Multiples read with ssl
Hello all! I'm working with xsupplicant (Open1x) and i have a problem with SSL. By default, xsupplicant waits a message with 1.000 bytes, but i have modificated this because i need a messages with 10.000 bytes or more. Before: rc=SSL_read(mytls_vars-ssl, out_data,1000); and now, i want to do a loop like... while (rc 0) rc=SSL_read(mytls_vars-ssl, out_data,1000); but this gives a error WANT_TO_READ or WANT_TO_WRITE, i don't know why. Do You can't do multiples read with ssl?? Thank! -- *** LIDIA FERNANDEZ CARPES Departamento de Ingenieria de la Informacion y las Comunicaciones Facultad de Informatica Universidad de Murcia. Campus de Espinardo 30080 Murcia (SPAIN) Tel.: +34 968 364644 Fax: +34 968 364151 email: [EMAIL PROTECTED] *** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Multiples read with ssl
Lidia Fernández wrote: Hello all! I'm working with xsupplicant (Open1x) and i have a problem with SSL. By default, xsupplicant waits a message with 1.000 bytes, but i have modificated this because i need a messages with 10.000 bytes or more. Before: rc=SSL_read(mytls_vars-ssl, out_data,1000); and now, i want to do a loop like... while (rc 0) rc=SSL_read(mytls_vars-ssl, out_data,1000); but this gives a error WANT_TO_READ or WANT_TO_WRITE, i don't know why. SSL_ERROR_WANT_READ means that more socket data was needed by the SSL protocol. This is not a fatal error, just means that you have to redo the SSL_read() when data becomes available. IIRC, there was long thread on this list, not long ago, about using SSL_read/write for partial read/write etc. Do You can't do multiples read with ssl?? Yes, you definitely can. But handle cases like the above correctly. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL
Arun Singarajipura wrote: Hi, Thanks for the reply. I used WSAGetLastError() just after SSL_read() and the result of this is *Read failed with error 10054: An existing connection was forcibly closed by the remote host.* well if the remote side is also your code, you could try debugging/finding why it closed the connection. you could also try setting the info callback to see what is happening inside the SSL connection (SSL_CTX_set_info_callback()). Hi, Arun Singarajipura wrote: Hi All, we are working on client - server architecture. We are using openssl for communication. My problem is that - while transferring data, SSL_read() always fails (after transferring few KB of data). The follwoing error is returned - -- SSL_read() returns SSL_ERROR_SYSCALL error:0005:lib(0):func(0):DH lib --- In that case you better check what errno has. That can give you a better idea of what went wrong. (although i don't know why that DH lib is present above. I don't think DH is involved in any SSL read/write unless your handshake isn't over and your SSL_read() is in fact completing the handshake). This always happens between data transfer. Here's the code snippet gSSL = SSL_new(ctx); SSL_set_fd(gSSL, m_Socket); result = SSL_connect(gSSL); //Get certificate ** the following piece of code is giving problem ret=select(1,sckt,NULL,NULL, timeout); check what 'ret' is. ERR_clear_error(); ret = SSL_read(gSSL,buffer,size); check errno here if you get a SSL_ERROR_SYSCALL. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to generate and use asymmetric GOST keys?
Hi,
I'm playing with openssl 0.9.9 with a GOST engine.
Does anybody know, how to get more info about commmand line options for
openssl req
and
openssl
if one wants to use them with GOST engine to generate and use asymmetric
GOST-94 or GOST-2001 keys?
First I tried the req command as proposed here:
http://www.cryptocom.ru/OpenSource/readme.html
req -newkey gost94: -keyout mykey.p8 -out mykey.req
They claim that you need no parameters, so you should leave an empty string
after the colon
But the shell seems to expect a file name (of a file containing
parameters) after the colon.
OpenSSL req -newkey gost94: -keyout mykey.p8 -out mykey.req
Can't open parameter file
10925:error:02001002:system library:fopen:No such file or directory:bss_file.c:1
22:fopen('','r')
10925:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
error in req
OpenSSL
The command req -newkey gost94: -keyout mykey.p8 -out mykey.req does not
work either. is taken for a file name.
When I put there the name of an existing file, things became bizarr:
OpenSSL req -newkey gost94:parameters.txt -keyout mykey.p8 -out mykey.req
Error reading parameter file parameters.txt
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: PARAMETERS
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: CERTIFICATE
error in req
OpenSSL
If you do not type a colon at all, you still don't get your key:
OpenSSL req -newkey gost94 -keyout mykey.p8 -out mykey.req
Generating a 1024 bit GOST94 private key
Error Generating Key
10925:error:8007106B:lib(128):PKEY_GOST94_KEYGEN:no parameters set:gost_pmeth.c:
274:
error in req
OpenSSL
Although it was said on the cited page that there are no parameters needed, the
shell complains about not having any. Is it a bug?
Thanks for help.
André Ziermann
Senior Solution Engineer
SECUDE IT Security GmbH
Goebelstrasse 21
64293 Darmstadt / Germany
Tel. : +49 (0)6151 82897 21
Fax : +49 (0)6151 82897 26
Mobile : +49 (0) 170 987 81 73
[EMAIL PROTECTED]
www.secude.com
Handelsregister Darmstadt: HRB 9081
Geschäftsführer: Dr. Heiner Kromer
smime.p7s
Description: S/MIME Cryptographic Signature
Re: How to generate and use asymmetric GOST keys?
The parameter after colon is not a file name but a name of parameter set
or OID
For signing keys name can be 'A', 'B', 'C'/
openssl req -newkey gost2001:A
The recommended way to generate GOST requests is to use two commands
openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out mykey.p8
openssk req -new -key mykey.p8 -out mykey.req
Hi,
I'm playing with openssl 0.9.9 with a GOST engine.
Does anybody know, how to get more info about commmand line options for
openssl req
and
openssl
if one wants to use them with GOST engine to generate and use asymmetric GOST-94 or GOST-2001 keys?
First I tried the req command as proposed here: http://www.cryptocom.ru/OpenSource/readme.html
req -newkey gost94: -keyout mykey.p8 -out mykey.req
They claim that you need no parameters, so you should leave an empty string after the colon
But the shell seems to expect a file name (of a file containing parameters)
after the colon.
OpenSSL req -newkey gost94: -keyout mykey.p8 -out mykey.req
Can't open parameter file
10925:error:02001002:system library:fopen:No such file or directory:bss_file.c:1
22:fopen('','r')
10925:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
error in req
OpenSSL
The command req -newkey gost94: -keyout mykey.p8 -out mykey.req does not work either. is taken for a file name.
When I put there the name of an existing file, things became bizarr:
OpenSSL req -newkey gost94:parameters.txt -keyout mykey.p8 -out mykey.req
Error reading parameter file parameters.txt
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: PARAMETERS
10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec
ting: CERTIFICATE
error in req
OpenSSL
If you do not type a colon at all, you still don't get your key:
OpenSSL req -newkey gost94 -keyout mykey.p8 -out mykey.req
Generating a 1024 bit GOST94 private key
Error Generating Key
10925:error:8007106B:lib(128):PKEY_GOST94_KEYGEN:no parameters set:gost_pmeth.c:
274:
error in req
OpenSSL
Although it was said on the cited page that there are no parameters needed, the shell complains about not having any. Is it a bug?
Thanks for help.
André Ziermann
Senior Solution Engineer
SECUDE IT Security GmbH
Goebelstrasse 21
64293 Darmstadt / Germany
Tel. : +49 (0)6151 82897 21
Fax : +49 (0)6151 82897 26
Mobile : +49 (0) 170 987 81 73
[EMAIL PROTECTED]
www.secude.com
Handelsregister Darmstadt: HRB 9081
Geschäftsführer: Dr. Heiner Kromer
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
