. However this is what I got from the PIC controller which is much different 8e fb 62 0e 09 c8 0b 49 40 1f 4d 2d a7 7d d6 8c 9b bc 95 e6 bc 98 4b 96 aa 74 e5 68 90 40 bf 43 b5 c5 02 6d ab e3 ad 7b e6 98 fd 10 22 af b9 fb This is my signature 7951 9b3d 244a 37f6 86d7 dc02 dc18 3bb4 0f66 db3a a3c1 a254 5be5 11d3 a691 63ef 0cf2 ec59 c48b 25ad 8881 9ed2 5230 bcd6 This is my public key (I'm using a very small key just for testing, will make it larger once everything works) 96 FE CB 59 37 AE 8C 9C 6C 7A 01 50 0F D6 4F B4 E2 EC 45 D1 88 4E 1F 2D B7 1E 4B AD 76 4D 1F F1 B0 CD 09 6F E5 B7 43 CA F8 14 FE 31 B2 06 F8 7B Exponent is 01 00 01 I'm wondering are my assumptions wrong that I cannot use encryption algorithm for decoding signature? or I'm doing something else wrong. Thank you for any help.
Re: Openssl version compatibility [0.9.8r vs. 1.0.0e]
From: Hasan Rezaul-CHR010 rezaul.ha...@nsn.com To: openssl-users@openssl.org, Date: 10/19/2011 12:44 PM Subject: Openssl version compatibility [0.9.8r vs. 1.0.0e] Sent by: owner-openssl-us...@openssl.org We have a bunch of Linux Boxes (Clients) that would run openssl 0.9.8r. We will have a Solaris box (CA Server), that would run openssl 1.0.0e Is there any compatibility problems that we would need to be concerned about ? Is there any difference in functionality that could give rise to unexpected problems ? It likely depends on the functions you're using. I use AES, RSA, and SHA and it works without source modification. I strongly advise recompiling - even for letter changes.
Re: Why RSA considers Hash algorithm
I think it's because RSA adds an object identifier (OID) to the hash before padding and signing. The OID describes the hash algorithm. ECDSA apparently doesn't do that. I don't know DSA, but perhaps it's the same. From: Lucas Martins lucasgm...@gmail.com To: openssl-users@openssl.org Date: 09/28/2011 06:31 PM Subject: Why RSA considers Hash algorithm Sent by: owner-openssl-us...@openssl.org I was looking libcrypto code, and found that DSA_sign and ECDSA_sign ignore hash algorithm while RSA_sign do not. Are there any reason for this?
Re: Error While Signature verification ..
A failed signature verification can have many causes. E.g., - bad digest - bad signature - bad public key - bad OID I debug by doing a raw public key operation on the signature. If you see obvious padding and a good OID, and the digest doesn't match, then you have to debug why the hash that was signed is different from the hash that was verified. If you see random data, no padding, then either the signature was altered (unlikely) or the public key used for verification does not match the private key used for signing (likely). Hint: While you can do cool things with C, combining a function call and two compares within an if statement is poor style when you have to debug. Split the line into 3 so you can determine where the error is. owner-openssl-us...@openssl.org wrote on 09/22/2011 09:19:07 AM: From: brajan balamurugan@gmail.com To: openssl-users@openssl.org Date: 09/22/2011 09:22 AM Subject: Error While Signature verification .. Sent by: owner-openssl-us...@openssl.org hi i am using openssl 0.9.8g version to verify the Java signed message. while verifing i got bad signature error how ever the same signature is verified in the Java correctlu ... erro occur in if (((unsigned int)sig-digest-length != m_len) || (memcmp(m,sig-digest-data,m_len) != 0)) { RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); } else ret=1; why this error occuring .and how to over come this error
FIPS vs ECDSA
I have a preinstalled Linux OpenSSL package, where openssl version says OpenSSL 1.0.0-fips 29 Mar 2010. I have the development libraries, but ECDSA headers like e.g., ecdsa.h are missing. In the library, I don't see e.g., EC_KEY_new(). Is this expected? Do I have a fips build? Is ECDSA missing from the FIPS build? Or is there simply something wrong with my package? -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Compiling for 32-bit on 64-bit Linux
I'm trying to compile a 32-bit openssl 1.0.0d on Intel 64-bit Linux RHEL 6.1. This was the only combination of many I tried that seems to work. Was I right? Was there a better way? ./Configure linux-generic32 -shared -m32 -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Re: out range error compiling fips 1.2.3
Replies below. But the meta-question is does there exist step by step instructions for compiling the openssl FIPS module. It seems odd that this is supposed to be so strict, yet the process seems to be to google around and try various options until something works. From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Date: 09/09/2011 09:45 AM Subject: Re: out range error compiling fips 1.2.3 Sent by: owner-openssl-us...@openssl.org On Thu, Sep 08, 2011, Kenneth Goldman wrote: I'm getting this error compiling openssl-fips-1.2.3.tar.gz, which seems to be the latest. It seems to be well known on openssl-dev, but I don't know what to do about it. Any ideas? gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -c -o md5-x86_64.o md5-x86_64.s md5-x86_64.s: Assembler messages: md5-x86_64.s:41: Error: 0xd76aa478 out range of signed 32bit displacement uname -a Linux cainl.watson.ibm.com 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun 20 14:15:38 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux If you can get OpenSSL to compile despite that error (e.g. different version of the assembler) it wont matter because that file isn't used in the FIPS module itself. It's just a side effect of the 1.2 build process that it needs to build a complete vesion of OpenSSL as well as the module. I thought I was not allowed to touch any of the build configuration. This is a standard Linux RHEL 6.1 with standard gnu tools. ~~ A second question. In researching this error, I saw someone compile with ./config fipscanisterbuild That's not in the INSTALL file. Do I need this? That is for testing purposes for the unvalidated 2.0 module only. The 1.2 module uses ./config fipscanister instead. I tried that and got: ./config fipscanister Operating system: x86_64-whatever-linux2 Configuring for linux-x86_64 target already defined - linux-x86_64 (offending arg: fipscanister)
Re: out range error compiling fips 1.2.3
From: Jakob Bohm jb-open...@wisemo.com Date: 09/09/2011 05:36 AM Subject: Re: out range error compiling fips 1.2.3 On 9/8/2011 9:35 PM, Kenneth Goldman wrote: ... A second question. In researching this error, I saw someone compile with ./config fipscanisterbuild That's not in the INSTALL file. Do I need this? Hmm, in previous versions of the FIPS module, there was an official document as part of the FIPS approval which restricted the FIPS certification to use of a specific sequence of build steps, one of which was that command. Maybe the INSTALL file is the standard OpenSSL INSTALL file and not the true FIPS instructions, or maybe that command is only for the old FIPS module for version 0.9.x and not for the new module for version 1.0.x . Someone else on this list certainly knows which of those two applies. I think you're right that the INSTALL file is the standard one. The string FIPS never appears. IMHO, this is a bug in the FIPS tarball. For the record, - When one specifies fipscanisterbuild, a message appears that one should go to www.openssl.org/docs/fips - In that page, there's a pdf SecurityPolicy that suggests ./config fipscanisterbuild noasm This eliminates the 'out range' error. But them make test fails with this: echo test normal x509v1 certificate test normal x509v1 certificate sh ./tx509 2/dev/null testing X509 conversions p - d make[1]: *** [test_x509] Error 1 make[1]: Leaving directory `/home/kgold/Downloads/openssl-fips-1.2.3/test' make: *** [tests] Error 2
out range error compiling fips 1.2.3
I'm getting this error compiling openssl-fips-1.2.3.tar.gz, which seems to be the latest. It seems to be well known on openssl-dev, but I don't know what to do about it. Any ideas? gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -c -o md5-x86_64.o md5-x86_64.s md5-x86_64.s: Assembler messages: md5-x86_64.s:41: Error: 0xd76aa478 out range of signed 32bit displacement uname -a Linux cainl.watson.ibm.com 2.6.32-131.6.1.el6.x86_64 #1 SMP Mon Jun 20 14:15:38 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux ~~ A second question. In researching this error, I saw someone compile with ./config fipscanisterbuild That's not in the INSTALL file. Do I need this? -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Re: Req with ECDSA key and CA with RSA key
I am doing ECDSA signing and verification of SHA-512 digests. 1.0.0a. I don't know about 0.9.8. From: Rick Lopes de Souza dragonde...@gmail.com Does Openssl support ecdsa with sha256 and sha512? Only above of 1.0.0 ?
Code pattern for EC_KEY read and write
I can create and use an EC_KEY, but I need utilities to write and read it to a file. 1 - I assume I should use PEM format, like I do for RSA. Correct? 2 - Can someone post the call sequence? There's nothing in the html doc yet. I see some clues in the openssl source, but I'd prefer not to recode what already exists. -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Re: Simple question: Maximum length of PEM file?
Is that possible in general? There's no maximum key size or signature size, and certificates can have extensions. I typically read the file size first, then allocate memory, then read the file. In general, hard coding a maximum length is used to enable a buffer overflow attack. :-) owner-openssl-us...@openssl.org wrote on 07/26/2011 07:38:12 AM: From: Katif yiz...@gmail.com To: openssl-users@openssl.org Date: 07/26/2011 09:17 AM I need to know in advance the maximum length of the following three PEM formatted files (excluding the -BEGIN/END lines): Private key file, Certificate file, CA certificate file. For example - the following file has 68 characters length: -BEGIN CERTIFICATE- MIIDCDCCAfACCQDhtkeHC+WN+DANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJQ TD -END CERTIFICATE-
Re: ECDSA public key token to/from binary
owner-openssl-us...@openssl.org wrote on 07/18/2011 09:49:33 AM: From: Billy Brumley bbrum...@gmail.com To: openssl-users@openssl.org Date: 07/18/2011 10:00 AM Subject: Re: ECDSA public key token to/from binary Sent by: owner-openssl-us...@openssl.org Dear Ken, One way to accomplish this is something along the lines of EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); where EC_KEY is the key structure, returning the point as an EC_POINT structure, followed by int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BN_CTX *); where EC_GROUP is setup for P-521 (have a look at EC_GROUP_new_by_curve_name), EC_POINT is the public key from the previous call; it dumps the coordinates to x and y, where you can use BN_bn2bin or whatever you like. You'd reverse it with Thanks for the response. Are X and Y the public key? I tried this and it seems to work. Error checking omitted for easier reading. Comments? Getting the public key: group = EC_KEY_get0_group(eckey); ec_point = EC_KEY_get0_public_key(eckey); *publicKeyLength = EC_POINT_point2oct(group, ec_point, POINT_CONVERSION_UNCOMPRESSED, *publicKey, *publicKeyLength, NULL); Setting the public key: *ecPubKey = EC_KEY_new(); group = EC_GROUP_new_by_curve_name(nid); ec_point = EC_POINT_new(group); EC_KEY_set_group(*ecPubKey, group); EC_POINT_oct2point(group, ec_point, publicKey, publicKeyLength, NULL); EC_KEY_set_public_key(*ecPubKey, ec_point); int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, BN_CTX *); followed by int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); While this is the manual way to do it that you've asked for, there are a few caveats that can affect security so if possible I'd consider standard (ANSI? P1363?) methods like EC_POINT_point2bn and so on. Those also easily allow point compression if that's needed. In general, poke around in include/openssl/ec.h and there is lots of useful functionality, although not as much documentation. I've been doing that poking.
ECDSA public key token to/from binary
I have to extract a binary (unsigned char *) representation of a public key from an ECDSA openssl key structure. Later, I want to use that binary to reconstruct an openssl public key structure that I can use to verify a signature. The curve is fixed - P521. I don't need any certificates, just a public key that I can embed in the verifier. Can someone point me toward sample code? Or, can someone give me some hints? -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
FYI openssl documentation
FYI: I've been using http://www.openssl.org/docs/crypto/crypto.html as a starting point for openssl man pages. Today, I stumbled upon http://www.openssl.org/docs/crypto/ which is much more complete. Is there someone I should email to request an update to the publically visible page? Someone went through the trouble to write and upload the man pages. It's a shame to hide them. -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Re: minor version compatibility
owner-openssl-us...@openssl.org wrote on 05/10/2011 06:52:26 PM: From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Date: 05/10/2011 06:57 PM The answer is probably yes but with some caveats. If the application is well behaved and doesn't rely on undocumented features or access structure internals it should be fine. The catch is that it's hard to determine what an 'undocumented feature' is. E.g., the AES_Encrypt function is not in the man page. Nor is MGF1. AES_Encrypt persisted from 0.9.8 to 1.0.0. MGF1 was dropped.
Re: minor version compatibility
My experience is more probably than yes. I recall cases where it did not. It's also hard to test, because it might fail some corner case that you don't use often. owner-openssl-us...@openssl.org wrote on 05/10/2011 05:12:33 PM: From: Ken Dreyer ktdre...@ktdreyer.com To: openssl-users@openssl.org Date: 05/10/2011 05:27 PM I'm pretty sure this is yes, but I don't see it documented anywhere. Are the various minor versions of OpenSSL binary compatible? For example, if I built Apache's mod_ssl against a previous 0.9.8 release, and I update my system to 0.9.8r, will everything work?
Re: TPM engine
I'd try a trousers mailing list as well. I just compiled trousers and linked with openssl 1.0.0 and it works. But I didn't try the TPM engine, which I understand to be a layer on top of trousers. Did you 'discover' that it doesn't work through documentation or did you try to link. My experience is that most openssl linker errors and runtime segfaults are due to mixing different versions of openssl on a platform. openssl releases often break binary compatibility. owner-openssl-us...@openssl.org wrote on 05/02/2011 08:32:38 PM: From: Nicholas Wehr openssl-develop...@primacinema.com To: openssl-users@openssl.org Date: 05/02/2011 08:36 PM We're looking at using the Trousers stack for the backend of openssl in order to : provide access to an RSA key stored within the TPM use the TPM crypto funtions We've now discovered that the Trousers engine (libengine_tpm_openssl) does not work with the 1.0.0 branch of openssl. What are you doing to integrate your TPM? Is there a Trousers alternative? Is there a modification/patch available to get the 1.0.0 to address the issue? http://sourceforge.net/projects/trousers/files/OpenSSL%20TPM% 20Engine/0.4.1/openssl_tpm_engine-0.4.1.tar.gz/download Thanks! -nicholas
Re: Building OpenSSL vs Downloaded
I use the precompiled openssl from http://www.slproweb.com/products/Win32OpenSSL.html I typically build with gcc, although I've used Microsoft VC++ in the past. Perhaps post the linker error. I can send you a link to a sample makefile if you like. -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646) From: hpenaguz...@aim.com To: openssl-users@openssl.org Date: 12/22/2010 01:55 PM Subject:Re: Building OpenSSL vs Downloaded Sent by:owner-openssl-us...@openssl.org May I ask which download version are you using?, I tried several and couldn't build it and neither use it with Borland, I got a linker error. Thanks. -Original Message- From: Ryan Pfeifle r...@vpi-corp.com To: openssl-users openssl-users@openssl.org Sent: Tue, Dec 21, 2010 4:08 am Subject: RE: Building OpenSSL vs Downloaded You do not need to build the library unless you want to customize it. If you do compile it, it can be used with other compilers. I use the downloaded version with Borland C++Builder 5 and 6, though it was originally built with VC++, and it works fine.
openssl version constants - question and request
Question: OPENSSL_VERSION_TEXT is undocumented. Can I count on it being there and up to date, or is it for internal use only? Request: OPENSSL_VERSION_NUMBER varies between a long and an int constant, Could it please be standardized?
Legal RSA exponents
OpenSSL will hang if one asks it to create a key with an illegal (e.g., even) public exponent. Is there a simple test for a legal public exponent? If not, is there a list of commonly used ones. 3,17,65537, ...
Re: rsa_sign versus RSA_private_encrypt
owner-openssl-us...@openssl.org wrote on 10/28/2010 03:07:18 AM: From: Bob Dijck di...@turnhout.tokheim.com I am trying to implement a signing function in C++ using RSA. Here’s how I wanted to do this: - First I calculate the SHA1 hash (not using openssl but another implementation). - But then what? Should I use RSA_private_encrypt or rsa_sign? When I use RSA_private_encrypt the result is different from when I use rsa_sign… The openssl support pages mention that in case of RSA_PKCS1_PADDING (that’s the one I use) I should use rsa_sign. Is there any way around this? I thought that signing was a two step process: hash + RSA encryption of hash. Am I doing something wrong? There are two other steps. It's: - hash - prepend an OID - prepend a pad - RSA private key operation If you're application likes openssl's standard OID and pad, you can use rsa_sign. If not, you can do whatever you like.
PEM_write_PUBKEY segfault with 1.0.0 on windows
I'm getting a PEM_write_PUBKEY() segfault. This is existing code that works with 0.9.8 with Windows or 1.0.0. with Linux, but fails with 1.0.0. and Windows. What's my latent bug? Here's a small sample that fails: RSA *rsa = RSA_generate_key(512, 65537, NULL, NULL); EVP_PKEY *pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); FILE *file = fopen(tmp.pem, wb); PEM_write_PUBKEY(file, pkey); In my actual application, I set rsa-n and rsa-e to bignums that I generate. I think that should be enough to write the public key.
Re: Install openssl without root rights
It depends what you mean by 'install'. You can certainly install it under your home directory and use it or link to it. I often do that when testing with a new version. If you want to install it in a standard place like e.g. /usr/lib, then you need rights to write that directory, often root rights. owner-openssl-us...@openssl.org wrote on 09/28/2010 02:57:59 AM: From: fabermundi fabers...@hotmail.com I have to install openssl on a Computer with openSUSE where I don't have any root rights. Is this possible? How?
OpenSSL state and suspend/resume
How does one handle a suspend/resume power cycle when using OpenSSL? Specifically, suppose one is in the middle of a SHA-1 Init/Update/Final sequence when the suspend signal occurs? What happens to SHA_CTX? I know I can save and restore SHA_CTX by peering into the structure. I also know that OpenSSL won't guarantee that the structure will be fixed forever, so my code will be fragile. Is there a better alternative? I have a similar question regarding the RNG state, but I think I can reseed it after the resume. I don't see any other functions that keep internal or opaque state. Are there any I should be concerned with? I use only SHA-1, RSA, AES, lots of bignum functions, and the RNG.
Re: Why 2 DLL's for building OpenSSL
An argument against combining the two DLL's with a custom build is that your configuration will be different from everyone else. Whoever maintains your code after you move on will have to learn your non-standard configuration. More likely, they'll waste time undoing your strange setup and going back to the standard. owner-openssl-us...@openssl.org wrote on 07/05/2010 06:54:51 AM: Deckers, Rob rob.deck...@oce.com I am trying to build OpenSSL by using CMake ( only for windows ) files to generate visual studio solutions. Now I see that OpenSSL results in 2 .dll files. Is there a special reason why 2 DLL's? Could it be combined in just one DLL?
1.0.0 EVP_PKEY_assign_RSA() segfault
I have some fairly basic code that is now segfaulting reliably with 1.0.0. It has worked for years with all 0.9.8 releases. 1 - Did something change that I should know about? Before I compile openssl for debug and step through it, is there something I should look for? 2 - The meta-question: Is there an 0.9.8 - 1.0.0 porting guide. I'm debugging, but it looks like a long chore. RSA *rsa; EVP_PKEY pkey; ... (software that constructs the RSA key structure) ... OpenSSL_add_all_algorithms(); EVP_PKEY_assign_RSA(pkey, rsa); -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Re: Openssl tarball SHA1 checksum
owner-openssl-us...@openssl.org wrote on 04/11/2010 01:38:14 PM: * Kenneth Goldman wrote on Fri, Apr 09, 2010 at 08:12 -0400: I notice that the tarballs also include a SHA1 digest. What's the point? To have a check whether the FTP download was successful to avoid accidentally using corrupt files, a file integrity check with a checksum is quite common. Aha. So it's just a double check on ftp? It's not trying to protect against an attacker targeting the openssl site or the download process?
Openssl tarball SHA1 checksum
This is an openssl security meta-question. I notice that the tarballs also include a SHA1 digest. What's the point? 1 - If anyone has authority to update the tarball with a counterfeit, can't they also update the SHA1. 2 - The web site isn't protected by ssl (ironic). A MIM altering the tarball could similarly alter the SHA1. The FAQ implies that one should get the SHA1 from the main site and the tarball from a mirror. Is that the point? -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Re: OpenSSL 1.0.0 released
Is there any significance to the 1.0.0.value other than it's the next number after 0.9.9? (Hoping that someone will answer that openssl will guarantee backward compatibility from here on.) -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
MGF1 not exported in 1.0.0
Between 0.9.8 and 1.0.0, the function rsa_oaep.c:MGF1() was changed to static. This breaks backward compatibility. IMHO, the static keyword should be removed. (Copying the users mailing list. My hope is that I can gather some community support for the importance of backward compatibility.) -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Re: General question about documentation
owner-openssl-us...@openssl.org wrote on 11/26/2009 06:35:42 PM: Finally, the source code IS the only reliable source of documentation (assuming you can trust your compiler, OS, and hardware to do the right thing). It isn't the most CONVENIENT, which is why we desire other forms. Two problems: 1 - Reading the source is only as reliable as the skill of the reader and the comments in the code. I'd rather have the answers than a research project. 2 - If I read the source, I can't determine which functions are stable and intended to be used by applications and which are internal and subject to change or deletion with every release. the implementation details of the 250-odd API entry points in libssl.so would tell me very little about how to properly USE those APIs, and in fact, designing an application around my interpretation of the library developers intent would likely lead me down some rabbit holes I'd rather not explore. User manual type documentation would be nice, but I'd be content with a more complete implementation of what's there now. E.g., the AES functions are not documented yet. I find the current documentation quite clear and easy to use. My only issue is that some functions are just not documented.
Re: Encrypting 32/64 bit integers
owner-openssl-us...@openssl.org wrote on 09/30/2009 03:27:56 AM: On Fri, Sep 18, 2009 at 01:59:12PM -0700, musikit wrote: again works awesome for strings. however we are realizing there are sometimes we just want a 32 bit int or a 64 bit int encrypted and nothing else. You could just xor the bits with the key. With XOR, you can toggle a bit in the cleartext by toggling a bit in the ciphertext. This property may or may not be important to you.
Re: How to create a non exportable private key certificate using openssl
It sounds like the question is how do I lock the client private key, so the user/attacker can't move it off the office PC? For the casual user, If you do this, you'll lose your job might work. For a determined attacker, I can't see how any software-only solution would work. Consider a hardware solution like a key pair locked in a TPM. -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646) tito tit...@gmail.com To Sent by: openssl-users@openssl.org owner-openssl-use cc r...@openssl.org Subject Re: How to create a non exportable 07/14/2009 11:49 private key certificate using PMopenssl Please respond to openssl-us...@ope nssl.org Thanks a lot for the reply David. First I will explain my threat model. I have got lot of employees who do some transactions around the world sitting in their branch offices and I need to authenticate them using DC. So they raise a request from their browser and I provide them with a certificate from my openssl.The browser will be in the PC of the office branches. Now the threat is, If an agent export the certificate he acquired in a USB or in someother way and goes to his home pc or somewhere else and he imports the certificate to his personal PC and started doing transactions.This cannot be allowed and the agent should do only transactions from his office PC allotted to him. As you have said, simply graying out the option to export the key is sufficient. But the agent is a franchisee and I cannot force them to install or do something in their pcs,nor can I check whether they are ensuring the instructions.So I cannot force or tell the agent to do some configuration/modification in his PC or browser. if he uninstalls and deletes the certificates/browser or change his PC ,I shall issue him a new certificate. He shouldnt be able to export/backup the private key or the certificate I have issued to him. Also this is not an issue in IE , as I can disable the option to export the private key.So in IE, this requirement works well. But I cannot enforce the agents to use Windows/Linux or IE /Mozilla.The agents have the choice of infrastructure they can use.So I cannot enforce them to use IE or Windows. 2009/7/15 David Schwartz dav...@webmaster.com tito wrote: I have used SPKAC format to request a digital certificate from mozilla and signed the request with my master key from open ssl and imported it to my mozilla. I can readily export (backup)the private key + certificate from mozilla and import it to some other system's mozilla browser. I dont want this to happen. I dont want the private key to be exported. is there any option in openssl to disable this. It's not really possible to give you useful advice without understanding your threat model. For example, would simply graying out the option to export the key suffice? Or do you need to prevent the key from being extracted even by a determined attacker? (For example, is simply shutting off Mozilla's export option sufficient even if Mozilla is still capable of exporting the key?) In principle, for Mozilla to prove it is entitled to use the certificate, it must perform operations using the private key. Unless the key is stored in a hardware token, there is no way to stop it from exporting the very same private key data it is using to perform those key operations. What is your outer problem? Are you trying to prevent against user error? Are you trying to protect against malicious corruption of the browser by a determined attacker with access to the local system? DS __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org inline: graycol.gifinline: pic04043.gifinline:
Re: Does AES_cbc_encrypt remove PKCS5 padding
I use that function, and it does not remove padding. 1 - How would it even know what is padding and what is your data? 2 - Why do you think it removes the padding? The function does not return a length. Here's a really wild guess: Are you perhaps padding your data with zeros and then using strlen() to determine the length of the result? owner-openssl-us...@openssl.org wrote on 05/06/2009 05:53:27 PM: AngelWarrior srikanth.bemin...@gmail.com But I am experimenting with the code which is actually removing the padding by calling AES_cbc_encrypt(unsigned char*)input, (unsigned char*)(output), (const unsigned long)(length), ks, (unsigned char*)ivec, AES_DECRYPT). What is EVP layer? On Wed, May 6, 2009 at 3:45 PM, Dr. Stephen Henson st...@openssl.org wrote: On Wed, May 06, 2009, AngelWarrior wrote: Hi, Does AES_cbc_encrypt add or remove the padding, if I provide an un-padded data in the multiples of 16 bytes? I wrote a piece code where I am manually adding the padding but when I decrypt using AES_cbc_encrypt the padding is automatically removed. None of the low level cipher routines including AES_cbc_encrypt() add or remove padding. That is handled in the EVP layer.
Re: OpenSSL 1.0.0 beta 1 released
Assuming it's not a joke, what's the meaning of a 1.0 as opposed to 0.9.something. My hope is that you'll say the API is frozen and that there's a commitment not to break backward compatibility in future releases. -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Linking with mingw on Windows
What's the linker format when using [gcc / mingw] on Windows? I am not using cygwin! I assume I should use the libraries in .../OpenSSL/lib/MinGW, but maybe not. I've tried -leay32 -LC:/program files/openssl/lib/mingw/libeay32.a and even copying libeay32.a to libcrypto.a and -lcrypto I've linked in ssleay32.a as well. It's seeing the library file, because I get a file not found error if I spell the library name incorrectly. But it's not finding the functions. For all cases, I get errors of the form: c:107: undefined reference to `RSA_new' for all openssl function calls. -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Re: Linking with mingw on Windows
Several comments: 1 - The Windows binary distribution of OpenSSL doesn't come with libcrypto.a 2 - nm shows that RSA_new() is in libeay32.a 3 - libeay32.def shows RSA_new() I believe that I have the libraries. I feel like I'm just missing some makefile option, some Windows oddity, or some gcc flag. owner-openssl-us...@openssl.org wrote on 03/10/2009 07:10:19 AM: Hi, RSA_new is defined in libcrypto. It is obviously not defined in libeay32. You can check it with nm libeay32.a | grep RSA_new. Then you should probably get a good copy of libcrypto. BR, Nikos - Original Message - From: Kenneth Goldman To: openssl-users@openssl.org Sent: Monday, March 09, 2009 8:26 PM Subject: Linking with mingw on Windows What's the linker format when using [gcc / mingw] on Windows? I am not using cygwin! I assume I should use the libraries in .../OpenSSL/lib/MinGW, but maybe not. I've tried -leay32 -LC:/program files/openssl/lib/mingw/libeay32.a and even copying libeay32.a to libcrypto.a and -lcrypto I've linked in ssleay32.a as well. It's seeing the library file, because I get a file not found error if I spell the library name incorrectly. But it's not finding the functions. For all cases, I get errors of the form: c:107: undefined reference to `RSA_new' for all openssl function calls. -- Ken Goldman kg...@watson.ibm.com 914-784-7646 (863-7646)
Re: OpenSSL Version Compatabitlity issues
In general, I find that openssl routinely breaks backward compatibility. Even header files are incompatibly - compiling with one version and linking with another will cause errors. It would be wonderful to finally get to a version 1.0 which would freeze the existing API and guarantee backward compatibility. [EMAIL PROTECTED] wrote on 09/30/2008 06:20:45 AM: I am facing issues in running my application on two different Linux distributions having different OpenSSL versions. The application “foo” is built on SUSE 9 and is intended to be executed on RHEL 4, 5, SUSE 9 and 10. The application”foo” links implicit dynamic with OpenSSL libraries on the SUSE 9, OpenSSL version here is 0.9.7d. When I try to run the application on RHEL 5 where in the OpenSSL version is 0.9.8b. I am getting following error.
Re: Do you have to pre-pend 16 bytes to a raw value before RSA encryption
[EMAIL PROTECTED] wrote on 09/17/2008 08:10:09 AM: I just completed writing my first program using libcrypto to handle RSA encryption sing a public key extracted from a X509 certificate. This program communicates with a service created by our parent company. The first attempts that I made to run my program against the service, resulted in an error back from it stating that an encrypted field was required. After much brow beating, I spoke to a colleague of mine that works on another system and had to interface that system in to parent company service as well. He said that he had to pre-pend 16 byte sof data to the raw field prior to encrypting through RSA. Sure enough, having pre-pended 16 bytes to my raw field before encrypting through RSA_public_encrypt() and sent the result to service, I got success! So my question is, is it required to pre-pend 16 bytes to the raw field or is this something my parent company are doing for their own reasons? What padding are you specifying? I suspect that you are specifying no padding, in which case the size of the input must be the same as the size of the key. Use one of the standard paddings. Roll your own after consulting with a many competent cryptographers. (If they're competent, they'll tell you not to roll your own.)
Re: Problem generating csr
The rpm manager will only update if you install through rpm. 1.5 gb sounds absurd for a csr. Perhaps dump the beginning of it to see if a particular field is incorrect. [EMAIL PROTECTED] wrote on 09/11/2008 02:34:04 PM: I am running Red Hat Enterprise 5.2 with OpenSSL 0.9.8h. The version of OpenSSL available for download from Red Hat Network was out of date so I downloaded OpenSSL 0.9.8h from openssl.org and did a ./configure, make, make install. Now, if I do a openssl version, it displays the correct version, 0.9.8h. However, the rpm manager still shows the old version. My problem is when I generate a csr, the csr file is over 1.5 GB. Needless to say I think my OpenSSL configuration is screwed up. By the way I am a noobie if you haven’t already guessed. Help is greatly appreciated. Dave
RE: Basic question on version number..
The decision in the case of OpenSSL was that 1.x would have a stable API, permitting shared libraries to be used interchangeably. OpenSSL does not have a stable API yet, officially. If that's the rationale, I eagerly await 1.0. The lack of a stable API has hurt me far too many times. I encourage the developers to freeze the existing API. Shared library is currently an experimental feature. The only reason to have them would be to conserve memory on systems where several program are using OpenSSL. Binary backward compatibility can't be guaranteed before OpenSSL version 1.0. I think this was the original idea. For me, the more important reason to use a shared library is the ability to upgrade the library when I don't have access to the source/object code that uses the library.
Re: SSL_connect failure when switching from 0.9.7 to 0.9.8
In my experience, openssl releases routinely break compatibility. This occurs for letter as well as number changes. Compiling against the new version is not enough. You must link with the same version. Dynamic linking offers a third possibility for inconsistency. The symptom I typically see is that almost everything works, but some function call will crash the program. [EMAIL PROTECTED] wrote on 07/24/2008 06:08:40 PM: Hi everybody, I'm working a project that uses OpenSSL to securely communicate between server and client. So far the project has been using OpenSSL version 0.9.7l but last week we decided to switch to 0.9.8.f. Our code compiled against the new version just fine but now it no longer works properly. The client code tries to connect to the server and gets an error returned by SSL_connect(). The error is SSL_ERROR_SSL so its a protocol related problem. Has anybody had a similar experience when switching to 0.9.8? The code worked just fine before with 0.9.7 and it also successfully compiled against the new version with no errors so I expected everything to work. I know the underlying connection works fine, including BIO because I tested it with a few reads/writes. Can anybody point me in the right direction? Any help is greatly appreciated. Thanks, Alen __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Compiling static vs. dynamic and building a universal binary
[EMAIL PROTECTED] wrote on 07/17/2008 12:16:18 PM: Has this ever been (in recent history) an issue within a given release branch? Ie. has 0.9.8(n+1) ever broken apps that were running ok against 0.9.8n? 0.9.8x is of course not backwards compatible with 0.9.7y, and 0.9.9 will not be backwards compatible with 0.9.8 either. But that's why (reputable) distros allow these branches to coexist and be upgraded independently. I had one yesterday. I was linking with 0.9.8d, but I incorrectly had 0.9.8a include files in my path. This unfortunately simulated compiling with 'a but then an upgrade to 'd. Almost everything worked, but HMAC core dumped deep in my code. ... a plea to make as many new functions as you like, but freeze the existing ones. I don't even like changes outside a release branch. I don't want my 0.9.8 apps to break because some new one installed 0.9.9. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Compiling static vs. dynamic and building a universal binary
[EMAIL PROTECTED] wrote on 07/16/2008 10:08:31 AM: 2) using static builds has a benefit: you know exactly what your application is going to get SSL-wise: you will be sure it is installed on the target system because you brought it along. The drawback is that you have to provide your own update path to track security fixes -- that is compared to an OS/platform where others do the tracking and updating for you (e.g. active Linux distros with dynamic libraries). Is this really a drawback? Since OpenSSL updates break backward compatibility, there a problem as well with dynamic libraries. Someone installs an update, possibly automated, possibly the install of another program, and suddenly you application fails in strange ways. [... my quixotic plea for NEVER breaking backward compatibilty] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: R: PEM_read_RSAPublicKey problem
Perhaps the problem is that you're reading the public key and trying to sign. Signing uses a private key. Try: PEM_read_RSAPrivateKey() RSA_sign() [EMAIL PROTECTED] wrote on 06/27/2008 11:31:42 AM: Excuse me, I'm trying, using C, to do a simple sign and verify with RSA public and private keys on pem files. Which is the easy way? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Strategy for freeing EVP and RSA keys
I'd like confirmation that I understand how to free RSA keys. I create an RSA *key. I then use it to create an EVP_PKEY using EVP_PKEY_new() and EVP_PKEY_assign_RSA(). Later, want to free everything. I _think_ that EVP_PKEY_free() will free both the EVP_PKEY and the RSA objects. Is that correct - that there's an implied free of the RSA object? If so, is this the correct strategy: If the EVP_PKEY was created correctly free the EVP_KEY else if the RSA key created correctly free the RSA key -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 (863-7646) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Debugging i2d_X509() segfault
Subject says it: What a good approach to debugging a segfault in i2d_X509()? The X509 certificate succeeds when I use X509_sign(). But when I sign by hand, adding the two signature algorithms, signing with RSA_Sign(), and adding the signature to the structure, X509_print_fp() segfaults. The X509 structure (before serialization) verifies. X509_print_fp() on the structure also succeeds. Is there, for example, a way to i2d() the X509 parts to narrow down the problem? -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 (863-7646) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Failing to read password protected pem file
I'm having trouble programmatically reading a password protected .pem file. With the same openssl library, I can read it using the openssl command line. Based on the below failure call stack, it seems to be failing getting the nid for the cipher. I suspect some compiler or linker option, but the fact that the 'openssl' application works with the same library confuses me. Call stack: PEM_read_bio_PrivateKey PEM_bytes_read_bio PEM_get_EVP_CIPHER_INFO OBJ_sn2nid (AES-256-CBC) OBJ_NAME_get lh_retrieve Program snip, basically the same as apps.c:load_key() typedef struct pw_cb_data { const void *password; const char *prompt_info; } PW_CB_DATA; int main() { long rc = 0; /* general return code */ PW_CB_DATAcb_data; BIO *key = NULL; EVP_PKEY *pkey=NULL; cb_data.password = ; cb_data.prompt_info = signkey.pem; key = BIO_new(BIO_s_file()); if (key == NULL) { printf(Error BIO_new() failed\n); rc = ERROR_CODE; } if (BIO_read_filename(key, signkey.pem) = 0) { printf(Error opening %s\n, signkey.pem); rc = ERROR_CODE; } pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, cb_data); if (pkey == NULL) { printf(unable to load key\n); rc = ERROR_CODE; } -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 (863-7646) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
X509 certificates through API
Is there sample code anywhere for how to construct X509 certificates programmatically, through the API, not the command line? The documentation includes the serialization API's, but? little else. I assume, since it can be done from the command line, that the code exists and is just not documented. Could I be wrong? -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 (863-7646) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OPENSSL_Uplink(00509010,07): no OPENSSL_Applink
http://www.openssl.org/docs/crypto/OPENSSL_Applink.html -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 (863-7646) [EMAIL PROTECTED] wrote on 02/16/2008 03:17:10 PM: hello, I use the functions: r=RSA_generate_key(bits,e,NULL,NULL) oFile = fopen(MyKey.txt,w); if (oFile!=0) { RSA_print_fp(oFile, r, 0); fclose(oFile); } to create one RSA key. But I got the error: OPENSSL_Uplink(00509010, 07): no OPENSSL_Applink How can I handle this problem? Thanks! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: RSA_public_decrypt error
[EMAIL PROTECTED] wrote on 02/11/2008 10:22:00 AM: I'm not that good in OpenSSL. How do I create a RSA file if I only have a modulus and exponent. Programmatically I have set the 2 values with BN_bin2bn(), but how do I save this to a file? I use PEM_write_RSAPublicKey() It's interesting that the working case has the ciphertext the same size as the modulus, while the failing case seems to be missing a byte. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]