BIO_get_mem_ptr does not behave correct on AIX
Hi, I'm decrypting a string (test12345678) found in an input-file. When I decrypt using two file-BIO's (in the following code-extract this means replacing out=BIO_new(BIO_s_mem) by out=BIO_new(BIO_s_file) and a BIO_write_filename(out,outf) ), then the outputfile contains the full decrypted string "test12345678". When I do the same using a mem-BIO (see code below), the decrypted string returned is always 8 characters, and if the encrypted string is smaller then 8 characters nothing happens ! I must be overlooking something MEM_BUF-related, but I just don't see it. Any ideas/hints on how to resolve this ? Thanks ! & kind regards, dirk L. example code: #include #include #include #include #include #include #include #define ATTRMAX 50 #define BUFFERSIZE 256 #define BSIZE (8*1024) main(argc, argv) int argc; char *argv[]; { char inf[19] = "test_encrypted.pas"; char *pw=NULL; int ret; ret = get_passphrase(inf,&pw); if(ret == 0){ fprintf(stdout,"the password is %s\n",pw); }else{ fprintf(stdout,"Unable to retrieve the password from file %s\n",inf); } } int get_passphrase(char *inf,char **pass){ int done = 0,inl; int bsize=BSIZE; charcipher_name[5]="des3"; const EVP_CIPHER *cipher=NULL; charstr[5] ="test"; unsigned char *buff=NULL; BUF_MEM *bptr; BIO *in=NULL,*benc=NULL,*out=NULL; unsigned char key[24],iv[MD5_DIGEST_LENGTH]; fprintf(stdout,"Begin decrypt\n"); OpenSSL_add_all_ciphers(); cipher=EVP_get_cipherbyname(cipher_name); if (cipher == NULL){ fprintf(stdout,"%s is an unknown cipher\n",cipher_name); return 1; } /*read input-filename*/ if(inf==NULL){ fprintf(stdout,"input-filename not specified\n"); return 1; }else{ in=BIO_new(BIO_s_file()); if(in==NULL){ fprintf(stdout,"unable to open input-filename %s\n",inf); return 1; }else{ if (BIO_read_filename(in,inf) <= 0){ fprintf(stdout,"1)unable to read from input-filename %s\n",inf); return 1; }else{ out=BIO_new(BIO_s_mem()); if(out==NULL){ fprintf(stdout,"unable to create mem-BIO\n"); return 1; } if((cipher!=NULL)&&(str!=NULL)){ EVP_BytesToKey(cipher,EVP_md5(),NULL, (unsigned char *)str, strlen(str),1,key,iv); /*zero the variable str*/ memset(str,0,strlen(str)); /*create the encrypt/decrypt BIO*/ if ((benc=BIO_new(BIO_f_cipher())) == NULL){ fprintf(stdout,"unable to create decrypt-BIO \n"); return 1; }else{ BIO_set_cipher(benc,cipher,key,iv,0); /* decrypt on the go */ if (benc != NULL) out=BIO_push(benc,out); buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize)); if (buff == NULL){ fprintf(stdout,"unable to assign buffer\n"); return 1; } for (;;) { inl=BIO_read(in,(char *)buff,bsize); if (inl <= 0) break; if (BIO_write(out,(char *)buff,inl) != inl){ fprintf(stdout,"error writing output file\n"); goto end; } } BIO_get_mem_ptr(out, &bptr); fprintf(stdout,"read from out %s, length %d\n",bptr->data,bptr->length); *pass=strdup(bptr->data); if (!BIO_flush(out)) { fprintf(stdout,"bad decrypt\n"); goto end; } end: fprintf(stdout,"passphrase successfully decrypted\n"); } }else{ fprintf(stdout,"2)unable to read from input-filename %s\n",inf); return 1; } } } } EVP_cleanup(); if (buff != NULL) OPENSSL_free(buff); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); fprintf(stdout,"End decrypt\n"); return 0; } * Dirk Laurijssen Syntegra, creating winners in the digital economy. +32 2 247 92 20 - Check us out at www.syntegra.be * __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: read X509 certificate from DER format file using d2i_X509
Ok, I modified that,and added the OpenSSL_add_all_algorithms(), but to no avail. Any other hints ? Thanks & kind regards, dirk L. int validate_ssl (int ok, char *ip, char *protocol, char *subject,char *issuer, unsigned char *cert, int length, int depth,char **message) { char *cp; char *Fname = "validate_ssl"; int i; int len; char *mp; int rc; char *status; X509 *pem_cert; char* name; char* errmsg = NULL; int ldap_err; int version; char* dirname; unsigned char *p; OpenSSL_add_all_algorithms(); rc = ok && SSLok; /*pem_cert = X509_new();*/ if (!cert) fprintf(stderr, "validate_ssl: DER certificate not available\n"); /*the ASN1-parsing functions increment the pointer, so to avoid problems use a temporary pointer */ /*http://www.openssl.org/support/faq.html#PROG3 */ p = cert; pem_cert = d2i_X509(NULL, &p, length); version = X509_get_version(pem_cert); fprintf(stderr, "version %d\n",version); 22/08/2001 1:36:15, Dr S N Henson <[EMAIL PROTECTED]> wrote: >dirk laurijssen wrote: >> >> Hi, >> Altough mentioned in the faq http://www.openssl.org/support/faq.html#PROG3 , I >can't seem to get the DER-certificate loaded appropriately into the X509- struct. >> >[stuff deleted] >> >> int >> validate_ssl (int ok, char *ip, char *protocol, char *subject, >> char *issuer, unsigned char *cert, int length, int depth, >> char **message) >> { >> >> >>X509 *new_cert = d2i_X509(NULL, &cert, sizeof(cert)); >>version = X509_get_version(new_cert); >> >> } > >sizeof(cert) since "cert" is of type (char *) will just give you the >size of a pointer (typically 4) what you want is the size of the buffer >pointed to by "cert" which might be 'length' from the prototype... > >Steve. >-- >Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ >Personal Email: [EMAIL PROTECTED] >Senior crypto engineer, Celo Communications: http://www.celocom.com/ >Core developer of the OpenSSL project: http://www.openssl.org/ >Business Email: [EMAIL PROTECTED] PGP key: via homepage. > >______ >OpenSSL Project http://www.openssl.org >User Support Mailing List[EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > * Dirk Laurijssen Syntegra, creating winners in the digital economy. +32 2 247 92 20 - Check us out at www.syntegra.be * __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: NT installation
Timothy, your compiler is visual C. and your current environment-variables don't contain all the necessary paths. Somewhere on your system is a script called vcvars32.bat, run it and then recompile. Kind regards, dirk L. "Timothy H. Schilbach" wrote: > I have just tried to insall OPENSSL on my Wind2k server. We are > running the latest version of Active PERL from Activestate. I am using > a C++ compiler called NMAKE to compile the code as needed. Here are > the steps I have taken and the error I get in the last step of the > procedure: 1. navigate to the Dir c:\temp\openssl2. perl configure > vc-win323. ms\do_masm - everything is okay here all has succeeded > successfully4. nmake -f ms\ntdll.mak - here is where things go wrong, > below is the error I get: ERROR: nul > .\apps\testrsa.h > 1 file(s) copied. > cl /Fotmp32\cryptlib.obj -Iinc32 -Itmp32 /MD /W3 /WX /G5 /Ox > /O2 /Ob2 / > Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN > -DDSO_WIN32 -DWINNT > /Fdout32 -c .\crypto\cryptlib.c > 'cl' is not recognized as an internal or external command, > operable program or batch file. > NMAKE : fatal error U1077: 'C:\WINNT\system32\cmd.exe' : return code > '0x1' > Stop.Anyone know why I may be getting this? I am using the latest > distro of openssl-9.6b Any help would be greatly appreciated. Timothy > H. Schilbach > Alpha Omega Design Inc. > [EMAIL PROTECTED] > Visit our website at www.aodinc.com -- * Dirk Laurijssen Syntegra, creating winners in the digital economy. +32 2 247 92 20 - [EMAIL PROTECTED] * __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]