Multiples read with ssl
Hello all! I'm working with xsupplicant (Open1x) and i have a problem with SSL. By default, xsupplicant waits a message with 1.000 bytes, but i have modificated this because i need a messages with 10.000 bytes or more. Before: rc=SSL_read(mytls_vars-ssl, out_data,1000); and now, i want to do a loop like... while (rc 0) rc=SSL_read(mytls_vars-ssl, out_data,1000); but this gives a error WANT_TO_READ or WANT_TO_WRITE, i don't know why. Do You can't do multiples read with ssl?? Thank! -- *** LIDIA FERNANDEZ CARPES Departamento de Ingenieria de la Informacion y las Comunicaciones Facultad de Informatica Universidad de Murcia. Campus de Espinardo 30080 Murcia (SPAIN) Tel.: +34 968 364644 Fax: +34 968 364151 email: [EMAIL PROTECTED] *** __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Multiples read with ssl
Lidia Fernández wrote: Hello all! I'm working with xsupplicant (Open1x) and i have a problem with SSL. By default, xsupplicant waits a message with 1.000 bytes, but i have modificated this because i need a messages with 10.000 bytes or more. Before: rc=SSL_read(mytls_vars-ssl, out_data,1000); and now, i want to do a loop like... while (rc 0) rc=SSL_read(mytls_vars-ssl, out_data,1000); but this gives a error WANT_TO_READ or WANT_TO_WRITE, i don't know why. SSL_ERROR_WANT_READ means that more socket data was needed by the SSL protocol. This is not a fatal error, just means that you have to redo the SSL_read() when data becomes available. IIRC, there was long thread on this list, not long ago, about using SSL_read/write for partial read/write etc. Do You can't do multiples read with ssl?? Yes, you definitely can. But handle cases like the above correctly. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Problems with SSL_read() - SSL_ERROR_SYSCALL
Arun Singarajipura wrote: Hi, Thanks for the reply. I used WSAGetLastError() just after SSL_read() and the result of this is *Read failed with error 10054: An existing connection was forcibly closed by the remote host.* well if the remote side is also your code, you could try debugging/finding why it closed the connection. you could also try setting the info callback to see what is happening inside the SSL connection (SSL_CTX_set_info_callback()). Hi, Arun Singarajipura wrote: Hi All, we are working on client - server architecture. We are using openssl for communication. My problem is that - while transferring data, SSL_read() always fails (after transferring few KB of data). The follwoing error is returned - -- SSL_read() returns SSL_ERROR_SYSCALL error:0005:lib(0):func(0):DH lib --- In that case you better check what errno has. That can give you a better idea of what went wrong. (although i don't know why that DH lib is present above. I don't think DH is involved in any SSL read/write unless your handshake isn't over and your SSL_read() is in fact completing the handshake). This always happens between data transfer. Here's the code snippet gSSL = SSL_new(ctx); SSL_set_fd(gSSL, m_Socket); result = SSL_connect(gSSL); //Get certificate ** the following piece of code is giving problem ret=select(1,sckt,NULL,NULL, timeout); check what 'ret' is. ERR_clear_error(); ret = SSL_read(gSSL,buffer,size); check errno here if you get a SSL_ERROR_SYSCALL. -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to generate and use asymmetric GOST keys?
Hi, I'm playing with openssl 0.9.9 with a GOST engine. Does anybody know, how to get more info about commmand line options for openssl req and openssl if one wants to use them with GOST engine to generate and use asymmetric GOST-94 or GOST-2001 keys? First I tried the req command as proposed here: http://www.cryptocom.ru/OpenSource/readme.html req -newkey gost94: -keyout mykey.p8 -out mykey.req They claim that you need no parameters, so you should leave an empty string after the colon But the shell seems to expect a file name (of a file containing parameters) after the colon. OpenSSL req -newkey gost94: -keyout mykey.p8 -out mykey.req Can't open parameter file 10925:error:02001002:system library:fopen:No such file or directory:bss_file.c:1 22:fopen('','r') 10925:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125: error in req OpenSSL The command req -newkey gost94: -keyout mykey.p8 -out mykey.req does not work either. is taken for a file name. When I put there the name of an existing file, things became bizarr: OpenSSL req -newkey gost94:parameters.txt -keyout mykey.p8 -out mykey.req Error reading parameter file parameters.txt 10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec ting: PARAMETERS 10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec ting: CERTIFICATE error in req OpenSSL If you do not type a colon at all, you still don't get your key: OpenSSL req -newkey gost94 -keyout mykey.p8 -out mykey.req Generating a 1024 bit GOST94 private key Error Generating Key 10925:error:8007106B:lib(128):PKEY_GOST94_KEYGEN:no parameters set:gost_pmeth.c: 274: error in req OpenSSL Although it was said on the cited page that there are no parameters needed, the shell complains about not having any. Is it a bug? Thanks for help. André Ziermann Senior Solution Engineer SECUDE IT Security GmbH Goebelstrasse 21 64293 Darmstadt / Germany Tel. : +49 (0)6151 82897 21 Fax : +49 (0)6151 82897 26 Mobile : +49 (0) 170 987 81 73 [EMAIL PROTECTED] www.secude.com Handelsregister Darmstadt: HRB 9081 Geschäftsführer: Dr. Heiner Kromer smime.p7s Description: S/MIME Cryptographic Signature
Re: How to generate and use asymmetric GOST keys?
The parameter after colon is not a file name but a name of parameter set or OID For signing keys name can be 'A', 'B', 'C'/ openssl req -newkey gost2001:A The recommended way to generate GOST requests is to use two commands openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out mykey.p8 openssk req -new -key mykey.p8 -out mykey.req Hi, I'm playing with openssl 0.9.9 with a GOST engine. Does anybody know, how to get more info about commmand line options for openssl req and openssl if one wants to use them with GOST engine to generate and use asymmetric GOST-94 or GOST-2001 keys? First I tried the req command as proposed here: http://www.cryptocom.ru/OpenSource/readme.html req -newkey gost94: -keyout mykey.p8 -out mykey.req They claim that you need no parameters, so you should leave an empty string after the colon But the shell seems to expect a file name (of a file containing parameters) after the colon. OpenSSL req -newkey gost94: -keyout mykey.p8 -out mykey.req Can't open parameter file 10925:error:02001002:system library:fopen:No such file or directory:bss_file.c:1 22:fopen('','r') 10925:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125: error in req OpenSSL The command req -newkey gost94: -keyout mykey.p8 -out mykey.req does not work either. is taken for a file name. When I put there the name of an existing file, things became bizarr: OpenSSL req -newkey gost94:parameters.txt -keyout mykey.p8 -out mykey.req Error reading parameter file parameters.txt 10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec ting: PARAMETERS 10925:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:687:Expec ting: CERTIFICATE error in req OpenSSL If you do not type a colon at all, you still don't get your key: OpenSSL req -newkey gost94 -keyout mykey.p8 -out mykey.req Generating a 1024 bit GOST94 private key Error Generating Key 10925:error:8007106B:lib(128):PKEY_GOST94_KEYGEN:no parameters set:gost_pmeth.c: 274: error in req OpenSSL Although it was said on the cited page that there are no parameters needed, the shell complains about not having any. Is it a bug? Thanks for help. André Ziermann Senior Solution Engineer SECUDE IT Security GmbH Goebelstrasse 21 64293 Darmstadt / Germany Tel. : +49 (0)6151 82897 21 Fax : +49 (0)6151 82897 26 Mobile : +49 (0) 170 987 81 73 [EMAIL PROTECTED] www.secude.com Handelsregister Darmstadt: HRB 9081 Geschäftsführer: Dr. Heiner Kromer __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]