Re: EC 224bits
C K KIRAN-KNTX36 wrote: Hi All, Is there any crypto function similar to the below one, int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); for EC, int EC_set_private_key(const unsigned char *userKey, const int bits, EC_KEY *key); int EC_set_public_key(const unsigned char *userKey, const int bits, EC_KEY *key); similar to RSA / DSA: d2i_ECPrivateKey() and o2i_ECPublicKey() Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl error while retreaving key from smartcard from wpa_supplicant?
Carles Fernandez i Julia wrote: En/na Nils Larsch ha escrit: Carles Fernandez i Julia wrote: ... That's the point : I have the private key certificate stored in the smartcard, not located in a plain file. That's why I commented the line above. the engine doesn't support using certificates stored on smart cards (and I don't even think that this extremly useful). But this engine, pkcs11-opensc, is designed to do this (using certificates on smartcards). the engine is designed to use the token for the cryptographic operation (i.e. signing, decrypting with the private key) and not as a storage device for public objects (smartcards are terrible slow so you normally want to reduce the communication with the card as much as possible). Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl error while retreaving key from smartcard from wpa_supplicant?
Carles Fernandez i Julia wrote: ... That's the point : I have the private key certificate stored in the smartcard, not located in a plain file. That's why I commented the line above. the engine doesn't support using certificates stored on smart cards (and I don't even think that this extremly useful). Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: 0.9.8e changes BF cfb encryption
Valient Gough wrote: My previous mail doesn't seem to have appeared on the list, so sending again: Hello, As the maintainer of a package which uses OpenSSL, I've received some reports of 0.9.8e failing to decrypt data which was encrypted by previous versions of OpenSSL. Attached is a small bit of C++ code which demonstrates the problem. It uses the EVP interface with EVP_bf_cfb as the cipher and a 256 bit key (the reports all point to Blowfish with key length 128 bits). What it does is set a key, an IV, and run an encryption pass, then a decryption and compute checksums of the three arrays (original, encrypted, decrypted). When built against 0.9.8c, I get: ort:tmp g++ -Wall -g -o ssltest ssltest.cpp -lssl -lcrypto -lz ort:tmp ./ssltest src chksum = 698614540 stage2 chksum = 2266501868 final chksum = 698614540 Another machine with 0.9.7a gives an identical result. On a machine I upgraded to 0.9.8e, I get the following output: src chksum = 698614540 stage2 chksum = 2108297998 final chksum = 698614540 stage2 is the encrypted data, and it differs on 0.9.8e. What this means in practice is that the program I'm using can encrypt/decrypt data just fine when run in either version of OpenSSL, but if data is encrypted in an earlier version and then OpenSSL is upgraded to 0.9.8e, then decryption fails. The nearest I've narrowed down is to something changing between 0.9.8c and 0.9.8e, but I've received reports that 0.9.8d - 0.9.8e also fails. I've been looking at the diffs between 0.9.8d - 0.9.8e, but I'm not seeing any obvious problem. Reports are that only Blowfish with key 128 bits has a problem, and AES users are not affected. Any ideas what's wrong, and if there's a way to get 0.9.8e output to match earlier versions? it's a bug in openssl 0.9.8e (see [1]). Nils [1] http://cvs.openssl.org/chngview?cn=15978 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Openssl ocsp
[EMAIL PROTECTED] wrote: Hi all, I try to ask an ocsp responder for the status of some certificates using openssl as ocsp client. Doing that the client produces the following Messages: --- C:\Programme\OpenSSL\binopenssl ocsp -issuer c:\Programme\OpenSSL\bin\certs\cert.pem -serial 1123 -url http://161.90.190.254:2560 -verify_other c:\Programme\OpenSSL\bin\certs\ocsp.pem -trust_other Response Verify Failure 2492:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:.\crypto\rsa\rsa_pk1.c:100: 2492:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:.\crypto\rsa\rsa_eay.c:699: 2492:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:.\crypto\asn1\a_verify.c:168: 2492:error:27069075:OCSP routines:OCSP_basic_verify:signature failure:.\crypto\ocsp\ocsp_vfy.c:98: 1123: revoked This Update: Mar 30 15:51:13 2007 GMT Next Update: Apr 2 10:33:23 2007 GMT Revocation Time: Mar 30 15:00:00 2007 GMT --- What will openssl tell me? Whats going wrong here? Any ideas? the signature within the ocsp response seems to be broken or a wrong public key is used when openssl tries to verify it (if the response contains the hash of the oscp signers public key this should be rather unlikely). Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Import private key with d2i_AutoPrivateKey
Hellstern, Thomas (LfSt) wrote:
...
[exec] d2i_AutoPrivateKey returned a key at 0x
[exec] ERR_get_error()=218783872 (0x0d0a6080)
[exec] ERR_lib_error_string(rc)=asn1 encoding routines
[exec] ERR_func_error_string(rc)=LONG_C2I
[exec] ERR_reason_error_string(rc)=integer too large for long
well, your key is broken.
[EMAIL PROTECTED]:/tmp dumpasn1 key.bin
0 1184: SEQUENCE {
4 257: INTEGER
: 00 9F 6D 64 3B 61 63 B5 D4 41 AF 5E CE BA 33 DF
: 18 08 0F FB E5 A1 CA FE FA 31 29 3B BE 6A 2E 95
: 4E A7 53 97 CD C9 1E C8 B7 36 6E B5 7B 83 83 E7
...
the version number of the structure is missing (as openssl
tries to store the version number in a 'long' openssl attempts
to store the first entry, here the modulus, in a long ...
see above error message).
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Problem with ecdsa
jimmy wrote: ... you see, as Nils, pointed out your blob is not in asn.1 der format (not starting with 0x30..). since ecdsa_sig is BIGNUM *r, *s; you can try using the BN_bin2bn() function to directly convert your blob to BIGNUM. you'll need to do this twice, once for r once for s. Since Nils told that the 2 numbers were concat'ed since most of the time they're the same size, you can take one half of the buffer to be r the other half to be s. r and s are always of the same size (if necessary they are padded with 0 bytes) as otherwise this couldn't work. Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem with ecdsa
Nils Larsch wrote: Moin Jürgen, Jürgen Heiss wrote: Hi everybody, I try to verify a xml file which was signed with ecdsa-sha1. I alredy read to SignatureValue from the xmlfile. which is. 724PlFGHTTL1cFlLFU6g6UetcPVBEAN6oNpogAUx3rgELFH86gA+NqvjVf316zek are you _really_ sure that this is a ecdsa-with-something signature ? Your data starts with 0xEF,0x6E... but a ecdsa signature is a asn.1 sequence of two asn.1 integers and hence must begin with 0x30 ... hmm, actually I was wrong. According to rfc 4050 the xml ecdsa-* signature value is simply the concatenation of the two signature value without the asn.1 der encoding ... OpenSSL has no function to handle this signature format directly. Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem with ecdsa
Moin Jürgen, Jürgen Heiss wrote: Hi everybody, I try to verify a xml file which was signed with ecdsa-sha1. I alredy read to SignatureValue from the xmlfile. which is. 724PlFGHTTL1cFlLFU6g6UetcPVBEAN6oNpogAUx3rgELFH86gA+NqvjVf316zek are you _really_ sure that this is a ecdsa-with-something signature ? Your data starts with 0xEF,0x6E... but a ecdsa signature is a asn.1 sequence of two asn.1 integers and hence must begin with 0x30 ... Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: sigbuf parameter of RSA_verify
James Walker wrote: I'm wondering why the sigbuf parameter of RSA_verify is declared as unsigned char* rather than const unsigned char*. It's not going to change the signature, is it? it should not change the signature input and in openssl = 0.9.8 it is const. Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: configure --export?
Geoffrey Coram wrote: I'm using the OpenSSL DLLs to go along with my e-mail client, nPOP/nPOPuk, for Windows CE. For myself, I've successfully compiled 0.9.8d under Windows CE 2.11 for ARM (as well as MIPS and SH4); I can't find binaries for CE2.11 anywhere on the web. Some other nPOPuk users would like the binaries, and I'd like to provide them, except for that export restriction. Is there a configuration option to make binaries that are export grade? It would also be nice to get something that is patent-free everywhere. considering the various different export / patent laws in the world I don't this is feasible. Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Exporting not-by-default functions in OpenSSL DLLs
Xiaoyu Ruan wrote: Greetings All, I have two questions on OpenSSL: 1. How to have the DLLs or SO’s export functions that are not exported by default, such as ECDSA etc? don't know a function ECDSA ;-) Seriously, there (normally) is a reason why certain functions are not part of the exported interface. What code changes need to be made? depends on what you want to do 2. What are the differences between 0.9.8 and 0.9.7? `less CHANGES` Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Bug in ASN1_item_d2i?
William Lachance wrote: Hi, I'm using the ASN1_item_d2i method for getting extension info out of an x509 certificate. It _appears_ that it's changing the dereferenced address of the 'in' parameter, even though it's supposed to be const. ... ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it); the address of 'in' isn't const here (as we don't have a const unsigned char * const *in here). Due to historical reasons the address is increased by the number of bytes read. Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to read a EC_KEY from a certificate
Jordi Jaen Pallares wrote: ... Anyway, I will need to extract (sooner or later) the respective EC keys from the certificate, use X509_get_pubkey() + EVP_PKEY_get1_EC_KEY() (note: both function increase the reference count of the object) ... [EMAIL PROTECTED]:~/Work/test$ ./opencert Opened key file... Trying to read the keys... File offset before reading : 0 File offset after reading : 47 Error in d2i_X509_fp... 10976:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1291: 10976:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509 [EMAIL PROTECTED]:~/Work/test$ are you sure that the file doesn't contain a PEM encoded cert ? Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: 2 is not prime?
Bill Colvin wrote: To add to the list: openssl version OpenSSL 0.9.7m-fips 23 Feb 2007 openssl prime 2 2 is not prime I've committed a patch [1] for this problem only in openssl = 0.9.8 Nils [1] http://cvs.openssl.org/chngview?cn=14780 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Public key validation for ECDSA
Victor Duchovni wrote: On Fri, Mar 02, 2007 at 05:56:24PM -0500, Xiaoyu Ruan wrote: Thanks. Refer to the sample test given in PKV.txt in http://csrc.nist.gov/cryptval/dss/ecdsatestvectors.zip. I tried EC_KEY_check_key() against six NIST recommended EC curves P-192 P-224 K-163 K-233 B-163 B-233. For curves P-192 P-224 B-163 B-233 the function gives correct results. However, for B-163 and B-233, some invalid public keys are wrongly evaluated to true. Those invalid public keys are exactly the ones marked (2 - Added PT of order 2). Is that a bug of implementation of EC_KEY_check_key()? Any ideas will be greatly appreciated. Thanks. not sure what is going wrong here, I will look at it Are you able to share the code and input files that you used to run the tests? btw: it would be nice to include these tests in the openssl 'make test' run. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Public key validation for ECDSA
Xiaoyu Ruan wrote: Hi dear fellows, I would like to know if there is any function(s) in OpenSSL that handles public key validation for ECDSA. Given a point (public key) and a curve, I would like to test if this point is a valid public key for this curve. have a look at EC_KEY_check_key() in crypto/ec/ec_key.c Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Sign using RSA-SHA1
WCR wrote: Hi All I need to sign a text using RSA-SHA1. ( http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 as per XML-Signature specification http://www.w3.org/TR/xmldsig-core/) I'm a newbie and want to sign a RSA-SHA1 from the command line? I've tried: openssl dgst -sha1 -sign 12677.pem -out mydigest.sha 12677.sig But the result is strange. When used in an xml message there are errors saying invalid characters. See attachments. well I guess you know that the result is binary and needs to be base64 before you can include it in a xml document. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Sign using RSA-SHA1
Kaushalye Kapuruge wrote: Hi List, I need to sign a text using RSA-SHA1. ( http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 as per XML-Signature specification http://www.w3.org/TR/xmldsig-core/) I found a set of EVP_ functions to do this. i.e. EVP_SignInit (md_ctx, EVP_sha1()); EVP_SignUpdate (md_ctx, data, strlen(data)); siglen = sizeof(sigbuf); err = EVP_SignFinal (md_ctx, sigbuf, siglen, pkey); In the above I have specified to use SHA-1 as the digest method. But I'm wondering where I have to specify to sign using RSA. Does these functions automatically decide the algorithm (e.g. DSA-SHA1, RSA-SHA1) by inspecting the EVP_PKEY* ? Please advice. if you use the cvs head (alias 0.9.9-dev) you can use EVP_sha*() together with a RSA, DSA or a EC key to create a RSA etc. signature. In OpenSSL = 0.9.8 you need to use EVP_dss1() or EVP_sha1() for RSA (the EVP_digest name() functions always assume a RSA key). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL crashes in verify with this specific file.
Steffen Lips wrote: Hi Kyle, I am using version 0.9.8c. I know that the verifying is ok when using -inform DER, because the format is DER. But when using -inform SMIME, OpenSSL normally exits normally with some error messages. But with this file openssl crashes. This happens in PKCS7_read_SMIME(). I would expect that this procedure would return NULL (what it does normally), but not that it crashes (what happens with this special file). could you please file a bug report at rt.openssl.org for this problem ? Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: BIT STRING Encoding with ECDSA-384 1 byte too long
Schifman, Jon wrote: I'm using OpenSSL 0.9.8d to work on generating X.509 certificates for use with ECDSA using the SECP384R1 curve. When I generate a certificate, the public key created is 97 bytes, but I know it should be 96 bytes (2 384 bit parameters for the x,y points on the curve). It shows up as 97 bytes when I print the PEM formatted cert with the -text option. In addition, I've converted the certificate to DER format, and manually decoded it. The cert still has a BIT STRING field of 98 bytes specified, where the first octet specifies 00 as the number of unused bits (as it should), but there is still an extra byte. Does anyone have any ideas about this behavior? Is it a bug in OpenSSL? there are different methods to encode a public key (ec point) as an octet string and the first byte is used to specify which method is used (in case of the uncompressed representation it should be a 0x04). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Avoid large memory consumption when using pkcs7_sign
Hagai Yaffe wrote: Hello, I am using PKCS7_sign for applying Digital Signature to files, when I am creating an enveloped PKCS#7 file that contains also the signed file content all the signed file data is being loaded to memory (this would be a problem with large files), I know that I can use the DEACHED option to create a PCKS#7 file without the content of the signed file, but this is not good for me. I have searched the OpenSSL API and tried to think of a workaround but could not, is there a way (using OpenSSL API) to create a PKCS#7 digital signature of a file that will contain the signed file content without all the signed file being loaded to memory? perhaps [1] helps (I didn't have to test it so far) Cheers, Nils [1] http://cvs.openssl.org/chngview?cn=15749 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problem to compile static void *KDF1_SHA1
[EMAIL PROTECTED] wrote:
Hi all,
I've created a method to generate ECDH Key, based on ecdhtest.c, available
at /openssl/test directory.
But I'm facing some trouble to compile it.
I've inserted the following code in the begining of the file, acording
ecdhtest.c,
static const int KDF1_SHA1_len = 20;
static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t
*outlen)
{
#ifndef OPENSSL_NO_SHA
if (*outlen SHA_DIGEST_LENGTH)
return NULL;
else
*outlen = SHA_DIGEST_LENGTH;
return SHA1(in, inlen, out);
#else
return NULL;
#endif
}
in order to use the ECDH method:
out=ECDH_compute_key(buf,len,EC_KEY_get0_public_key(public_key),ec_key,KDF1_SHA1);
When I compile it, the following messages appear.
aodv/aodv.cc: In function ‘void* KDF1_SHA1(const void*, size_t, void*,
size_t*)’:
aodv/aodv.cc:52: error: invalid conversion from ‘const void*’ to ‘const
unsigned char*’
aodv/aodv.cc:52: error: initializing argument 1 of ‘unsigned char*
SHA1(const unsigned char*, size_t, unsigned char*)’
aodv/aodv.cc:52: error: invalid conversion from ‘void*’ to ‘unsigned char*’
aodv/aodv.cc:52: error: initializing argument 3 of ‘unsigned char*
SHA1(const unsigned char*, size_t, unsigned char*)
I've already looked for the SHA1 constructor, and I don't know what is
going wrong.
Has anybody already faced this problem?
if not, could you give me some tips in order to solve this problem?
it looks like your compiler doesn't like the implicit conversion
from const void * to const unsigned char * ... Did you try to
use a cast ?
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: ECSDA and digest algorithm OID in OpenSSL 0.9.9
Ulrich Matejek wrote: Hi everybody, when experimenting with OpenSSL v0.9.9 (since that version allows choosing the digest algorithm when creating a PKCS#7 structure) I encountered an odd behaviour: no matter what argument was specified for the -md parameter, the resulting PKCS#7 structure had the SHA-1 OID set in all occurrences. Is that problem related to the prerelease status of that version or was it caused by an unclean installation on my machine? should work now. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECSDA and digest algorithm OID in OpenSSL 0.9.9
Ulrich Matejek wrote:
Hi everybody,
when experimenting with OpenSSL v0.9.9 (since that version allows
choosing the digest algorithm when creating a PKCS#7 structure) I
encountered an odd behaviour: no matter what argument was specified for
the -md parameter, the resulting PKCS#7 structure had the SHA-1 OID
set in all occurrences.
Is that problem related to the prerelease status of that version or was
it caused by an unclean installation on my machine?
if you are using ecc that's simply a limitation of the current
implementation. Perhaps I will commit a patch to enable at least
the ecdsa-with-sha{224|256|384|512} signature algorithms this
weekend (the other new signature schemes require a bit more work).
Secondly (and that's the reason why I checked this thing in the first
place): does anybody know whether there's a standardised way to set the
OIDs for digest/cipher algorithm fields when using signing algorithms
such as ECDSA-with-SHA224? My guess would be that the digest algorithm
OID is set to id-sha224 (2.16.840.1.101.3.4.2.4) and the cipher
algorithm OID to ecdsa-with-SHA224 (1.2.840.10045.4.3.1), but I'd like
to be sure :)
don't know if there a draft for the ecdsa signature schemes but
at least for ecdsa-with-sha1 we have [1] and I guess the other
algs are handled mutatis mutandis.
Cheers,
Nils
[1] http://www.ietf.org/rfc/rfc3278.txt
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: ECDSA: using the same EC_KEY to sign and verify...
[EMAIL PROTECTED] wrote:
Hi all,
here I come again.
I'm testing the ECDSAtest.c approach to make my own test and I saw one
thing that I don't really know if it's right.
I'm sorry about taking your time, but I'm really trying to learn EC!
01 int main() {
02 const char message[] = abc;
03 unsigned char digest[20];
04 unsigned int dgst_len = 0;
05 EVP_MD_CTX md_ctx;
06 EC_KEY*key = NULL;
07 ECDSA_SIG *signature = NULL;
08 BIGNUM*r = NULL, *s = NULL;
09 int nid = NID_X9_62_prime192v1;
10 EVP_MD_CTX_init(md_ctx);
11 printf(Creating the DIGEST: );
12 EVP_DigestInit(md_ctx, EVP_ecdsa());
13 EVP_DigestUpdate(md_ctx, (const void*)message, 3);
14 EVP_DigestFinal(md_ctx, digest, dgst_len);
15 intret;
16 if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
17 printf(\nError: EC_KEY_new_by_curve_name(nid));
18 if (!EC_KEY_generate_key(key))
19 printf(\nError: EC_KEY_generate_key(key));
20 signature = ECDSA_do_sign(digest, 20, key);
21 ret = ECDSA_do_verify(digest, 20, signature, key);
22 if (ret == -1){
23 printf(Error: ECDSA_do_verify\n);
24 }else if (ret == 0){
25 printf(Incorrect Signature\n);
26 }else{ /* ret == 1 */
27 printf(The Signature is CORRECT\n);
28 }
29 return 0;
30 }
On both lines 20 and 21, it is being passed key as parameter to sign and
verify.
But, if Alice signs (with its private key) a message and send to Bob, as
Bob has only Alice's public key, is quite hard to use the same 'key' to
verify that was used to sign.
of course this isn't really a realistic example but as the generated EC_KEY
object contains the public and private key it could be used for both
operations. To verify a signature you only need the public key (part) of the
EC_KEY (which is normally extracted from a X509 certificate).
Because its seems that Bob can obtain Alice private key from EC_KEY's key.
It would sound better if:
20 signature = ECDSA_do_sign(digest, 20,EC_KEY_get0_private_key(key));
and
21 ret = ECDSA_do_verify(digest, 20, EC_KEY_get0_public_key(key);
I know that these functions were expect to receive a EC_KEY parameter
instead either BIGNUM or EC_POINT.
you can't sign / verify using ECDSA with just the private key BIGNUM or
the public key EC_POINT. You need the group parameters as well and this
information is stored in the EC_KEY.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: how to use the shared key through ECDH_compute_key method
[EMAIL PROTECTED] wrote: Hi all, I'm a new user trying to use the EC_DH benefits on key sharing. But I'm having some problems to understand how it works... First, in(ecdhtest.c), aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1); it generates the following key in both sides Alice and Bob key Alice = B51C8F5AFDEC7ACA11EAD5EA184732839C7B7502 key Bob = B51C8F5AFDEC7ACA11EAD5EA184732839C7B7502 Now, I'd be very please if someone could explain me how this generated key should be used. if you generate a shared secret key with a key agreement scheme you should know what you want to do with it ... normally such keys / secrets are used for session keys for symmetric crypto algorithms. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Bignum is not thread-safe
Michal Trojnara wrote:
Dear OpenSSL users,
When performing stress-testing of stunnel with session cache
disabled I receive core dumps on concurrent SSL_connect() calls.
Here is an example stack backtrace:
#0 0xa7e60d41 in BN_ucmp (a=0x80a28fc, b=0x80a1f08) at bn_lib.c:662
662 bn_check_top(b);
(gdb) bt
#0 0xa7e60d41 in BN_ucmp (a=0x80a28fc, b=0x80a1f08) at bn_lib.c:662
#1 0xa7e6c803 in BN_from_montgomery (ret=0x80a28fc, a=0x80a2924,
mont=0x80a1ef0, ctx=0x80a2578) at bn_mont.c:281
#2 0xa7e6c3ca in BN_mod_mul_montgomery (r=0x80a28fc, a=0x80a28fc,
b=0x80a28fc, mont=0x80a1ef0, ctx=0x80a2578) at bn_mont.c:145
#3 0xa7e5e555 in BN_mod_exp_mont (rr=0x80a28d4, a=0x80a28c0,
p=0x80a1d80, m=0x80a22a8, ctx=0x80a2578, in_mont=0x80a1ef0)
at bn_exp.c:464
#4 0xa7e81a8c in RSA_eay_public_encrypt (flen=48,
from=0xa7fa0960 \003, to=0x808083c , rsa=0x80e88c0, padding=1)
at rsa_eay.c:238
#5 0xa7e83e99 in RSA_public_encrypt (flen=48,
from=0xa7fa0960 \003, to=0x808083c , rsa=0x80e88c0, padding=1)
at rsa_lib.c:282
#6 0xa7f55fb1 in ssl3_send_client_key_exchange (s=0x80e7f10)
at s3_clnt.c:1680
#7 0xa7f531a9 in ssl3_connect (s=0x80e7f10) at s3_clnt.c:327
#8 0xa7f6a6fd in SSL_connect (s=0x80e7f10) at ssl_lib.c:850
#9 0x0804c96b in init_ssl (c=0x2) at client.c:322
#10 0x0804c581 in do_client (c=0x806eb68) at client.c:208
#11 0x0804c52e in run_client (c=0x806eb68) at client.c:151
#12 0x0804c29b in client (arg=0x806eb68) at client.c:124
#13 0x4dd17ca3 in start_thread ()
from /lib/tls/i686/cmov/libpthread.so.0
#14 0x4db98f5a in clone () from /lib/tls/i686/cmov/libc.so.6
(gdb) l bn_lib.c:662
657 {
658 int i;
659 BN_ULONG t1,t2,*ap,*bp;
660
661 bn_check_top(a);
662 bn_check_top(b);
663
664 i=a-top-b-top;
665 if (i != 0) return(i);
666 ap=a-d;
Serializing requests solves the problem, but is definitely not a solution for
real life applications. 8-)
Calling SSL_connect() and SSL_accept() from a critical section helps a little.
Instead of core dumps I get the following errors:
SSL_connect: 1408C095:
error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed
The library is OpenSSL 0.9.8d configured with:
./Configure threads shared zlib debug-linux-elf
Can you help me find a solution or a better workaround?
does it help is you build openssl without BN_DEBUG ? When BN_DEBUG
is defined bn_check_top() is a macro that should check if the BIGNUM::top
value is correclty set (note: this isn't really a solution as
bn_check_top() (without BN_DEBUG_RAND) should be mt-safe).
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: EVP_Pkey serialize/desearileze from char
Marek Marcola wrote:
Hello,
I woud like my public key to be embedded in my source code
as static char*, cause later I want to verify my licence
with that key.
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
pkey = X509_get_pubkey(x509);
//Serialization
for(i=0; i sizeof(*pkey); i++){
fprintf(fp, %2.2x, ((unsigned char*)pkey)[i] );
//Deserialization
How can I read my public key from a char* ??
You can not use this kind of serialization because pkey
has dynamic allocated objects.
Use d2i_RSAPublicKey() and i2d_RSAPublicKey()
or d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() instead
where:
RSA *rsa_key = pkey-rsa;
(example for RSA).
if you have an EVP_PKEY it would be better to use i2d_PUBKEY()
or i2d_PrivateKey() etc. instead of handling the different key types
separately (it would have the additional advantage of treating
the EVP_PKEY as opaque)
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: ITU X509/ RFC 3281 Attribute Certificates API Beta
Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Tue, 10 Oct 2006 11:35:30 +0200, Daniel Diaz Sanchez [EMAIL PROTECTED] said: dds Hello, dds dds Some source code to generate attribute certificates using OpenSSL can be dds found at: dds dds http://www.it.uc3m.es/dds/swRelease/pmi/pmi.xml dds dds It has been tested with some versions of OpenSSL and works with all of them dds including the latest release 0.9.8d. Hello, I've just had reasons to get interested in ACs, and I'm pleased it's been discussed already fairly recently. I'm really looking for something that could be included into OpenSSL propper, and as far as I've seen, there's your code, which could probably be retrofitted into OpenSSL, and there's the OpenPMI patch, which might come with a license incompatibility problem (they use AFL). Choices, choices... Any help in that direction would be appreciated. funny, I'm currently working on my own patch as I have the need for AC as well (the German health care professional card uses them). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECC curve problem
Abhishek Tripathi wrote: Hi Nils, Now you got my point but the code on which I am working uses the too much internals of those structures .That why I needed the change log.In old OpenSSL code for the EC_KEY_METH_DATA they used some ECDSA_DATA_new() as follows EC_KEY *key ; /* some code */ key-meth_data = (EC_KEY_METH_DATA *)ECDSA_DATA_new(); In new version EC_KEY_METH _DATA is replaced by EC_EXTRA_DATA but I dont know what is the replacement of ECDSA_DATA_new as this is not available in new version. Above like that I am facing some more issues wit internal structures in ECC of OpenSSL between Old version and latest version. perhaps it would be easier if you tell me what exactly you want to do with these internal structures Regarding K163 I want to know the curve parameters whose nid was 548 in that old version of OpenSSL .because this is the only hint to get the corrosponding curve in new OpenSSL. you can get the curve parameters with EC_GROUP_new_by_curve_name(NID_sect163k1); Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECC curve problem
Abhishek Tripathi wrote: Hi Friends, Presently I am working on some code which uses the Openssl 0.9.8-dev version in which ECC support was provided first time. 0.9.8d has already been released Can anybody help me out from where I can get the change log which tells me excactly the changes made in that version upto latest version of OpenSSL. what about using 'diff' ;-) but as far as the ec code is concerned not much has changed (well there are some big internal changes between 0.9.8 and 0.9.9 but the ec api is mostly the same). Can I get the that older version of OpenSSL from some where ? http://www.openssl.org/source/ or http://www.openssl.org/source/repos.html In old version of OpenSSL the nid of ECC K163 curve was 548.In present OpenSSL version what is the nid of ECC K163curve. [EMAIL PROTECTED]:~/dev/OpenSSL/head fgrep -i 163k crypto/objects/obj_mac.h #define SN_sect163k1sect163k1 #define NID_sect163k1 707 #define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L note: the NID_* values are automatically generated from the object.txt file (but normally these values are fixed once set) Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECC curve problem
Abhishek Tripathi wrote: Hi Nils , Thanks for your guidance but I kindly bring to your notice that 0.9.8-dev doesn't stands for 0.9.8d .It's the first version in 0.9.8 series before 0.9.8a.that's why I asked for change log because a lot of changes are made in latest version comapre to that old version .For e.g EC_GROUP_new_by_nid(int nid) ; //Old OpenSSL version EC_GROUP_new_by_curve_name(int nid) ; //New OpenSSL Version ok, you have used a pre-release version of openssl 0.9.8. Well, shortly before 0.9.8 was released some API changes has been made, for example the internals of almost all ec structures has been put in internal header files, additional set/get functions has been added and some names has been changed ... and in some data structures like EC_KEY structure's one data memeber EC_METH_DATA is repalced by EC_EXTRA_DATA that I found by just comparing the calls with latest OpneSSL. that's correct but unless you really need to access the internals of those structures it shouldn't really matter for you. The older version is not available on the openSSL site as it was unstable at that time . if you get a local copy of the openssl repository with rsync should be able to checkout a version at a specific date Regarding ECC curve 163k I exactly want to know the ECC parameters of curve. According to you in new the nid will be 707 but in my it showing 721 .so that's why I want to compare parameter wise. you mean something like EC_GROUP_cmp() ? Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: AW: SHA2
[EMAIL PROTECTED] wrote: Is there already a stable version of OpenSSL in the field that supports SHA256? yep, 0.9.8 Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ecdsa certificates and sha256
Max Pritikin wrote:
(Hello, I'm asking again. Please let me know if you think this would be
more appropriately addressed to the openssl-dev list or something.)
In summary: Is it possible to use sha256 when generating an ecdsa
certificate?
I'm currently working on it so please have a little more patience ;-)
If you can't wait to generate a ecdsa-with-sha256 certificate try
the attached preliminary patch.
Cheers,
Nils
Index: crypto/ec/ec_pmeth.c
===
RCS file: /v/openssl/cvs/openssl/crypto/ec/ec_pmeth.c,v
retrieving revision 1.5
diff -u -r1.5 ec_pmeth.c
--- crypto/ec/ec_pmeth.c 20 Jul 2006 16:56:46 - 1.5
+++ crypto/ec/ec_pmeth.c 22 Oct 2006 21:18:41 -
@@ -220,7 +220,11 @@
return 1;
case EVP_PKEY_CTRL_MD:
- if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1)
+ if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1
+ EVP_MD_type((const EVP_MD *)p2) != NID_sha224
+ EVP_MD_type((const EVP_MD *)p2) != NID_sha256
+ EVP_MD_type((const EVP_MD *)p2) != NID_sha384
+ EVP_MD_type((const EVP_MD *)p2) != NID_sha512)
{
ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
return 0;
Index: crypto/evp/m_sha1.c
===
RCS file: /v/openssl/cvs/openssl/crypto/evp/m_sha1.c,v
retrieving revision 1.14
diff -u -r1.14 m_sha1.c
--- crypto/evp/m_sha1.c 19 Apr 2006 17:05:57 - 1.14
+++ crypto/evp/m_sha1.c 22 Oct 2006 21:18:41 -
@@ -119,7 +119,7 @@
NID_sha224,
NID_sha224WithRSAEncryption,
SHA224_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
init224,
update256,
final256,
@@ -138,7 +138,7 @@
NID_sha256,
NID_sha256WithRSAEncryption,
SHA256_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
init256,
update256,
final256,
@@ -169,7 +169,7 @@
NID_sha384,
NID_sha384WithRSAEncryption,
SHA384_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
init384,
update512,
final512,
@@ -188,7 +188,7 @@
NID_sha512,
NID_sha512WithRSAEncryption,
SHA512_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
init512,
update512,
final512,
Index: crypto/objects/obj_xref.txt
===
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.txt,v
retrieving revision 1.1
diff -u -r1.1 obj_xref.txt
--- crypto/objects/obj_xref.txt 18 Apr 2006 23:36:05 - 1.1
+++ crypto/objects/obj_xref.txt 22 Oct 2006 21:18:49 -
@@ -26,6 +26,10 @@
dsaWithSHA1_2 sha1 dsa_2
ecdsa_with_SHA1 sha1 X9_62_id_ecPublicKey
+ecdsa_with_SHA224 sha224 X9_62_id_ecPublicKey
+ecdsa_with_SHA256 sha256 X9_62_id_ecPublicKey
+ecdsa_with_SHA384 sha384 X9_62_id_ecPublicKey
+ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey
id_GostR3411_94_with_GostR3410_2001 id_GostR3411_94 id_GostR3410_2001
id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94
Index: crypto/objects/objects.txt
===
RCS file: /v/openssl/cvs/openssl/crypto/objects/objects.txt,v
retrieving revision 1.63
diff -u -r1.63 objects.txt
--- crypto/objects/objects.txt 9 Jun 2006 15:44:47 - 1.63
+++ crypto/objects/objects.txt 22 Oct 2006 21:18:49 -
@@ -75,6 +75,11 @@
!Alias id-ecSigType ansi-X9-62 4
!global
X9-62_id-ecSigType 1 : ecdsa-with-SHA1
+X9-62_id-ecSigType 3 : ecdsa-with-Specified
+ecdsa-with-Specified 1 : ecdsa-with-SHA224
+ecdsa-with-Specified 2 : ecdsa-with-SHA256
+ecdsa-with-Specified 3 : ecdsa-with-SHA384
+ecdsa-with-Specified 4 : ecdsa-with-SHA512
# SECG curve OIDs from SEC 2: Recommended Elliptic Curve Domain Parameters
# (http://www.secg.org/)
Re: BN_bin2bn problem
Olga Kornievskaia wrote: ... Ok. Thanks. I was hoping that a leading zero was the answer to my real problem which is. I'm using the above p and a generator g = 2 (both are well-known group 2 DH parameters described in the RFC 2412). I initialize the DH structure with them and the then call DH_check() which returns with an error code of 8 which is the g value is not a generator. I'm puzzled as to why the library doesn't like the well-known DH parameters. simply because 2 is not a generator of the group (have a look at the last paragraph of the introduction of appendix E). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: BN_bin2bn problem
Olga Kornievskaia wrote:
Hi, can anyone tell me how to fix the leading zero in BIGNUM. I have the
following code:
unsigned char pkinit_1024_dhprime[128] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};
BIGNUM *p;
p = BN_bin2bn(pkinit_1024_dhprime, sizeof(pkinit_1024_dhprime), NULL);
When I print the big number is comes out with a leading zero:
00:ff:ff:ff:ff:ff:ff:ff:ff:c9:0f:da:a2:21:68:
c2:34:c4:c6:62:8b:80:dc:1c:d1:29:02:4e:08:8a:
67:cc:74:02:0b:be:a6:3b:13:9b:22:51:4a:08:79:
8e:34:04:dd:ef:95:19:b3:cd:3a:43:1b:30:2b:0a:
6d:f2:5f:14:37:4f:e1:35:6d:6d:51:c2:45:e4:85:
b5:76:62:5e:7e:c6:f4:4c:42:e9:a6:37:ed:6b:0b:
ff:5c:b6:f4:06:b7:ed:ee:38:6b:fb:5a:89:9f:a5:
ae:9f:24:11:7c:4b:1f:e6:49:28:66:51:ec:e6:53:
81:ff:ff:ff:ff:ff:ff:ff:ff
In crypto/bn/bn.h, I read comments about Bignum consistency macros and
I tried to add bn_fix_top(p) after calling BN_bin2bn() but it didn't fix
the leading zero problem.
Any suggestions would be appreciated.
the bignum library doesn't add a leading zero byte. The leading zero byte
is normally added when you DER encode an integer to indicate that the
number is positive.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: ECDSA signature conversion ?
Michael Stephan wrote: Hallo, I try to verify an ECDSA signature, which is by definition given as the concatenation of 2 octet-streams (BIGNUM r and BIGNUM s), the base64 encoded version is: 449afHAqHfJZmkET0a0hYVpaj+n1bbe4eTmHRAQsA+Zsl/px3AWzb5fWGjRzWWtz (This is part of an xmldsig-ecdsa document, exatly the SignatureValue entry.) I don't know how to convert the octet-streams to the DER representation, which would help me to create an ECDSA_SIG structure by passing it to the d2i_ECDSA_SIG. Does there exist any converstion tools or maybe you can give me a hint how to do it myself, i really have no idea at the moment. you can use BIO_f_base64() to decode base64 encoded data (see apps/enc.c how it's used). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Creating custom ASN1 data structure
Hon Hwang wrote:
Hi all,
I am attempting to understand how to create ASN.1 data structure in
OpenSSL.
First off, a simple ASN.1 structure that I want to create as the
starting point.
VersionInfo := SEQUENCE {
major INTEGER,
minor INTEGER
}
From looking through the posts in this mailing list, I see that a number
of macros will allow me to set up the above structure and a number of
related functions.
typedef struct versionInfo_st {
ASN1_INTEGER* major,
ASN1_INTEGER* minor
} VERSIONINFO;
DECLARE_ASN1_FUNCTIONS(VERSIONINFO)
ASN1_SEQUENCE(VERSIONINFO) = {
ASN1_SIMPLE(VERSIONINFO, major, ASN1_INTEGER),
ASN1_SIMPLE(VERSIONINFO, minor, ASN1_INTEGER)
} ASN1_SEQUENCE_END(VERSIONINFO)
IMPLEMENT_ASN1_FUNCTIONS(VERSIONINFO)
My questions:
(1) Is the above the proper way to go about it?
yep. btw: if you know that the above integers will always
fit into a 'long' you can use 'long' instead of ASN1_INTEGER
in the structure definition (+ replace ASN1_INTEGER with
LONG in the sequence definition)
(2) What are the functions declared as a result of code listed above?
E.g., Do I get VERSIONINFO_new(), VERSIONINFO_free(), VERSIONINFO_set(),
etc?
you will get the *_new, *_free and the en-/decode functions
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Is there any API available to convert the DER formatted file to Base64 formatted file?
[EMAIL PROTECTED] wrote: Hi Team, Is there any API available in OPENSSL to convert the DER formatted file to Base64 formatted file? Please let me know your thoughts. Thank you. have a look at what openssl base64 ... does (or openssl enc -base64 ...). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Unable to locate the keystore/certificate store or private key
[EMAIL PROTECTED] wrote: Nils, The basic succession of calls are as follows. I think the program waits for an ssl_read or ssl_write to implicitly trigger the handshake process. meth = TLSv1_client_method() SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); SSL_CTX_new(meth); ssl = SSL_new( ctx ); sbio = BIO_new_socket( sock, BIO_NOCLOSE ); SSL_set_bio( ssl, sbio, sbio ); SSL_set_connect_state( ssl ); iSslInitStatus = SSL_in_init( ssl ); After that, the only API calls are ssl_read(), ssl_write() and an occasional SSL_pending( ssl ). well, if no location for the certs is explicitly set the certificates in $OPENSSL_DIR/certs/ and the cert in $OPENSSL_DIR/cert.pem are used (if present). The value of OPENSSLDIR is defined in opensslconf.h (or type openssl version -a). As you already wrote that there are no certificates on your disk it would be interessting to know if the functions for cert verification are modified in your openssl version (possible to a engine for cert validation). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Unable to locate the keystore/certificate store or private key
[EMAIL PROTECTED] wrote: Excellent, excellent idea. Is ssldump an API call? it's an application to analyze a ssl connection (see http://www.rtfm.com/ssldump/ ) Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Unable to locate the keystore/certificate store or private key
[EMAIL PROTECTED] wrote: Nils, Yes, 0.9.6b is the exact version. Please help! hmm, did you read the rest of my mail ? Do you have the source code ? Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: What are the letter codes for SSL_state_string()
Frank Büttner wrote: Hello, knows anyone the letter codes of the function SSL_state_string()? The the doc I only can read: RETURN VALUES Detailed description of possible states to be included later. :( try SSL_state_string_long() for a more detailed description of the current state. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SIGSEGV in ERR_error_string()
Grégory Starck wrote:
Hi all,
I'm experiencing reproductable segv in ERR_error_string. I've reduced my
original code to a simpler test code wich show this ; see at end.
It's reproductable on ubuntu and debian. If I use ERR_error_string_n
then I've no problem.
some infos about the ubuntu system:
ii libssl0.9.7
0.9.7g-5ubuntu1 SSL shared libraries
ii libssl0.9.8
0.9.8a-7build1 SSL shared libraries
ii libssl-dev
0.9.8a-7build1 SSL development libraries,
header files and
0.9.8 is the one with wich my test binary is linked.
[EMAIL PROTECTED]:~$ gcc --version
gcc (GCC) 4.0.3 (Ubuntu 4.0.3-1ubuntu5)
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[EMAIL PROTECTED]:~$ gcc -g -c test.c gcc -o test -lssl test.o {
echo xxx ; sleep 1 ; } | ./test 127.0.0.1.pem
TLS activated..
ERR SSL_ERROR_SSL
Segmentation fault
[EMAIL PROTECTED]:~$ lsof -p$(pidof test)
COMMAND PID USER FD TYPE DEVICESIZENODE NAME
test19306 greg cwdDIR 104,174096 1949697 /home/greg
test19306 greg rtdDIR 104,14096 2 /
test19306 greg txtREG 104,17 33567 1950493 /home/greg/test
test19306 greg memREG0,0 0 [heap] (stat: No
such file or directory)
test19306 greg memREG 104,1 77368 1042761
/usr/lib/libz.so.1.2.3
test19306 greg memREG 104,18204 83010
/lib/tls/i686/cmov/libdl-2.3.6.so
test19306 greg memREG 104,1 1223000 1059641
/usr/lib/i686/cmov/libcrypto.so.0.9.8
test19306 greg memREG 104,1 1232784 83007
/lib/tls/i686/cmov/libc-2.3.6.so
test19306 greg memREG 104,1 247488 1059642
/usr/lib/i686/cmov/libssl.so.0.9.8
test19306 greg memREG 104,1 86404 81706 /lib/ld-2.3.6.so
test19306 greg0u CHR 136,13 15 /dev/pts/13
test19306 greg1u CHR 136,13 15 /dev/pts/13
test19306 greg2u CHR 136,13 15 /dev/pts/13
[EMAIL PROTECTED]:~$
back trace of sigsegv:
Program received signal SIGSEGV, Segmentation fault.
0xb7cfe6e5 in BIO_f_buffer () from /usr/lib/i686/cmov/libcrypto.so.0.9.8
(gdb) bt
#0 0xb7cfe6e5 in BIO_f_buffer () from
/usr/lib/i686/cmov/libcrypto.so.0.9.8
#1 0xb7d001f0 in BIO_vsnprintf () from
/usr/lib/i686/cmov/libcrypto.so.0.9.8
#2 0xb7d00243 in BIO_snprintf () from
/usr/lib/i686/cmov/libcrypto.so.0.9.8
#3 0xb7d07649 in ERR_error_string_n () from
/usr/lib/i686/cmov/libcrypto.so.0.9.8
#4 0xb7d0779a in ERR_error_string () from
/usr/lib/i686/cmov/libcrypto.so.0.9.8
#5 0x08048db4 in main (argc=2, argv=0xbff31ea4) at test.c:99
Do I do something wrong or is this really a bug (looks like for me) ?
Thx for your help.
Greg.
/* FILE test.c BEGIN /
#include stdlib.h
#include stdio.h
#include errno.h
#include signal.h
#include openssl/ssl.h
#define log(fmt,...)fprintf(stderr, fmt \n,
__VA_ARGS__)
#define err(fmt, ...) log(ERR fmt, __VA_ARGS__)
int main(int argc, char * argv[])
{
int ssl_rc;
int rc;
unsigned long err_rc;
SSL_CTX * ctx;
SSL * ssl;
SSL_library_init(); /* initialize library */
SSL_load_error_strings();/* readable error
messages */
ctx = SSL_CTX_new(SSLv23_server_method());
if (NULL == ctx) {
err(Could not create SSL_CTX object: %s,
ERR_error_string(ERR_get_error()));
return EXIT_FAILURE;
}
#define DOIT(f,...) \
if (! f(__VA_ARGS__)) { \
err( #f : %s,
ERR_error_string(ERR_get_error()));
\
return EXIT_FAILURE;\
}
DOIT(SSL_CTX_use_certificate_file, ctx, argv[1], SSL_FILETYPE_PEM)
DOIT(SSL_CTX_use_PrivateKey_file, ctx, argv[1], SSL_FILETYPE_PEM)
DOIT(SSL_CTX_check_private_key, ctx)
#undef DOIT
ssl = SSL_new(ctx);
if (NULL == ssl) {
err(Could not create new SSL object: %s,
ERR_error_string(ERR_get_error()));
return EXIT_FAILURE;
}
if (! SSL_set_rfd(ssl, 0)) {
err(Can't SSL_set_rfd: %s,
ERR_error_string(ERR_get_error()));
return EXIT_FAILURE;
}
if (! SSL_set_wfd(ssl, 1)) {
err(Can't SSL_set_wfd: %s,
ERR_error_string(ERR_get_error()));
return EXIT_FAILURE;
}
log(%s, TLS activated..);
try_again:
ssl_rc = SSL_accept(ssl);
switch (ssl_rc) {
case 1 :
Re: Unable to locate the keystore/certificate store or private key
[EMAIL PROTECTED] wrote: Hi, I'm using openssl, (I think the slimmed down engine version), and openssl 0.9.6 ? since there's no separate engine verion for openssl = 0.9.7 attempting to support a program written by someone else. The server that I'm talking to recently moved to a new ISP and the program stopped working. It should be as simple as getting the server's new certificate and it should work. The problem is that I can't find ANY place where this program is using a keystore, (*.pem), so I can't add the new cert. All of the typical directories, (e.g. /certs), are empty, (and I mean all of them). In both production and the test environment, there are no certificate files off of any of the usual directories and the program itself doesn't open or use any keystore files in any of the SSL library calls. Normally, you'd just find the keystore and add the new certificate and all would be well. My question is this; since I don't see any place that this program is using a private key or a certificate store, how is it working? Where does it get a list of CA's etc.? Does openSSL provide an internal keystore in the libraries? It has to be getting this information from somewhere to complete the handshake process. Thanks in advance. perhaps the keys certs are hardcoded ... If you have the source code available the parameters of functions like SSL_CTX_set_cert_store() might tell you which certs are used. Cheers, NIls PS: Please don't send mails to openssl-dev _and_ openssl-users. One list should be sufficient (in this case openssl-users). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL_set_cipher_list returns allways 1
Frank Büttner wrote: So now I think it is an bug in the version 0.9.8b. Because with lib 0.9.8a it will not happened. Can some one verify it? I've just tested openssl ciphers trash with openssl 0.9.8a, 0.9.8b and the cvs version (openssl ciphers calls SSL_CTX_set_cipher_list()) and all correctly return an error so I'm unable to reproduce your problem. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: EVP_Verify on self signed cert
Alfred Thomas wrote:
Hi all
Is the following supposed to work if testcert.pem is a selfsigned cert that
failes with error 18 when I do openssl verify testcert.pem
I want to ignore the fact that it is an untrusted cert and read the public
key regardless.
X509 * x509;
EVP_MD_CTX md_ctx;
const unsigned char * sig_buf = (unsigned char *)signature;
FILE * fp = fopen (testcert.pem, rb);
if (fp != NULL) {
x509 = PEM_read_X509(fp, NULL, NULL, NULL);
fclose (fp);
}
EVP_PKEY * pkey = X509_get_pubkey(x509);
if (pkey != NULL) {
EVP_VerifyInit(md_ctx, EVP_ecdsa());
EVP_VerifyUpdate (md_ctx, data, strlen((char*)data));
errorCode = EVP_VerifyFinal (md_ctx, sig_buf, signatureLength,
pkey);
EVP_PKEY_free (pkey);
}
EVP_Verify* doesn't care whether or not the cert from which the
key is extracted is trusted, valid or self-signed. If the cert
contains a valid public key the above code should work.
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Unknown digest
Alfred Thomas wrote: Hi Can anyone please teel me why the attached PEM file gets an unknown message digest algorithm when I use openssl verify fail.pem The PEM file was a X509 certificate containing a ECDSA public key using the B-163 curve Any ideas would be appreciated. [EMAIL PROTECTED]:/tmp openssl x509 -in fail.pem -text -noout Certificate: Data: Version: 1 (0x0) Serial Number: 4660 (0x1234) Signature Algorithm: id-ecPublicKey Issuer: C=AT, O=TU Graz, OU=IAIK, CN=IAIK Test Certificate Validity Not Before: Jul 20 10:02:50 2006 GMT Not After : Jan 20 10:02:50 2007 GMT Subject: C=AT, O=TU Graz, OU=IAIK, CN=IAIK Test Certificate Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (163 bit) pub: 04:01:3e:b8:47:89:b9:1f:2c:c4:70:24:17:5f:e2: 61:3f:31:4c:92:60:90:00:88:10:75:d9:0c:19:9c: 2a:ad:d4:45:7b:2e:dd:ab:d6:9d:f3:2c:aa Field Type: characteristic-two-field Basis Type: ppBasis Polynomial: 08:00:00:00:00:00:00:00:00:00:00:00:00:00:00: 00:00:00:00:00:c9 A:1 (0x1) B: 02:0a:60:19:07:b8:c9:53:ca:14:81:eb:10:51:2f: 78:74:4a:32:05:fd Generator (uncompressed): 04:03:f0:eb:a1:62:86:a2:d5:7e:a0:99:11:68:d4: 99:46:37:e8:34:3e:36:00:d5:1f:bc:6c:71:a0:09: 4f:a2:cd:d5:45:b1:1c:5c:0c:79:73:24:f1 Order: 04:00:00:00:00:00:00:00:00:00:02:92:fe:77:e7: 0c:12:a4:23:4c:33 Cofactor: 2 (0x2) Signature Algorithm: id-ecPublicKey 30:2e:02:15:03:63:df:7f:d5:2f:6f:bf:d3:d0:c4:f5:4f:84: c7:ca:98:5c:21:c2:33:02:15:03:80:84:0e:f2:cc:c6:7d:3c: 01:60:69:07:7b:d2:ab:29:50:fc:70:83 well the signature algorithm is id-ecPublicKey but that's not a valid OID for a signature algorithm it should be something like ecdsa-with-SHA1 (the algorithm identifier should specify which hash function has been used to generate the signature). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: GENERAL_NAME_free
Bhat, Jayalakshmi Manjunath wrote: Hi All, Where do I find the definition for GENERAL_NAME_free? There are few files using this function. But I am not anle find the definition for this function. Please can any one help me. it's defined in crypto/x509v3/v3_genn.c through the IMPLEMENT_ASN1_FUNCTIONS() macro. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Read a DER encode X509 certificate from file
Alfred Thomas wrote: Hi all I need to read a DER encoded X509 certificate from file to get the public key to verify an ECDSA signature. Can anyone please give me a pointer as to what to do? What I need is to: Read the X509 certificate use d2i_X509() to decode the DER encoded certificate Get the EC_KEY (maybe an EVP_PKEY). X509_get_pubkey() might be useful for this ;-) Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating an ECDSA signature
Alfred Thomas wrote: Can anyone please help me to generate a ECDSA signature and verify it. I am using openssl 0.9.8b which I compiled for Windows CE and I am using embedded Visual C++. The problem is that I cannot find the definitions of NID_sect163r2 (Which is used in all the demos) anywhere. it's defined in obj_mac.h Also the example code of ECDSA on the website does not even compile. what's the problem with it ? Can anyone show me a working example of how the sign something with curve B163 and how to verify it? with which API (i.e. low level ECDSA_sign api or with the EVP api) ? Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating an ECDSA signature
Alfred Thomas wrote: Hi Nils Sorry, I am still very new to OpenSSL, thanks for your quick response. I found the definition in obj_mac.h thanks, and I got the application to sign and verify the data. I am using low-level ECDSA_sign. We receive the public key as a binary file (not in a PKCS12 or PEM file), just the actual public key as binary. How do I get a EC_KEY from that binary file? did you try d2i_PUBKEY() ? In this functions doesn't work it would be interesting to know what format the public key has. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating an ECDSA signature
Alfred Thomas wrote: did you try d2i_PUBKEY() ? In this functions doesn't work it would be interesting to know what format the public key has. Not yet, I will have a look at it now. I actually need an EC_KEY and d2i_PUBKEY() returns an EVP_PKEY, how can I get the EC_KEY needed? EVP_PKEY_get1_EC_KEY() should return a pointer to the EC_KEY object (note: this function increases the reference count in the EC_KEY object). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: valgrind warnings for 0.9.8b
Erik Leunissen wrote: I've run under valgrind an application which has been linked to libcrypto.a from the openssl0.9.8b release. Valgrind reports some warnings which all relate to uninitialized values. I really do not know whether that's significant, but just in case I attach the valgrind output from that run. Please let me know if further particulars are desired because it is significant. in case you've done some crypto operations requiring random numbers (for example rsa with blinding) this is normal as openssl uses some uninitialized memory as an additional source of random. If you build openssl with -DPURIFY this warning should disappear. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i can't find the EC_PRIVATEKEY_new()) and d2i_EC_PRIVATEKEY()
孙 金龙 wrote:
when i watch the
EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
{
int ok=0;
EC_KEY *ret=NULL;
EC_PRIVATEKEY *priv_key=NULL;
if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
{
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
return NULL;
}
if ((priv_key = d2i_EC_PRIVATEKEY(priv_key, in, len)) == NULL)
{
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
EC_PRIVATEKEY_free(priv_key);
return NULL;
}
..
i have searched all the code of the openssl,but i can't find
EC_PRIVATEKEY_new()) and d2i_EC_PRIVATEKEY(),where are they? thanks
both functions are defined via the IMPLEMENT_ASN1_ALLOCFUNCTIONS macro
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
孙 金龙 wrote: thanks! i only want to read ec privatekey my ec privatekey is below -BEGIN EC PRIVATE KEY- MGACAQEEGAu0lmj+Fgurl8m7Tpwi4+wZk9GRSgdyjKALBgkqgRzXYwEBAgGhNAMy AQS0/wY++sZk+W3QERcmJ+5m1l+PKkaFhJelGBfWaDN4vmSZg7ltf8YtRaUVvyaS m1I= -END EC PRIVATE KEY- so i use EVP_PKEY *prikey; FILE *keyfp; if (!(prikey = PEM_read_PrivateKey(keyfp, NULL, NULL, NULL))) return 0; return 1; it always return 0,by the way the my ec curve is not in openssl ec curve list. the above ec private key specifies uses an OID to specify the ec group used but if openssl doesn't know the group it can't create a private key object. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: valgrind warnings for 0.9.8b
Marek Marcola wrote: Hello, Erik Leunissen wrote: I've run under valgrind an application which has been linked to libcrypto.a from the openssl0.9.8b release. Valgrind reports some warnings which all relate to uninitialized values. I really do not know whether that's significant, but just in case I attach the valgrind output from that run. Please let me know if further particulars are desired because it is significant. in case you've done some crypto operations requiring random numbers (for example rsa with blinding) this is normal as openssl uses some uninitialized memory as an additional source of random. If you build openssl with -DPURIFY this warning should disappear. Probably not. This warning are (mostly) in BIGNUM library and they do not depend on random memory. I don't think this is true. Although the actual reading of initialized memory happens somewhere in ssleay_rand_bytes() valgrind reports the errors/warnings when the uninitialized memory is used for flow control, memory management or system calls afaik and this will normally happen in the bignum functions. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: generate EMV Certificate
hao chen wrote: Hi, I highly appreciate if any one can tell me if openssl is able to generate EMV Certificate. no, you need to create them manually using the basic hash and RSA operations. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECC in Openssl!
puneet batura wrote: Hi, I am trying to generate a 163 bit key in openssl using ECC but was not been able to do so. I am using openssl-0.9.8a version can anyone show me a example how to do that? for example openssl ecparam -name sect163k1 -out eckey.pem -genkey -noout should work ... Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECC in Openssl!
puneet batura wrote: Hi Nils, Yes i have tried that but it says that 'ecparam' is not a valid argument.i am using openssl-0.9.8a version. Is this supported for this version or i have to go with some other version. it should be supported in 0.9.8a but perhaps it has been disabled in your version (in case you've installed the openssl header files look at opensslconf.h, if there's a OPENSSL_NO_EC ec support has been disabled) = try building a new version of openssl 0.9.8[a,b] Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problems building 0.9.8a on Intel Mac
Marko Asplund wrote:
On 2006-04-14, at 12.26, Nils Larsch wrote:
try a recent snapshot from the stable branch and let openssl
build shared libraries (see first problem mentioned in the
PROBLEM file).
i tried the workaround described in the PROBLEMS file with
openssl-0.9.8-stable-SNAP-20060417. openssl binary seems to compile fine
but i still get errors building the tests:
...
making all in test...
cc -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -O3 -fomit-frame-pointer -fno-common -c -o bntest.o
bntest.c
( :; LIBDEPS=${LIBDEPS:--L.. -lssl -L.. -lcrypto };
LDCMD=${LDCMD:-cc}; LDFLAGS=${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -O3 -fomit-frame-pointer -fno-common};
LIBPATH=`for x in $LIBDEPS; do if echo $x | grep '^ *-L' /dev/null
21; then echo $x | sed -e 's/^ *-L//'; fi; done | uniq`; LIBPATH=`echo
$LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH
${LDCMD} ${LDFLAGS} -o ${APPNAME:=bntest} bntest.o ${LIBDEPS} )
/usr/bin/ld: Undefined symbols:
_BN_GF2m_add
_BN_GF2m_arr2poly
_BN_GF2m_mod
_BN_GF2m_mod_div
_BN_GF2m_mod_exp
_BN_GF2m_mod_inv
_BN_GF2m_mod_mul
_BN_GF2m_mod_solve_quad
_BN_GF2m_mod_sqr
_BN_GF2m_mod_sqrt
_BN_generate_prime_ex
collect2: ld returned 1 exit status
make[2]: *** [link_app.] Error 1
make[1]: *** [bntest] Error 2
make: *** [build_tests] Error 1
here's the build procedure i'm using:
cp apps/Makefile apps/Makefile.dist
cp test/Makefile test/Makefile.dist
sed -e 's/LIBCRYPTO=-L.. -lcrypto/LIBCRYPTO=..\/libcrypto.a/
s/LIBSSL=-L.. -lssl/LIBSSL=..\/libssl.a/' apps/Makefile.dist
apps/Makefile
sed -e 's/LIBCRYPTO=-L.. -lcrypto/LIBCRYPTO=..\/libcrypto.a/
s/LIBSSL=-L.. -lssl/LIBSSL=..\/libssl.a/' test/Makefile.dist
test/Makefile
./config --prefix=/Users/aspa/tmp/098a
did you tried ./config --prefix=... shared ?
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Problems building 0.9.8a on Intel Mac
[EMAIL PROTECTED] wrote: hi i'm having problems trying to build OpenSSL 0.9.8a on an Intel based Mac OS X 10.4.6. if i've understood correctly, building goes fine up to the point where the openssl binary is being linked. at that point i get lots of errors about undefined symbols and the build terminates (see attached typescript for details): /usr/bin/ld: Undefined symbols: _X509_STORE_set1_param _X509_VERIFY_PARAM_free ... earlier in the build i get messages like this which seem to be related to the problem: ranlib: file: ../libcrypto.a(ebcdic.o) has no symbols any ideas on how to fix this? try a recent snapshot from the stable branch and let openssl build shared libraries (see first problem mentioned in the PROBLEM file). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: mactel install?
John Russell wrote: ./Configure darwin-i386-cc --prefix=/usr/webtools05/apache2 --openssldir=/usr/webtools05/apache2/ Install on mac (intel) fails with collect2: ld returned 1 exit status make[2]: *** [link_app.] Error 1 make[1]: *** [openssl] Error 2 make: *** [build_apps] Error 1 This is the recommended way for making perl, dont know if it is helpful export SDK=/Developer/SDKs/MacOSX10.4u.sdk In addition to the compiler flags used to select the SDK, also add the flags for creating a universal binary: ./Configure -Accflags=-arch i686 -arch ppc -nostdinc -B$SDK/usr/include/gcc \ -B$SDK/usr/lib/gcc -isystem$SDK/usr/include \ -F$SDK/System/Library/Frameworks \ -Aldflags=-arch i686 -arch ppc -Wl,-syslibroot,$SDK \ -de Any suggestions on what to try? difficult to say as you didn't give us information about the openssl version you've tried etc.. In case it was 0.9.8a try a recent snapshot. Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Multiple calls to ERR_load_crypto_string()
Fukuba, Yoshiki wrote:
Hi,
After multiple calls to ERR_load_crypto_string(),
we cannot get error message using ERR_error_string().
A short sample is as follows:
=
#include openssl/err.h
int main()
{
ERR_load_crypto_strings();
printf(%s\n,ERR_error_string(101163138,NULL));
ERR_free_strings();
ERR_load_crypto_strings();
printf(%s\n,ERR_error_string(101163138,NULL));
return 0;
}
=
This is a bug, isn't it?
multiple calls to ERR_load_crypto_strings() are harmless
(well the function is not reentrant but that's not important
here) the problem is that you call ERR_free_strings() between
these two calls. ERR_load_crypto_strings() sets a static
status variable once it has been called so that every further
call to ERR_load_crypto_strings() does nothing and as
ERR_free_strings() doesn't clear this variable again further
calls to ERR_load_crypto_strings() do nothing ...
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: DSA_sign()
Julien Demoor wrote: Hello, I'm getting an error with the DSA_sign() function : data too large for key size. I have inputed a 40-byte-long string representing a hexadecimal SHA-1 digest. I can't find what the correct digest format is, nor if anything else may lead to that error. DSA_sign() expects binary input and not hex. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: calling SSL_library_init multiple times
Jagannadha Bhattu G wrote: Hi, Can I call SSL_library_init multiple times in my code under different threads? as SSL_library_init() initializes global tables it should only be called from one thread a time and of course no other thread should use the global data while SSL_library_init() is running. Ideally it should be run once before the threads using ssl are created. From the documented return values, it always returns 1 but this doesn't mean it's reentrant Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Diffarent Error codes have same value
Konark wrote: Hi All , I found in ssl.h header file that error codes repeats many times like. #define SSL_R_BAD_ECDSA_SIGNATURE 1112 #define SSL_R_KEY_ARG_TOO_LONG 1112 #define SSL_R_BAD_ECDSA_SIGNATURE 1112 #define SSL_R_MISSING_TMP_ECDH_KEY1114 #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114 #define SSL_R_BAD_ECPOINT 1113 #define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 There are many such instances . What is the reason for assigning same value for different error codes... this should be fixed in the cvs Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: short-ish signatures (again)
Bob Mearns wrote: ... DSA, with its 320-bit sigs, is out for this application. I've played with RSA a bit, but I run into problems with the digest being too long when using RSA keys shorter than 384 bits. I thought I'd read that the RSA signature should be the same length as the number of bits in the key, and I don't understand how digest length (at 128 or 160 bits far shorter than the key) plays into this. you need to add the bytes for the pkcs1 padding + the bytes for the digestInfo structure Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: short-ish signatures (again)
Victor Duchovni wrote: On Tue, Feb 14, 2006 at 02:50:19PM -0800, Bob Mearns wrote: Sorry - more details: This isn't a comm aplication - it amounts to authentication of application data files. The signer is an utility which exists solely in a vendor's environment. The verifier is an application that exists in a consumer (potentially hostile) environment. Hence asymmetric key algorithms are a fit. If you want small, publically verifiable signatures for stored data, your only choice is ECC. in case of ECDSA the signature size is approx. twice the field size. The smallest curve openssl afaik support is a 112 bit binary curve, hence still too big. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: X509_STORE
Steffen Lips wrote: Hi, We have already some leaks in our application. I found out, that for STACK_OF(X509) there are two cleanup functions. sk_X509_free to free only the 'stackframe', and sk_509_pop_free for freeing the whole stack. Is there something for X509_STORE, too? X509_STORE_free seems not to free the X509 structures in it. do you mean the STACK_OF(X509_OBJECT) in X509_STORE ? X509_STORE_free should call X509_free() for each X509 objects in the stack. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Memory leaks
Steffen Lips wrote:
Hi everybody,
we have written a server application wich uses openssl. now we found
out, that memory increases rapidly.
Then we found out, that there are memory leaks in openssl. so try this
little program:
#include openssl/bio.h
#include openssl/err.h
#include string.h
void *crypto_mem_leak_cb(unsigned long order, const char *file, int
line, int num_bytes, void *addr)
{
printf(Leak: Order: %7d, File: %-28s, Line: %4d, Bytes: %5d, Addr:
%p\n, order, file, line, num_bytes, addr);
return addr;
}
int main()
{
CRYPTO_malloc_debug_init();
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
char buffer[] = Test;
BIO *bio = BIO_new_mem_buf(buffer, strlen(buffer));
BIO_free(bio);
adding a CRYPTO_cleanup_all_ex_data(); helps here
ERR_free_strings();
ERR_remove_state(0);
CRYPTO_mem_leaks_cb(crypto_mem_leak_cb);
}
It will output something like this.
Leak: Order: 5, File: .\crypto\stack\stack.c , Line: 126,
Bytes:16, Addr: 003D4210
...
How can we avoid this? we have many certificate operations, so we often
use BIOs.
I don't know what causes the memory leak in your server application
but the above example doesn't really show a memory leak openssl
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: [EMAIL PROTECTED]: Using ECDH with OpenSSL]
Hines, Philip D. wrote: Using the C API. I am working on a plugin for GAIM which uses ECDH for establishing encrypted sessions. I think I figured out most of it...right now I can make it work locally, but the public and private keys are in structures with many pointers and I am having trouble getting the serialization functions working. I am trying to use: /* de- and encoding functions for SEC1 ECPrivateKey */ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len); int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); /* de- and encoding functions for EC parameters */ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); int i2d_ECParameters(EC_KEY *a, unsigned char **out); /* de- and encoding functions for EC public key * (octet string, not DER -- hence 'o2i' and 'i2o') */ EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); Part of the problem is that I am just guessing at the usage since there aren't very descriptive comments. I assume that once each side has their keys generated they can serialize them using i2o_ECPublicKey and then send them across. Then I assume that the other side can use o2i_ECPublicKey to recreate the key object and use it in ECDH. Is that right? this only works if the other side already has a EC_KEY key object with the correct ec parameters in it (the ec parameters are not included in encoded public key o2i_ECPublicKey creates but are required for decoding). You might use d2i|i2d_PUBKEY instead as these functions create an encoded x509 algorithm id object which already includes the necessary parameters. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: dynamic engines in openssl.cnf
Cornelius Koelbel wrote: ... But I'd like to load the engine from the config file, so that I can add the openssl command to a script. --snip-- [ openssl_init ] engines = engine_section [ engine_section ] pkcs11 = pkcs11_engine_section [ pkcs11_engine_section ] init= 1 engine_id = pkcs11 dynamic_path= /usr/lib/opensc/engine_pkcs11.so module_path = /usr/local/lib/libetpkcs11.so --snip-- Any ideas what is wrong? The specific module does not seem to be loaded! did you set openssl_conf = openssl_init in the conf ? Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: base64 encode/decode
Patrick Guio wrote: ... I think there is a typo in the code snippet on the webpage http://www.openssl.org/docs/crypto/BIO_f_base64.html# The statement while((inlen = BIO_read(bio, inbuf, 512) 0) should read while((inlen = BIO_read(bio, inbuf, 512)) 0) I've committed a fix for the underlying pod file Thanks, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: EC Digest error
Lloyd Brown wrote: Hello all, I'm struggling to get some openssl elliptic curve based file digest/digital sig work done. I'm able to generate both ec and rsa keys without a problem, and am trying to digest a file using the openssl dgst command. However, I get something like this: [EMAIL PROTECTED]:~$ openssl dgst -sha512 -sign ec.key.prime192v2.pem -hex -out ec.test.sig.hex.sha512 file_to_digest Error Signing Data 10917:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:103: [EMAIL PROTECTED]:~$ The exact same syntax when used with an RSA key works fine. What am I doing wrong? Am I missing something completely obvious? due to the somewhat unfortunate binding between the digest type and signature algorithms -sha512 could only be used in combination with the RSA algorithm (this will hopefully change in a future version). Furthermore the X9.62 (the ecdsa standard) version on which this implementation is based allows only SHA-1 (don't know whether a revised X9.62 version has already been released) = if you want to create ecdsa signatures with the dgst command you should try something like: openssl dgst -ecdsa-with-SHA1 ... Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: EC Digest error
Lloyd Brown wrote: ... [EMAIL PROTECTED]:~$ openssl dgst -ecdsa-with-SHA1 -hex -sign ec.key.prime192v2.pem -out ec.test.sig.hex.sha512 .viminfo [EMAIL PROTECTED]:~$ openssl dgst -ecdsa-with-SHA1 -hex -verify ec.key.prime192v2.pem.pub -signature ec.test.sig.hex.sha512 .viminfo Error Verifying Data 12313:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142: 12313:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1269: 12313:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=ECDSA_SIG [EMAIL PROTECTED]:~$ without using the -hex option it works for me Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Enumerating supported algorithms
On Wed, Oct 12, 2005, Dmitry Belyavsky wrote: Greetings! What shall I look at whether I want to enumerate all, for example, digest algorithms supported in a particular build? you could use OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, ...) to get a list of all algorithms added by OpenSSL_add_all_digests etc. Cheers, Nils -- Nils Larsch [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~nils/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: EVP_EcryptInit() obsolete?
On Wed, Oct 12, 2005, Adam Jones wrote: I have been told that EVP_EcryptInit() is obsolete and EVP_EncryptInit_ex() should be used instead. Can anyone confirm that? this is correct, see: http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#NOTES Cheers, Nils -- Nils Larsch [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~nils/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: duplicate RSA struct
Stefan Vatev wrote: Hello guys, I'd like to know what's the best way to duplicate the RSA struct. I want something like X509_dup. The only way that come to my mind is to rsa = RSA_new() and then for each member of rsa to BN_new and BN_dup Any ideas will be highly appreciated. what about: RSA *RSAPublicKey_dup(RSA *rsa); RSA *RSAPrivateKey_dup(RSA *rsa); Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: 0.9.8: simple engine call causes loop
Kent Yoder wrote: One concern here... The solution as it is in the latest snapshot will require apps to always call ENGINE_load_builtin_engines() before a ENGINE_load_dynamic() should be sufficient call to ENGINE_by_id(ID), even if ID is a shared object engine. Is this the desired behavior? well that is how it's currently implemented It may not be obvious to app writers that the builtin dynamic engine is used to load .so engines... ack, this behaviour should be well documented Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: 0.9.8: simple engine call causes loop
Kent Yoder wrote: Hi, Calling ENGINE_by_id(anything) before making any other calls to OpenSSL seems to cause infinite recursion in trying to load the dynamic engine. I believe adding a call to ENGINE_load_dynamic() before attempting to load the dynamic engine inside ENGINE_by_id() will fix the problem. sounds similar to [1]. Could you try a recent snapshot. Cheers, Nils [1] http://marc.theaimsgroup.com/?t=11229562032r=1w=2 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DH shared key generation using Oakley groups.
joseph k j wrote: ... I am using openssl-0.9.8-stable-SNAP-20050810, BN_set_word(BIGNUM *a, unsigned long w); what should i do if i need to set a prime whose bits exceeds that of a long. can some one give me a pointer to a good doc on BN. depends on the format of the number you want to set: if it's a hex number try BN_hex2bn (see `man BN_hex2bn`) if the number is in binary form try BN_bin2bn (see `man BN_bin2bn`). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DH shared key generation using Oakley groups.
joseph k j wrote: hello everyone, I am currently using the following functions, a = DH_new(); DH_generate_parameters_ex(a, prime_len, generator, cb ); here i see the prime generated is random, each time i call the function it genrerates a new prime. but how is it possible for me to use predefined parameters, (esp prime) ie i would like to use the oakley groups 1,2,5 (MODP). is there a function like a= DH_group_get(group descriptor); unfortunately there is no such function, hence you need to set these values manually, for example using get_rfc2409_prime_1024() etc. (available in openssl = 0.9.8) and BN_set_word(). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: how do I build openssl with elliptic curve support?
David Stutzman wrote: I've tried a few different ./config lines and I can't seem to enable any of the elliptic curve functionality. When I run openssl ciphers I don't see any EC stuff. Can someone please provide a list of the things to enable or just a whole ./config command? you don't need special config options to enable the ecc stuff, they should be enabled by default I was trying to build openssl-SNAP-20050919 the ecc ssl ciphers are experimental and hence not listed unless you explicilty specify them (there's still no rfc for tls with ecc). Try openssl ciphers ECCdraft Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: how do I build openssl with elliptic curve support?
David Stutzman wrote: Nils Larsch wrote: you don't need special config options to enable the ecc stuff, they should be enabled by default the ecc ssl ciphers are experimental and hence not listed unless you explicilty specify them (there's still no rfc for tls with ecc). Try openssl ciphers ECCdraft Well thanks for the above, I do have a large list of EC ciphers. Is there a site somewhere with some more info like that? Something like a how-to for the EC related stuff? command line tools or c api, as for the c-api I recently added some doxygen comments so you might create some docu if you want (it's still work in progress and manpages will follow) I assume there's commands similar to genrsa, gensa, etc for generating EC keys that are not listed because it is all experimental. `man ecparam` and `man ec` for the command line tools Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: crypto
Saber Zrelli wrote:
Hi ,
I am trying to use openssl's crypto library to encrypt packets
before transmitting them into a TCP connection.
I have some difficulties on using DES funcions.
below is the code I wrote, it compiles but core-dump occurs at line 48.
char *
35 Encrypt(int Etype, char *Key, void *Msg)
36 {
37
38 ___char *CypherText;
39 ___char *dec;
40 ___int*n;
41
42 ___DES_cblock_Key2;
43 ___DES_key_schedule *schedule;
44
45
46 ___memcpy(Key2, Key, 8);
47 ___DES_set_odd_parity(Key2);
48 ___DES_set_key_checked(Key2, schedule);
the schedule pointer is uninitialzed = core dump, as schedule
is used in DES_set_key_unchecked (called by DES_set_key_checked).
Try to do something like:
DES_key_schedule schedule;
...
DES_set_key_checked(Key2, schedule);
49 ___DES_cfb64_encrypt((char *)Msg, CypherText, strlen(Msg),
schedule, Key2, n, 1);
50 ___printf(Encrypted message : %s\n, CypherText);
51 ___DES_cfb64_encrypt(CypherText, dec, strlen(Msg), schedule,
Key2, n, 0);
52 ___printf(decrypted message : %s\n, dec);
Any help links to sample code is appreciated.
perhaps crypto/des/destest.c
Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Diffie Hellman Parameter Generation Question
Jonathon Green wrote: Hi List, I have a question which is partly OpenSSL specific and partly a more general Diffie-Hellman (parameter generation) question The background for my problem is that I'm writing an engine and am trying to implement the: int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); function of the dh_method. This function, as per the internal OpenSSL implementation, expects the bit size of the prime and the value of the generator, however, the API that I'm calling through to expects the bit size of the prime and the 'Diffie-Hellman generator order' (as an unsigned long.) From my understanding the 'Diffie-Hellman generator order' that they are refering to is the order of the cyclic subgroup GF(p)* whose generator is the same 'g' hmm, using for example a strong prime p = 2q + 1 (q prime) the order of a subgroup divids the group order of GF(p) = hence the order for a safe prime is either q, 2 or p-1 and hence doesn't normally fit into one unsigned long value. Using a generator with a order which fits into a unsigned long value doesn't really sounds that safe ;-) Perhaps 'Diffie-Hellman generator order' is the size of the generator in bits ? which the OpenSSL function takes as an input. The API allows me to retrive the generator as a result of the parameter generation process, the values of which are large and nothing like the 2 or 5 that OpenSSL expects as input to the DH_check() function. yep, DH_check(dh, ret) should return DH_UNABLE_TO_CHECK_GENERATOR in ret in this case. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: compile opensll with -d option
Stefan Vatev wrote: I'm struggling in compiling the openssl with the debug option. As it's written in the INSTALL file I type in ./config -d The last line of the output is : Configured for debug-linux-elf, so I think it's configured well. The error i get when I try to make it is : /usr/bin/ld: cannot find -lefence collect2: ld returned 1 exit status make[2]: *** [link_app.] Error 1 make[1]: *** [openssl] Error 2 make: *** [build_apps] Error 1 It's apparent that libefence.so or something like that is missing. Any suggetions will be appreciated. well, what about installing libefence ;-) Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: problem with d2i_X509() ??
Rajeshwar Singh Jenwar wrote:
Hi All,
I have to read x509 certificate(in .pem format) from memory.
I have written two functions.
Fn.1
/* get X509 structure from memory. */
extern X509 *mem2x509(vchar_t *cert)
{
X509 *x509;
unsigned char *bp;
bp = (unsigned char *) cert-v;
x509 = d2i_X509(NULL, bp, cert-l);
if(x509 == NULL)
{
Printf(ERROR : %s : %d : %s\n , __FILE__, __LINE__, failed in
d2ix509());
}
return x509;
}
Fn.2
extern X509 *mem2x509_bio(vchar_t *cert)
{
X509 *x509= NULL;
BIO *bio = NULL;
int len = -1;
bio = BIO_new(BIO_s_mem());
if (bio == NULL)
{
Printf(ERROR : %s : %d : %s\n , __FILE__, __LINE__, failed in
BIO_new());
return NULL;
}
len = BIO_write(bio, cert-v, cert-l);
if (len == -1)
{
Printf(ERROR : %s : %d : %s\n , __FILE__, __LINE__, failed in
BIO_write());
return NULL;
}
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if(x509 == NULL)
{
Printf(ERROR : %s : %d : %s\n , __FILE__, __LINE__, failed in
PEM_read_bio_X509());
}
BIO_free(bio);
return x509;
}
Now certificate data is stored in char array.
vchar_t *cacert = NULL;
cacert = vmalloc(strlen(CERT.CACert));
memcpy(cacert-v, CERT.CACert, strlen(CERT.CACert));
Now i m extracting with above two functions.
Fn1 is failling .I m getting failed in d2i_x509 message.
F2. is passed.
Can some explain the reason ?
if you have a pem encoded certificate d2i_X509 of course fails as
it expects a der encoded binary input.
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: DES_ede3_cbc_encrypt and padding
Alicia da Conceicao wrote: Greetings: The DES_ede3_cbc_encrypt() routine does not appear to properly pad data to fill out the last block. Consider, if the last block contains 4 bytes for the unencrypted text test, DES_ede3_cbc_encrypt() is only padding the remaining characters with NULL characters: 74:65:73:74:00:00:00:00 yep, afaik that's documented in manual page But shouldn't it be padded as follow: 74:65:73:74:00:00:00:04 according to pkcs#5 (6.1.1) it should be 74:65:73:74:04:04:04:04 with the last byte containing the number of padded bytes. Note that if the last block is full, then an additional block of padding is added with 00:00:00:00:00:00:00:08. Is CBC padding in OpenSSL handled by a separate routine? Shouldn't CBC padding be handled by the CBC routine? try EVP_EncryptInit_ex() etc. Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OSSL 0.9.8 Engine problems
Steffen Pankratz wrote: On Tue, 30 Aug 2005 23:53:37 +0200 Nils Larsch [EMAIL PROTECTED] wrote: Steffen Pankratz wrote: ... well, if openssl is build without DES support the DES nids are not added to the internal list of OIDs when OPENSSL_add_all_ciphers is called, hence the OBJ_* functions know nothing about DES. logical any chance to make openssl aware of -des-ecb when build without DES cipher support using a dynamic Engine module? what about adding the necessary ciphers in the engine initialization function (have a look at crypto/evp/c_allc.c to see which functions are necessary) ? will try later for this i have to load the Engine module before i can use openssl enc -engine ..., right? yep, otherwise apps/enc.c doesn't know -des-ecb. but loading seems to be ok openssl enc -engine des-ecb engine des-ecb set. i tried a OSSL build with DES cipher support and got this openssl enc -engine des-ecb -e -des-ecb -out testo -in testi parallel processing engine des-ecb set. enter des-ecb encryption password: Verifying - enter des-ecb encryption password: Error setting cipher DES-ECB 10220:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl operation not implemented:evp_enc.c:533: 10220:error:0607B086:digital envelope routines:EVP_CipherInit_ex:initialization error:evp_enc.c:171: is the EVP_CIPH_CTRL_INIT flag set in the EVP_CIPHER structure ? it is (if you like, code is attached) if the flag is set you must provide a support for this flag in EVP_CIPHER::ctrl otherwise you get the above error (so if you don't need that functionality don't use it). even if i set the EVP_CIPH_CTRL_INIT flag to NULL i get this errormessage and on the other hand if the EVP_CIPH_CTRL_INIT is set to des_ctrl there is a implementation for this in my des-ecb.c so it seems to be another problem no, I've just tested your code (with some necessary modifications) and it seems to work. You set the EVP_CIPH_CTRL_INIT (== 64) flag in your cipher_des_ecb structure hence you must add support for EVP_CTRL_INIT in the switch statement in your des_ctrl function otherwise it can't work (or don't set this flag in cipher_des_ecb). Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Openssl Engine calling code (soft pkcs11) also written in openssl conflict
Christopher Nebergall wrote: I've been working with some patches to curl I found on the curl mailing list to support openssl and opensc's engine_pkcs11. Basically it consists of Curl 7.14 + patch which adds dynamic engine support - opensc-20050826 [engine_pkcs11.so] - soft-pkcs11 1.2 on Ubuntu Linux (5.04) Kernel 2.6.10-5-386 actually the openssl version would be more interesting The problem is that engine_pkcs11 from opensc registers custom rsa functions for its purposes. They dlopen a pkcs11 library in my case soft-pkcs11 which is also implemented using openssl. The problem is that the soft token seems to be calling the rsa functions registered by opensc and not the original versions. I need some advice or background on overriding crypto implementations to figure out how to make soft-pkcs11 not inherit the opensc's overridden functions. you could use RSA_set_method with RSA_PKCS1_SSLeay for example I would have thought since soft-pkcs11 was dlopened that this wouldn't have inherited the modified functions. the default engine is a global parameter Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OSSL 0.9.8 Engine problems
Steffen Pankratz wrote: ... well, if openssl is build without DES support the DES nids are not added to the internal list of OIDs when OPENSSL_add_all_ciphers is called, hence the OBJ_* functions know nothing about DES. logical any chance to make openssl aware of -des-ecb when build without DES cipher support using a dynamic Engine module? what about adding the necessary ciphers in the engine initialization function (have a look at crypto/evp/c_allc.c to see which functions are necessary) ? but loading seems to be ok openssl enc -engine des-ecb engine des-ecb set. i tried a OSSL build with DES cipher support and got this openssl enc -engine des-ecb -e -des-ecb -out testo -in testi parallel processing engine des-ecb set. enter des-ecb encryption password: Verifying - enter des-ecb encryption password: Error setting cipher DES-ECB 10220:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl operation not implemented:evp_enc.c:533: 10220:error:0607B086:digital envelope routines:EVP_CipherInit_ex:initialization error:evp_enc.c:171: is the EVP_CIPH_CTRL_INIT flag set in the EVP_CIPHER structure ? it is (if you like, code is attached) if the flag is set you must provide a support for this flag in EVP_CIPHER::ctrl otherwise you get the above error (so if you don't need that functionality don't use it). Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: CA generation/certificate serial number
Frédéric Donnat wrote: Hi, Sorry for the mistake (nothing to deal with openssl.cnf file). I was just looking for ca.txt file. Is it normal behavior of openssl to be able to view a certificate without serial number using (without any error mentioned): openssl x509 -in some_cert_without_sn.pem -text But to be unable to verify it using: openssl verify -CAfile some_cert_without_sn.pem some_cert_without_sn.pem Sample: (attached self-sign cert name pipo-bad.pem) hmm, the attached certificate as has a serial number it's 0x0 [EMAIL PROTECTED] simple]$ LD_LIBRARY_PATH=/usr/local/ossl-0.9.8/lib /usr/local/ossl-0.9.8/bin/openssl verify -verbose -CAfile pipo-bad.pem pipo-bad.pem pipo-bad.pem: /C=UK/CN=OpenSSL Group error 7 at 0 depth lookup:certificate signature failure 18588:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:218: 18588:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168: well the signature really seems to be wrong. How did you create the certificate ? Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl ciphers
Steven Reddie wrote: Which version are you using? 0.9.8 does what I'd expect: $ openssl ciphers AES+DES Error in cipher list 3312:error:144020B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1167: yep, this has been fixed in OpenSSL_0_9_7-stable and above see [1]. Cheers, Nils [1] https://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=1005 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ecc keys of openssl- support by IE and Firefox
Gaurav Kumar wrote: i am newbie to ECC, kindly let me know if ECC keys generated by openssl are supported by Internet explorer / FireFox or not. it should be noted that there's still no RFC for tls with ecc, so everything is still very experimental. Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Different RSA functions
Heinz Markgraf wrote: Hi! You may encrypt/decrypt using a private key (yours), or encrypt/decrypt using the public key of another party. The latter is commonly done when verifying signatures, though encrypting with another's public key is a common enveloping technique. Hm, I still don't get the point in having four functions. Mathematically seen there are only two different actions I can do: either raise the 'message' x to the power of the public exponent or to the power of the private exponent. Right? right, but different padding schemes are used for encryption and decryption (in case padding is used). Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: about the BN prime generator
Matthew Julius Raibert wrote: It also seems unusual that what appears to be a generic function call in the bignum library is in fact a helper function for a specific application and as such not useful for others. Writing my own prime generator is simple enough, but perhaps BN_generate_prime would be more appropriately named BN_generate_rsa_prime or something. I agree that the current behaviour is not really optimal (in particular as it is not documented). Perhaps you should send a bug report to [EMAIL PROTECTED] Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: about the BN prime generator
Matthew Julius Raibert wrote:
I'm working on a project for which I need to generate big primes. Along
the way I noticed that when I run BN_generate_prime() it seems to always
set the two most significant bits to one. In other words, if I ask for
a thousand 16 bit primes, I get a thousand primes that lie between hex
C000 and hex 1 and not a single prime that lies between hex 8000 and
hex C000.
yep, that's intentional. It should ensure that the product of two
q bits prime numbers is 2*q bits long (useful for rsa key generation).
A simple workaround might be to generate a dh prime (or at least
let openssl think you want to do this) by supplying a trivial non-NULL
add parameter to BN_generate_prime, for example:
#include openssl/bn.h
#include iostream
#include math.h
#include stdlib.h
#include time.h
using namespace std;
int main()
{
BIGNUM* prime = BN_new();
BIGNUM* two = BN_new();
BN_set_word(two, 2);
for(int j = 0; j 100; j++) {
BN_generate_prime(prime,16,0,two,NULL,NULL,NULL);
cout A PRIME: BN_bn2hex(prime) endl;
}
return 0;
}
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
