opensll-0.9.8q.tar.gz corrupted.
It would appear that the opensll-0.9.8q.tar.gz file is corrupt. un-tar fails. Cheers, Brent
Re: opensll-0.9.8q.tar.gz corrupted.
The tarball doesn't appear to be corrupted for me, what errors are you getting?Under Redhat EL4 and EL5 VMs,tar zxf openssl-0.9.8q.tar.gz, works perfectly fine for me. Original Message From: Brent Evans brent.ev...@gmail.comTo: openssl-users@openssl.orgSent: Fri, Dec 3, 2010, 8:48 AMSubject: opensll-0.9.8q.tar.gz corrupted.It would appear that the opensll-0.9.8q.tar.gz file is corrupt. un-tar fails. Cheers, Brent __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: opensll-0.9.8q.tar.gz corrupted.
Hi, There is no problem with the archive. If you are under Windows, use the latest 7zip (version 9.20). You will get a warning but the decompression is OK. The previous version of 7zip had a limitation for tar support. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/3/2010 2:28 PM, Brent Evans wrote: It would appear that the opensll-0.9.8q.tar.gz file is corrupt. un-tar fails. Cheers, Brent __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL 1.0.0c released
That's a pretty bold statement and doesn't always apply in a product environment. I have not deployed 1.0.0b (because of the pending issues); I'm still at 1.0.0a and have to decide whether to patch the vulnerabilities, or risk updating OpenSSL completely and retesting all of its consumers. Erik -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Victor Duchovni Sent: Thursday, December 02, 2010 6:09 PM [...] 1.0.0c contains important non-security bug fixes for 1.0.0b, so you should deploy 1.0.0c anyway. [...] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0c released
On Fri, Dec 03, 2010 at 09:50:49AM -0500, Erik Tkal wrote: That's a pretty bold statement and doesn't always apply in a product environment. I have a production environment. The non-security issues in the unpatched 1.0.0b release create substantial interoperability issues with servers and clients that support EECDH key agreement. These issues are more severe than the CVEs fixed in either 1.0.0b or 1.0.0c. Therefore, if you have deployed 1.0.0b, you really must IMHO upgrade to 1.0.0c. I have not deployed 1.0.0b (because of the pending issues); I'm still at 1.0.0a and have to decide whether to patch the vulnerabilities, or risk updating OpenSSL completely and retesting all of its consumers. Starting with 1.0.0, the stable release gets no new features, just bug fixes, so backporting just the CVE patches is not necessary, you can just deploy 1.0.0c shared libraries (and include files) in the locations where your previously had 1.0.0a libraries (and include files). -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Private Key from Windows Cert Store
I rebuild OpenSSL and didn't get a capi.dll. I'm using 0.9.8k. Is there something I'm missing in the build process that I need to change to get the engines to compiled in. From what I've read it looks like it builds these engines into the openssl dlls. The following returns still NULL for me. ENGINE_load_builtin_engines(); ENGINE *e = ENGINE_by_id(capi); -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, November 30, 2010 11:49 AM To: openssl-users@openssl.org Subject: Re: Private Key from Windows Cert Store On Tue, Nov 30, 2010, Fili, Tom wrote: Thanks, but I was more looking for docs on the interop of OpenSSL and the Crypto API. I got pretty most info from the capi that I needed except the private key, which from what I've read may not always be exportable anyway. I was looking for how to call the following functions with a location in the store, instead of a file. SSL_CTX_load_verify_locations SSL_CTX_use_PrivateKey_file SSL_CTX_use_certificate_chain_file or replacement functions that need to be called instead. Also, I'm having issues compiling with capi engine support. The engine doesn't appear to load as I get NULL from ENGINE_by_id(capi); When you build OpenSSL it should produce a capi.dll file which needs to be installed in an appopriate place: where depends on how you've configured OpenSSL. Do you want to use the private key for client authentication? If so there is an automatic certificate selection process which may help. Otherwise you call ENGINE_load_privatekey(engine, id, NULL, NULL); then pass the EVP_PKEY structure to SSL_CTX_use_PrivateKey(). Where id is (by default) a string passed to CertFindCertificateInStore(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0c released
Victor
I am still have issues with
the default ECDH parameters in 1.0.0c.
The key generation with NIST Prime-Curve P-192 crashes.
static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
{
int i;
BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
for (i = (top); i != 0; i--)
*_tmp1++ = *_tmp2++; //There is a problem here
}
Marcus
- Original Message -
From: Victor Duchovni victor.ducho...@morganstanley.com
To: openssl-users@openssl.org
Sent: Friday, December 03, 2010 8:06 AM
Subject: Re: OpenSSL 1.0.0c released
On Fri, Dec 03, 2010 at 09:50:49AM -0500, Erik Tkal wrote:
That's a pretty bold statement and doesn't always apply in a product
environment.
I have a production environment. The non-security issues in the unpatched
1.0.0b release create substantial interoperability issues with servers
and clients that support EECDH key agreement. These issues are more
severe than the CVEs fixed in either 1.0.0b or 1.0.0c. Therefore, if you
have deployed 1.0.0b, you really must IMHO upgrade to 1.0.0c.
I have not deployed 1.0.0b (because of the pending issues); I'm still
at 1.0.0a and have to decide whether to patch the vulnerabilities,
or risk updating OpenSSL completely and retesting all of its consumers.
Starting with 1.0.0, the stable release gets no new features, just bug
fixes, so backporting just the CVE patches is not necessary, you can
just deploy 1.0.0c shared libraries (and include files) in the locations
where your previously had 1.0.0a libraries (and include files).
--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: Private Key from Windows Cert Store
Ok, so I realized if I run Configure with no-static-engine I'll get the separate dlls. These are the commands I run C:\Documents and Settings\tfili\Desktop\openssl-0.9.8kperl Configure VC-WIN32 --prefix=c:\temp\openssl no-static-engine ms\do_ms.bat nmake -f ms\ntdll.mak Unfortunately I now get the following errors: link /debug /nologo /subsystem:console /opt:ref /debug /dll /out:out32dl l.dbg\4758cca.dll @C:\DOCUME~1\tfili\LOCALS~1\Temp\nm2E34.tmp Creating library out32dll.dbg\4758cca.lib and object out32dll.dbg\4758cca.exp e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_get_ex_data referenced in function _cca_rsa_pub_enc e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_size referenced in function _cca_rsa_pub_enc e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_free referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _OPENSSL_cleanse referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_malloc referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _i2d_X509_SIG referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _OBJ_nid2obj referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_put_error referenced in function _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_get_next_error_library referenced in function _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_set_implementation referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_ex_data_implementation referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_destroy_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_lock_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_create_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_add_lock_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_locking_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_mem_functions referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_get_static_state referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_cmd_defns referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_load_pubkey_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_load_privkey_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_ctrl_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_finish_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_init_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_destroy_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_RAND referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_RSA referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_name referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_id referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_load_strings referenced in function _ERR_load_CCA4758_strings e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_unload_strings referenced in function _ERR_unload_CCA4758_strings e_4758cca.obj : error LNK2019: unresolved external symbol _DSO_free referenced in function _ibm_4758_cca_init e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_get_ex_new_index referenced in function _ibm_4758_cca_init e_4758cca.obj : error LNK2019: unresolved external symbol _DSO_bind_func referenced in function _ibm_4758_cca_init e_4758cca.obj : error LNK2019: unresolved external symbol _DSO_load referenced in function _ibm_4758_cca_init e_4758cca.obj : error LNK2019: unresolved external symbol _BUF_strdup referenced in function _set_CCA4758_LIB_NAME e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_free referenced in function _ibm_4758_load_privkey e_4758cca.obj : error LNK2019: unresolved external symbol
Re: Private Key from Windows Cert Store
On Fri, Dec 03, 2010, Fili, Tom wrote: I rebuild OpenSSL and didn't get a capi.dll. I'm using 0.9.8k. Is there something I'm missing in the build process that I need to change to get the engines to compiled in. From what I've read it looks like it builds these engines into the openssl dlls. The following returns still NULL for me. ENGINE_load_builtin_engines(); ENGINE *e = ENGINE_by_id(capi); The CAPI ENGINE isn't compiled in by default in OpenSSL 0.9.8x, it needs the command line switch enable-capieng to Configure. Also the ENGINE dll build process isn't enabled in 0.9.8x so you'll get it built into libeay32.dll. The CAPI ENGINE is compiled by default in 1.0.0x and the dll ENGINE support enabled so you should get a capi.dll with that. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Private Key from Windows Cert Store
Hi, In order to enable the CAPI engine, you have to use the enable-capieng switch : this will compile the CAPI engine statically inside OpenSSL. Here is a example of configure command line for this : perl Configure VC-WIN32 --prefix=c:/openssl enable-capieng I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/3/2010 6:21 PM, Fili, Tom wrote: Ok, so I realized if I run Configure with no-static-engine I'll get the separate dlls. These are the commands I run C:\Documents and Settings\tfili\Desktop\openssl-0.9.8kperl Configure VC-WIN32 --prefix=c:\temp\openssl no-static-engine ms\do_ms.bat nmake -f ms\ntdll.mak Unfortunately I now get the following errors: link /debug /nologo /subsystem:console /opt:ref /debug /dll /out:out32dl l.dbg\4758cca.dll @C:\DOCUME~1\tfili\LOCALS~1\Temp\nm2E34.tmp Creating library out32dll.dbg\4758cca.lib and object out32dll.dbg\4758cca.exp e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_get_ex_data referenced in function _cca_rsa_pub_enc e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_size referenced in function _cca_rsa_pub_enc e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_free referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _OPENSSL_cleanse referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_malloc referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _i2d_X509_SIG referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _OBJ_nid2obj referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_put_error referenced in function _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_get_next_error_library referenced in function _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_set_implementation referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_ex_data_implementation referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_destroy_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_lock_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_create_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_add_lock_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_locking_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_mem_functions referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_get_static_state referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_cmd_defns referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_load_pubkey_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_load_privkey_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_ctrl_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_finish_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_init_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_destroy_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_RAND referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_RSA referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_name referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_id referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_load_strings referenced in function _ERR_load_CCA4758_strings e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_unload_strings referenced in function _ERR_unload_CCA4758_strings e_4758cca.obj : error LNK2019: unresolved external symbol _DSO_free referenced in function _ibm_4758_cca_init e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_get_ex_new_index referenced in function _ibm_4758_cca_init e_4758cca.obj : error LNK2019: unresolved external symbol _DSO_bind_func referenced in function _ibm_4758_cca_init e_4758cca.obj : error
nist_cp_bn issue
On Fri, Dec 03, 2010 at 09:10:41AM -0800, Marcus Carey wrote:
I am still have issues with the default ECDH parameters in 1.0.0c.
kEECDH handshakes appear to work.
The key generation with NIST Prime-Curve P-192 crashes.
How do you reproduce this?
static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
{
int i;
BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
for (i = (top); i != 0; i--)
*_tmp1++ = *_tmp2++; //There is a problem here
}
The above looks fine, in what context is this called?
The code in crypto/bn/bn_nist.c has not changed since 0.9.8j, it is
different in 0.9.8i.
http://cvs.openssl.org/chngview?cn=17756
I don't understand the code in BN_nist_mod_192(), which calls
nist_cp_bn(), it has rather obscure pointer manipulation:
/*
* we need 'if (carry==0 || result=modulus) result-=modulus;'
* as comparison implies subtraction, we can write
* 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
* this is what happens below, but without explicit if:-) a.
*/
mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
mask = 0-(size_t)carry;
---res = (BN_ULONG *)(((size_t)c_d~mask) | ((size_t)r_dmask));
nist_cp_bn(r_d, res, BN_NIST_192_TOP);
--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Remove me please
Sorry to use this list for this. But I have tried every way I know to get off the list suggestions?? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: Friday, December 03, 2010 1:04 PM To: openssl-users@openssl.org Subject: Re: Private Key from Windows Cert Store Hi, In order to enable the CAPI engine, you have to use the enable-capieng switch : this will compile the CAPI engine statically inside OpenSSL. Here is a example of configure command line for this : perl Configure VC-WIN32 --prefix=c:/openssl enable-capieng I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/3/2010 6:21 PM, Fili, Tom wrote: Ok, so I realized if I run Configure with no-static-engine I'll get the separate dlls. These are the commands I run C:\Documents and Settings\tfili\Desktop\openssl-0.9.8kperl Configure VC-WIN32 --prefix=c:\temp\openssl no-static-engine ms\do_ms.bat nmake -f ms\ntdll.mak Unfortunately I now get the following errors: link /debug /nologo /subsystem:console /opt:ref /debug /dll /out:out32dl l.dbg\4758cca.dll @C:\DOCUME~1\tfili\LOCALS~1\Temp\nm2E34.tmp Creating library out32dll.dbg\4758cca.lib and object out32dll.dbg\4758cca.exp e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_get_ex_data referenced in function _cca_rsa_pub_enc e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_size referenced in function _cca_rsa_pub_enc e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_free referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _OPENSSL_cleanse referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_malloc referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _i2d_X509_SIG referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _OBJ_nid2obj referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_put_error referenced in function _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_get_next_error_library referenced in function _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_set_implementation referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_ex_data_implementation referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_destroy_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_lock_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_create_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_add_lock_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_locking_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_mem_functions referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_get_static_state referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_cmd_defns referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_load_pubkey_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_load_privkey_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_ctrl_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_finish_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_init_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_destroy_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_RAND referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_RSA referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_name referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_id referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_load_strings referenced in function _ERR_load_CCA4758_strings e_4758cca.obj :
Re: nist_cp_bn issue
openssl ecdhtest
openssl s_server
Must use the -no_ecdhe flag.
openssl.exe s_server -no_ecdhe
ecdhetest.exe has the same access violation
Unhandled exception at 0x004222f6 in ecdhtest.exe: 0xC005: Access
violation reading location 0x0001
openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int *
a=0x0001, int top=8) Line 308 + 0x6 C
openssl.exe!BN_nist_mod_256(bignum_st * r=0x00acf2a0, const bignum_st *
a=0x00acf2a0, const bignum_st * field=0x005bd0b4, bignum_ctx *
ctx=0x00acd718) Line 641 + 0xf C
openssl.exe!ec_GFp_nist_field_mul(const ec_group_st * group=0x00acfc98,
bignum_st * r=0x00acf2a0, const bignum_st * a=0x00ad0848, const bignum_st *
b=0x00acff7c, bignum_ctx * ctx=0x00acd718) Line 176 + 0x1c C
openssl.exe!ec_GFp_simple_points_make_affine(const ec_group_st *
group=0x00acfc98, unsigned int num=4, ec_point_st * * points=0x00acf028,
bignum_ctx * ctx=0x00acd718) Line 1649 + 0x2e C
openssl.exe!EC_POINTs_make_affine(const ec_group_st * group=0x00acfc98,
unsigned int num=4, ec_point_st * * points=0x00acf028, bignum_ctx *
ctx=0x00acd718) Line 1108 + 0x18 C
openssl.exe!ec_wNAF_mul(const ec_group_st * group=0x00acfc98, ec_point_st
* r=0x00acfda0, const bignum_st * scalar=0x00acf008, unsigned int num=0,
const ec_point_st * * points=0x0012f8dc, const bignum_st * *
scalars=0x0012f8e0, bignum_ctx * ctx=0x00acd718) Line 649 + 0x15 C
openssl.exe!EC_POINTs_mul(const ec_group_st * group=0x00acfc98,
ec_point_st * r=0x00acfda0, const bignum_st * scalar=0x00acf008, unsigned
int num=0, const ec_point_st * * points=0x0012f8dc, const bignum_st * *
scalars=0x0012f8e0, bignum_ctx * ctx=0x00acd718) Line 1123 + 0x21 C
openssl.exe!EC_POINT_mul(const ec_group_st * group=0x00acfc98, ec_point_st
* r=0x00acfda0, const bignum_st * g_scalar=0x00acf008, const ec_point_st *
point=0x, const bignum_st * p_scalar=0x, bignum_ctx *
ctx=0x00acd718) Line 1139 + 0x3d C
openssl.exe!EC_KEY_generate_key(ec_key_st * eckey=0x00acf978) Line 275 +
0x1c C
openssl.exe!ssl3_ctx_ctrl(ssl_ctx_st * ctx=0x00acdbf8, int cmd=4, long
larg=0, void * parg=0x00ace568) Line 2648 + 0x9 C
openssl.exe!SSL_CTX_ctrl(ssl_ctx_st * ctx=0x00acdbf8, int cmd=4, long
larg=0, void * parg=0x00ace568) Line 1171 + 0x18 C
openssl.exe!s_server_main(int argc=0, char * * argv=0x003c2b64) Line 1565
+ 0x17 C
openssl.exe!do_cmd(lhash_st_FUNCTION * prog=0x00ac9a50, int argc=2, char *
* argv=0x003c2b5c) Line 413 + 0xe C
openssl.exe!main(int Argc=2, char * * Argv=0x003c2b5c) Line 312 + 0x14 C
openssl.exe!mainCRTStartup() Line 259 + 0x12 C
kernel32.dll!7c817077()
static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
{
int i;
BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
for (i = (top); i != 0; i--)
*_tmp1++ = *_tmp2++; //There is a problem here
}
int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
/*
.
.
.
*/
mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
mask = 0-(size_t)carry;
res = (BN_ULONG *)(((size_t)c_d~mask) | ((size_t)r_dmask));
nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here
r-top = BN_NIST_256_TOP;
bn_correct_top(r);
return 1;
}
- Original Message -
From: Victor Duchovni victor.ducho...@morganstanley.com
To: openssl-users@openssl.org
Sent: Friday, December 03, 2010 10:43 AM
Subject: nist_cp_bn issue
On Fri, Dec 03, 2010 at 09:10:41AM -0800, Marcus Carey wrote:
I am still have issues with the default ECDH parameters in 1.0.0c.
kEECDH handshakes appear to work.
The key generation with NIST Prime-Curve P-192 crashes.
How do you reproduce this?
static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
{
int i;
BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
for (i = (top); i != 0; i--)
*_tmp1++ = *_tmp2++; //There is a problem here
}
The above looks fine, in what context is this called?
The code in crypto/bn/bn_nist.c has not changed since 0.9.8j, it is
different in 0.9.8i.
http://cvs.openssl.org/chngview?cn=17756
I don't understand the code in BN_nist_mod_192(), which calls
nist_cp_bn(), it has rather obscure pointer manipulation:
/*
* we need 'if (carry==0 || result=modulus) result-=modulus;'
* as comparison implies subtraction, we can write
* 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
* this is what happens below, but without explicit if:-) a.
*/
mask =
0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
mask = 0-(size_t)carry;
---res = (BN_ULONG *)(((size_t)c_d~mask) | ((size_t)r_dmask));
nist_cp_bn(r_d, res, BN_NIST_192_TOP);
--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
RE: Remove me please
Go to http://www.openssl.org/support/community.html Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Richard Buskirk Sent: Friday, December 03, 2010 2:39 PM To: openssl-users@openssl.org Subject: Remove me please Sorry to use this list for this. But I have tried every way I know to get off the list suggestions?? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI Sent: Friday, December 03, 2010 1:04 PM To: openssl-users@openssl.org Subject: Re: Private Key from Windows Cert Store Hi, In order to enable the CAPI engine, you have to use the enable-capieng switch : this will compile the CAPI engine statically inside OpenSSL. Here is a example of configure command line for this : perl Configure VC-WIN32 --prefix=c:/openssl enable-capieng I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/3/2010 6:21 PM, Fili, Tom wrote: Ok, so I realized if I run Configure with no-static-engine I'll get the separate dlls. These are the commands I run C:\Documents and Settings\tfili\Desktop\openssl-0.9.8kperl Configure VC-WIN32 --prefix=c:\temp\openssl no-static-engine ms\do_ms.bat nmake -f ms\ntdll.mak Unfortunately I now get the following errors: link /debug /nologo /subsystem:console /opt:ref /debug /dll /out:out32dl l.dbg\4758cca.dll @C:\DOCUME~1\tfili\LOCALS~1\Temp\nm2E34.tmp Creating library out32dll.dbg\4758cca.lib and object out32dll.dbg\4758cca.exp e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_get_ex_data referenced in function _cca_rsa_pub_enc e_4758cca.obj : error LNK2019: unresolved external symbol _RSA_size referenced in function _cca_rsa_pub_enc e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_free referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _OPENSSL_cleanse referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_malloc referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _i2d_X509_SIG referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _OBJ_nid2obj referenced in function _cca_rsa_verify e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_put_error referenced in function _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_get_next_error_library referenced in function _ERR_CCA4758_error e_4758cca.obj : error LNK2019: unresolved external symbol _ERR_set_implementation referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_ex_data_implementation referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_destroy_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_lock_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_dynlock_create_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_add_lock_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_locking_callback referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _CRYPTO_set_mem_functions referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_get_static_state referenced in function _bind_engine e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_cmd_defns referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_load_pubkey_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_load_privkey_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_ctrl_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_finish_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_init_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_destroy_function referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_RAND referenced in function _bind_helper e_4758cca.obj : error LNK2019: unresolved external symbol _ENGINE_set_RSA referenced in function _bind_helper
RE: Private Key from Windows Cert Store
Ok, I got it loading. Thanks.
I'm still have an issue, which would stem from my lack of understanding
of OpenSSL. This seems to succeed in giving me the private key.
ENGINE_load_builtin_engines();
if( ENGINE *e = ENGINE_by_id(capi) )
{
if( ENGINE_init(e) )
{
ENGINE_register_complete(e);
EVP_PKEY *privateKey = ENGINE_load_private_key(e,
certificate.Subject().c_str(), 0, 0);
SSL_CTX_use_PrivateKey(pContext, privateKey);
ENGINE_finish(e);
ENGINE_free(e);
}
}
Now I need to make the equivalent call for SSL_CTX_use_certificate_file
which I'm guessing is SSL_CTX_use_certificate and I get the cert from
ENGINE_load_ssl_client_cert. I'm a little unclear on what to pass into
ENGINE_load_ssl_client_cert.
Also, will SSL_CTX_set_default_verify_paths use the CA certs from the
Windows store or is there another engine call I have to make?
Again, thanks. You have been so helpful.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Friday, December 03, 2010 12:27 PM
To: openssl-users@openssl.org
Subject: Re: Private Key from Windows Cert Store
On Fri, Dec 03, 2010, Fili, Tom wrote:
I rebuild OpenSSL and didn't get a capi.dll. I'm using 0.9.8k. Is
there
something I'm missing in the build process that I need to change to
get
the engines to compiled in. From what I've read it looks like it
builds
these engines into the openssl dlls.
The following returns still NULL for me.
ENGINE_load_builtin_engines();
ENGINE *e = ENGINE_by_id(capi);
The CAPI ENGINE isn't compiled in by default in OpenSSL 0.9.8x, it needs
the
command line switch enable-capieng to Configure. Also the ENGINE dll
build
process isn't enabled in 0.9.8x so you'll get it built into
libeay32.dll.
The CAPI ENGINE is compiled by default in 1.0.0x and the dll ENGINE
support
enabled so you should get a capi.dll with that.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: nist_cp_bn issue
On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote:
openssl ecdhtest
What is openssl ecdhtest?
Must use the -no_ecdhe flag.
openssl.exe s_server -no_ecdhe
With what cert/key? Any other options? What client invocation? ...
openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int *
a=0x0001, int top=8) Line 308 + 0x6 C
Sure looks like res is not quite right...
int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
/*
.
.
.
*/
mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
mask = 0-(size_t)carry;
res = (BN_ULONG *)(((size_t)c_d~mask) | ((size_t)r_dmask));
nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here
r-top = BN_NIST_256_TOP;
bn_correct_top(r);
return 1;
}
I don't understand the res = ... code, perhaps it is not portable
to your Windows compiler, or perhaps it is not right. Please
report a more detailed description of how you reproduce this.
--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Unknown SSL protocol when accessing server from AIX host
Hello, We use openssl with libcurl to programmatically access, upload to and download from various URL's using https, ftps, and smtps protocols. We can successfully perform our tasks on UNIX/Linux and Windows boxes, including Solaris on SPARC and Intel, Linux, etc. However, we consistently receive the following type of error message when we attempt to access SSL URL from our AIX5.3 and AIX6.1 boxes: INFO_TEXT: SSLv3, TLS handshake, Client hello (1): INFO_TEXT: Unknown SSL protocol error in connection to smtp.gmail.com:587 The message is being formatted by libcurl. We use OpenSSL 0.9.8e and 0.9.8p. We have verified that correct installation of OpenSSL is being used. Please advise. Thank you, Alona
Unknown SSL protocol when accessing server from AIX host
Hello, We use openssl with libcurl to programmatically access, upload to and download from various URL's using https, ftps, and smtps protocols. We can successfully perform our tasks on UNIX/Linux and Windows boxes, including Solaris on SPARC and Intel, Linux, etc. However, we consistently receive the following type of error message when we attempt to access SSL URL from our AIX5.3 and AIX6.1 boxes: INFO_TEXT: SSLv3, TLS handshake, Client hello (1): INFO_TEXT: Unknown SSL protocol error in connection to smtp.gmail.com:587 The message is being formatted by libcurl. We use OpenSSL 0.9.8e and 0.9.8p. We have verified that correct installation of OpenSSL is being used. Please advise. Thank you, Alona Alona Rossen Software Developer Connectivity Solutions Group Open Text Corporation 38 Leek Crescent, Richmond Hill, ON, L4B 4N8, Canada Phone: +1 (905) 762 6001 ext. 6908 Email: aros...@opentext.com Web site: http://connectivity.opentext.com This email is protected by domestic and international copyright laws and treaties and is the property of Open Text Corporation, it may contain confidential and/or trade secret information of the Open Text Corporation and/or its subsidiaries (OTC), and may be subject to legal privilege in favor of OTC. This email may only be lawfully received, accessed, displayed on a computer screen, printed, copied, and/or used by the specific addressee(s) named above (Authorized Recipient) for the purpose for which it was sent by OTC. All other rights and licenses to this email are fully reserved to OTC. If you are not an Authorized Recipient, you are required to immediately delete this email in its entirety without printing, copying, using, and/or re-transmitting this email, either in whole or in part. The transmission of this email by OTC is not to be construed as a waiver by OTC and/or the individual sending this email on behalf of OTC of any of their respective rights or privileges at law or otherwise, howsoever arising. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
CMS: message digest algorithm selection is ignored when signing receipts (+ peer-review request)
I am implementing a two-party messages exchange system based on CMS
for Liberté Linux (http://dee.su/liberte).
The command-line argument -md to openssl cms -sign_receipt is
apparently ignored, and the default digest algorithm (SHA-1 in my
tests) is used instead. In addition, the -noattr argument has the
same effect as -nosmimecap, apparently leaving some unnecessary
attributes (like signing time) - contrary to the manual.
Also, the last option marker - for openssl verify doesn't work,
contrary to the man page (perhaps the manual should be fixed).
The version is OpenSSL 1.0.0a on Gentoo Linux.
The script I use can be seen here:
https://liberte.svn.sourceforge.net/svnroot/liberte/trunk/liberte/src/home/anon/bin/cable
. Incidentally, I will be glad for some critical peer-review.
* ${certdir} contains user's certificates, and ${msgdir} contains
untrusted certificates fetched from the other end
* The principle is described briefly in the first section at at
http://dee.su/liberte-security
* The initial communication protocol description is at
https://liberte.svn.sourceforge.net/svnroot/liberte/trunk/liberte/doc/cable.txt
* Certificates generation is performed in
https://liberte.svn.sourceforge.net/svnroot/liberte/trunk/liberte/src/home/anon/bin/gen-anon-username
.
Thanks,
Maxim
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: nist_cp_bn issue
I used openssl to create a server certificate and key. The s_server
application never
loads because the error occurs using the default ECDH parameters. Then I
ran the ecdhtest application to see if there was a problem.
ecdhtest.exe is the test application in the crypto/ecdh directory for
testing elliptic curve Diffe-Hellman routines. All of the PRIME test
failed. However, the BINARY test passed. As long as no other applications
use these routines it should be okay. I guess.
- Original Message -
From: Victor Duchovni victor.ducho...@morganstanley.com
To: openssl-users@openssl.org
Sent: Friday, December 03, 2010 1:18 PM
Subject: Re: nist_cp_bn issue
On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote:
openssl ecdhtest
What is openssl ecdhtest?
Must use the -no_ecdhe flag.
openssl.exe s_server -no_ecdhe
With what cert/key? Any other options? What client invocation? ...
openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int *
a=0x0001, int top=8) Line 308 + 0x6 C
Sure looks like res is not quite right...
int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
/*
.
.
.
*/
mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
mask = 0-(size_t)carry;
res = (BN_ULONG *)(((size_t)c_d~mask) | ((size_t)r_dmask));
nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here
r-top = BN_NIST_256_TOP;
bn_correct_top(r);
return 1;
}
I don't understand the res = ... code, perhaps it is not portable
to your Windows compiler, or perhaps it is not right. Please
report a more detailed description of how you reproduce this.
--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
problem probably simply but not for me
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 how are you. me that I will begin to prepare for Christmas,... conserne in the code, I brought a lot of code changes is a bit more solid at the moment especially the server that I think is fulfilling its function. I work on the client and I can not finish a perfect construction of the executable. I am a victim of a fatal leak memory during the function call if (SSL_CONNECT (ssl) = 0) function call that fails on a fatal error. I do not understand where the problem can you help me gabriel you're probably stronger than me ... many return are welcome while the patch and other solutions will be welcome the source are deposit on github https://github.com/fakessh/openprojectssl fichier sslClient.c call SSL_CONNECT with segmentation fault - -- http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iD8DBQFM+ZYAtXI/OwkhZKcRAuPkAJ47g+djp748bdPs3NP1lwjSFBptRgCbBo/4 grR8NKeeYaiakjd9dZzJ1xk= =7Deo -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: nist_cp_bn issue
Hi,
What compiler are you using under Windows?
From my side, I have compiled and tested binaries produced by VC++ 2008
SP1 (cl version 15.00.30729.01) and the latest standalone native MinGW
(gcc 4.5.0), and in both cases everything is OK (no crash and all tests
succeed)
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 12/4/2010 1:59 AM, Marcus Carey wrote:
I used openssl to create a server certificate and key. The s_server
application never
loads because the error occurs using the default ECDH parameters. Then I
ran the ecdhtest application to see if there was a problem.
ecdhtest.exe is the test application in the crypto/ecdh directory for
testing elliptic curve Diffe-Hellman routines. All of the PRIME test
failed. However, the BINARY test passed. As long as no other
applications use these routines it should be okay. I guess.
- Original Message - From: Victor Duchovni
victor.ducho...@morganstanley.com
To: openssl-users@openssl.org
Sent: Friday, December 03, 2010 1:18 PM
Subject: Re: nist_cp_bn issue
On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote:
openssl ecdhtest
What is openssl ecdhtest?
Must use the -no_ecdhe flag.
openssl.exe s_server -no_ecdhe
With what cert/key? Any other options? What client invocation? ...
openssl.exe!nist_cp_bn(unsigned int * buf=0x00acea80, unsigned int *
a=0x0001, int top=8) Line 308 + 0x6 C
Sure looks like res is not quite right...
int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
/*
.
.
.
*/
mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
mask = 0-(size_t)carry;
res = (BN_ULONG *)(((size_t)c_d~mask) | ((size_t)r_dmask));
nist_cp_bn(r_d, res, BN_NIST_256_TOP); // There is a problem here
r-top = BN_NIST_256_TOP;
bn_correct_top(r);
return 1;
}
I don't understand the res = ... code, perhaps it is not portable
to your Windows compiler, or perhaps it is not right. Please
report a more detailed description of how you reproduce this.
--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: nist_cp_bn issue
On Fri, Dec 03, 2010 at 01:43:17PM -0500, Victor Duchovni wrote: I don't understand the code in BN_nist_mod_192(), which calls nist_cp_bn(), it has rather obscure pointer manipulation: /* * we need 'if (carry==0 || result=modulus) result-=modulus;' * as comparison implies subtraction, we can write * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' * this is what happens below, but without explicit if:-) a. */ mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); mask = 0-(size_t)carry; ---res = (BN_ULONG *)(((size_t)c_d~mask) | ((size_t)r_dmask)); nist_cp_bn(r_d, res, BN_NIST_192_TOP); On closer inspection, the mask is expected to always be all zeros or all ones, so this should select the value of one of the two pointers, assuming this is twos-complement arithmentic and (0-1) is 0x...fff then res should be either c_d or r_d. Somehow this did not work for you compiler. You may need to report what assembly code this produced and see where things went wrong... -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
