[openssl-users] Bug or Not in 1.0.2b?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello. I try to compile OpenSSL under Windows 7 64-bit. I am using MinGW64. All Paths to Perl x64 etc. are set. Configure Parameter: ./Configure -—prefix=/c/opensslx64 no-idea no-mdc2 no-rc5 shared mingw64 Dependencies are built fine. But when I run make to build the Library, I get the following Error Message: ghash-x86_64.s: Assembler messages: ghash-x86_64.s:931: Error: junk `.15473355479995e+19' after expression make[2]: *** [ghash-x86_64.o] Error 1 make[2]: Leaving directory `/c/opensslsrc64/crypto/modes' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/c/opensslsrc64/crypto' make: *** [build_crypto] Error 1 Is this a Bug? Or a incompatibility? Thanks :) Oliver -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJVhT6CAAoJEPq9qaaq4qg9YCIQAKDfKF27d5Pra/VSg7Mo9YJZ o+wOoMzi1IbY9aUEL7TaqmvE+Fz+dZgA9S+xT9XkhNmC9N/YAPuhRnR150nafP1/ tK/Fywyqhng+mQTI7+5aPLPS7G8uwGdOiPtpgfHtnf+CNt2IK4ht7atPdQA+w6o8 T3yGWdkJ7OlIiKMl4i4GQoz/xiWz1ArYkDoeoLRBKPxENeKY7QLXuFIS+Yg1X+Dj HkMbcK3KlgaqsSciOHVf7q4+O1rEcsuwH/9rozvg4CcRluXkxP0bboAVJmKPEf1H a1TUFH1KmwmFm1hgdTCVEBkmbtEAe9G1v+gX2WxOIuCzvoNSDWRZbU9G4lXG+uoi loK8+miQgDwr27wDi0zNi3gFMIsTF0c06j6mYasSEcQg92+Kc1M3cSblFYQSQ/gK hbM7bUTayWkea5sObfYOtYfc6auF5tFMtbUzhMvveAkFoHGmm3fbufgw3tPN3dFo ZuyfhDhU/G3bbTsmcuQU9Vv7uhx3mQqQdPglq3sir9yusy/dqWeE9AFqK8C62ngo cH/AyrvAuhETvyeRaJOkewJUYKA2VmNYvKKxVC0k1S1rOX/13W30QnrvO9gXmq47 8bQ4n65BhsD64sieYy6ArGp3C7ZO6Qmvl6jRLq4ne1sDH2TWY5cBM8BOobkJWgJ1 Qc2O0TDpwBKe64FS6nE2 =P9pH -END PGP SIGNATURE- ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] beginner needs advice on data signature/verification
Hi, I hope some of you could give me advice on my project using openssl. Lets say I have a server/service on a machine processing a file a corresponding client sends. That file is usually created by me on a clean third machine. The server side is assumed to be uncompromised (no hacker). The client side may be compromised. Now I need to make sure that the service only accepts those files that are created by me. I believe that is a very common requirement and has been done alot of times - I just can't find tutorials on how to implement it. Know any ? Lets assume I have an x509 cert together with its private key signed by a ca owned by me. The trusted ca cert will be present on the server side. This is what I plan to do: 1.) Create the data files/blobs and sign them using the priv key of the cert. Distribute the cert and the signature along with (or inside) the data file. 2.) Have the client send that data file to the server (cert/sig first) 3.) Service receives the cert, builds a cert store with the local ca cert in it and verifies the client's cert with X509_verify_cert() 4.) if cert verifies ok, service compares the signature against the one calculated from the incoming data using the public key that came inside the cert just verified Would this be the right approach considering that anything the client sends may be forged (cert, sig, data...) ? Or would it be safer to have the cert used for signing stored on the server side and not send with the data (instead just its subject protected by the signature) ? Thanks alot, Marco X509_verify_cert X509_verify_cert ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users