Re: EC 224bits

2007-07-10 Thread Nils Larsch
C K KIRAN-KNTX36 wrote: Hi All, Is there any crypto function similar to the below one, int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); for EC, int EC_set_private_key(const unsigned char *userKey, const int bits, EC_KEY *key); int

Re: openssl error while retreaving key from smartcard from wpa_supplicant?

2007-07-03 Thread Nils Larsch
Carles Fernandez i Julia wrote: En/na Nils Larsch ha escrit: Carles Fernandez i Julia wrote: ... That's the point : I have the private key certificate stored in the smartcard, not located in a plain file. That's why I commented the line above. the engine doesn't support using certificates

Re: openssl error while retreaving key from smartcard from wpa_supplicant?

2007-07-02 Thread Nils Larsch
Carles Fernandez i Julia wrote: ... That's the point : I have the private key certificate stored in the smartcard, not located in a plain file. That's why I commented the line above. the engine doesn't support using certificates stored on smart cards (and I don't even think that this extremly

Re: 0.9.8e changes BF cfb encryption

2007-04-11 Thread Nils Larsch
Valient Gough wrote: My previous mail doesn't seem to have appeared on the list, so sending again: Hello, As the maintainer of a package which uses OpenSSL, I've received some reports of 0.9.8e failing to decrypt data which was encrypted by previous versions of OpenSSL. Attached is a

Re: Openssl ocsp

2007-04-02 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi all, I try to ask an ocsp responder for the status of some certificates using openssl as ocsp client. Doing that the client produces the following Messages: ---

Re: Import private key with d2i_AutoPrivateKey

2007-03-23 Thread Nils Larsch
Hellstern, Thomas (LfSt) wrote: ... [exec] d2i_AutoPrivateKey returned a key at 0x [exec] ERR_get_error()=218783872 (0x0d0a6080) [exec] ERR_lib_error_string(rc)=asn1 encoding routines [exec] ERR_func_error_string(rc)=LONG_C2I [exec]

Re: Problem with ecdsa

2007-03-20 Thread Nils Larsch
jimmy wrote: ... you see, as Nils, pointed out your blob is not in asn.1 der format (not starting with 0x30..). since ecdsa_sig is BIGNUM *r, *s; you can try using the BN_bin2bn() function to directly convert your blob to BIGNUM. you'll need to do this twice, once for r once for s. Since

Re: Problem with ecdsa

2007-03-19 Thread Nils Larsch
Nils Larsch wrote: Moin Jürgen, Jürgen Heiss wrote: Hi everybody, I try to verify a xml file which was signed with ecdsa-sha1. I alredy read to SignatureValue from the xmlfile. which is. 724PlFGHTTL1cFlLFU6g6UetcPVBEAN6oNpogAUx3rgELFH86gA+NqvjVf316zek are you _really_ sure

Re: Problem with ecdsa

2007-03-18 Thread Nils Larsch
Moin Jürgen, Jürgen Heiss wrote: Hi everybody, I try to verify a xml file which was signed with ecdsa-sha1. I alredy read to SignatureValue from the xmlfile. which is. 724PlFGHTTL1cFlLFU6g6UetcPVBEAN6oNpogAUx3rgELFH86gA+NqvjVf316zek are you _really_ sure that this is a

Re: sigbuf parameter of RSA_verify

2007-03-18 Thread Nils Larsch
James Walker wrote: I'm wondering why the sigbuf parameter of RSA_verify is declared as unsigned char* rather than const unsigned char*. It's not going to change the signature, is it? it should not change the signature input and in openssl = 0.9.8 it is const. Nils

Re: configure --export?

2007-03-18 Thread Nils Larsch
Geoffrey Coram wrote: I'm using the OpenSSL DLLs to go along with my e-mail client, nPOP/nPOPuk, for Windows CE. For myself, I've successfully compiled 0.9.8d under Windows CE 2.11 for ARM (as well as MIPS and SH4); I can't find binaries for CE2.11 anywhere on the web. Some other nPOPuk

Re: Exporting not-by-default functions in OpenSSL DLLs

2007-03-14 Thread Nils Larsch
Xiaoyu Ruan wrote: Greetings All, I have two questions on OpenSSL: 1. How to have the DLLs or SO’s export functions that are not exported by default, such as ECDSA etc? don't know a function ECDSA ;-) Seriously, there (normally) is a reason why certain functions are not

Re: Bug in ASN1_item_d2i?

2007-03-12 Thread Nils Larsch
William Lachance wrote: Hi, I'm using the ASN1_item_d2i method for getting extension info out of an x509 certificate. It _appears_ that it's changing the dereferenced address of the 'in' parameter, even though it's supposed to be const. ... ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const

Re: How to read a EC_KEY from a certificate

2007-03-09 Thread Nils Larsch
Jordi Jaen Pallares wrote: ... Anyway, I will need to extract (sooner or later) the respective EC keys from the certificate, use X509_get_pubkey() + EVP_PKEY_get1_EC_KEY() (note: both function increase the reference count of the object) ... [EMAIL PROTECTED]:~/Work/test$ ./opencert Opened

Re: 2 is not prime?

2007-03-07 Thread Nils Larsch
Bill Colvin wrote: To add to the list: openssl version OpenSSL 0.9.7m-fips 23 Feb 2007 openssl prime 2 2 is not prime I've committed a patch [1] for this problem only in openssl = 0.9.8 Nils [1] http://cvs.openssl.org/chngview?cn=14780

Re: Public key validation for ECDSA

2007-03-03 Thread Nils Larsch
Victor Duchovni wrote: On Fri, Mar 02, 2007 at 05:56:24PM -0500, Xiaoyu Ruan wrote: Thanks. Refer to the sample test given in PKV.txt in http://csrc.nist.gov/cryptval/dss/ecdsatestvectors.zip. I tried EC_KEY_check_key() against six NIST recommended EC curves P-192 P-224 K-163 K-233 B-163

Re: Public key validation for ECDSA

2007-03-02 Thread Nils Larsch
Xiaoyu Ruan wrote: Hi dear fellows, I would like to know if there is any function(s) in OpenSSL that handles public key validation for ECDSA. Given a point (public key) and a curve, I would like to test if this point is a valid public key for this curve. have a look at

Re: Sign using RSA-SHA1

2007-02-14 Thread Nils Larsch
WCR wrote: Hi All I need to sign a text using RSA-SHA1. ( http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 as per XML-Signature specification http://www.w3.org/TR/xmldsig-core/) I'm a newbie and want to sign a RSA-SHA1 from the command line? I've tried:

Re: Sign using RSA-SHA1

2007-02-13 Thread Nils Larsch
Kaushalye Kapuruge wrote: Hi List, I need to sign a text using RSA-SHA1. ( http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 as per XML-Signature specification http://www.w3.org/TR/xmldsig-core/) I found a set of EVP_ functions to do this. i.e.

Re: OpenSSL crashes in verify with this specific file.

2007-02-12 Thread Nils Larsch
Steffen Lips wrote: Hi Kyle, I am using version 0.9.8c. I know that the verifying is ok when using -inform DER, because the format is DER. But when using -inform SMIME, OpenSSL normally exits normally with some error messages. But with this file openssl crashes. This happens in

Re: BIT STRING Encoding with ECDSA-384 1 byte too long

2006-12-29 Thread Nils Larsch
Schifman, Jon wrote: I'm using OpenSSL 0.9.8d to work on generating X.509 certificates for use with ECDSA using the SECP384R1 curve. When I generate a certificate, the public key created is 97 bytes, but I know it should be 96 bytes (2 384 bit parameters for the x,y points on the curve). It

Re: Avoid large memory consumption when using pkcs7_sign

2006-12-29 Thread Nils Larsch
Hagai Yaffe wrote: Hello, I am using PKCS7_sign for applying Digital Signature to files, when I am creating an enveloped PKCS#7 file that contains also the signed file content all the signed file data is being loaded to memory (this would be a problem with large files), I know that I can

Re: Problem to compile static void *KDF1_SHA1

2006-12-21 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi all, I've created a method to generate ECDH Key, based on ecdhtest.c, available at /openssl/test directory. But I'm facing some trouble to compile it. I've inserted the following code in the begining of the file, acording ecdhtest.c, static const int KDF1_SHA1_len =

Re: ECSDA and digest algorithm OID in OpenSSL 0.9.9

2006-12-20 Thread Nils Larsch
Ulrich Matejek wrote: Hi everybody, when experimenting with OpenSSL v0.9.9 (since that version allows choosing the digest algorithm when creating a PKCS#7 structure) I encountered an odd behaviour: no matter what argument was specified for the -md parameter, the resulting PKCS#7 structure had

Re: ECSDA and digest algorithm OID in OpenSSL 0.9.9

2006-12-16 Thread Nils Larsch
Ulrich Matejek wrote: Hi everybody, when experimenting with OpenSSL v0.9.9 (since that version allows choosing the digest algorithm when creating a PKCS#7 structure) I encountered an odd behaviour: no matter what argument was specified for the -md parameter, the resulting PKCS#7 structure had

Re: ECDSA: using the same EC_KEY to sign and verify...

2006-12-15 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi all, here I come again. I'm testing the ECDSAtest.c approach to make my own test and I saw one thing that I don't really know if it's right. I'm sorry about taking your time, but I'm really trying to learn EC! 01 int main() { 02 const char message[] = abc; 03

Re: how to use the shared key through ECDH_compute_key method

2006-12-15 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi all, I'm a new user trying to use the EC_DH benefits on key sharing. But I'm having some problems to understand how it works... First, in(ecdhtest.c), aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1); it generates the following key in both

Re: Bignum is not thread-safe

2006-12-11 Thread Nils Larsch
Michal Trojnara wrote: Dear OpenSSL users, When performing stress-testing of stunnel with session cache disabled I receive core dumps on concurrent SSL_connect() calls. Here is an example stack backtrace: #0 0xa7e60d41 in BN_ucmp (a=0x80a28fc, b=0x80a1f08) at bn_lib.c:662 662

Re: EVP_Pkey serialize/desearileze from char

2006-11-28 Thread Nils Larsch
Marek Marcola wrote: Hello, I woud like my public key to be embedded in my source code as static char*, cause later I want to verify my licence with that key. x509 = PEM_read_X509(fp, NULL, NULL, NULL); pkey = X509_get_pubkey(x509); //Serialization for(i=0; i sizeof(*pkey); i++){

Re: ITU X509/ RFC 3281 Attribute Certificates API Beta

2006-11-24 Thread Nils Larsch
Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Tue, 10 Oct 2006 11:35:30 +0200, Daniel Diaz Sanchez [EMAIL PROTECTED] said: dds Hello, dds dds Some source code to generate attribute certificates using OpenSSL can be dds found at: dds dds

Re: ECC curve problem

2006-11-23 Thread Nils Larsch
Abhishek Tripathi wrote: Hi Nils, Now you got my point but the code on which I am working uses the too much internals of those structures .That why I needed the change log.In old OpenSSL code for the EC_KEY_METH_DATA they used some ECDSA_DATA_new() as follows EC_KEY *key ;

Re: ECC curve problem

2006-11-22 Thread Nils Larsch
Abhishek Tripathi wrote: Hi Friends, Presently I am working on some code which uses the Openssl 0.9.8-dev version in which ECC support was provided first time. 0.9.8d has already been released Can anybody help me out from where I can get the change log which tells me

Re: ECC curve problem

2006-11-22 Thread Nils Larsch
Abhishek Tripathi wrote: Hi Nils , Thanks for your guidance but I kindly bring to your notice that 0.9.8-dev doesn't stands for 0.9.8d .It's the first version in 0.9.8 series before 0.9.8a.that's why I asked for change log because a lot of changes are made in latest

Re: Use of X509_NAME_oneline

2006-11-03 Thread Nils Larsch
Kaushalye Kapuruge wrote: Hi list, Here is my code to get the issuer of an X509 certificate in PEM format. I'm using X509_NAME_oneline() to convert the X509_NAME to a string. But the man page discourage the use of it. Is there any other function serves for the same purpose.

Re: d2i/i2d_EC_PUBKEY_bio and d2i/i2d_EC_PUBKEY_fp functions

2006-11-03 Thread Nils Larsch
Jordi Jaen Pallares wrote: Dear list, I used the ecdhtest.c file as starting point to write a small test application to do ECDH key exchange over a network. In order to encode the peer's public keys in a TCP message I used the i2d_EC_PUBKEY_bio functions to write the public keys to memory

Re: AW: SHA2

2006-10-30 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Is there already a stable version of OpenSSL in the field that supports SHA256? yep, 0.9.8 Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing

Re: ecdsa certificates and sha256

2006-10-23 Thread Nils Larsch
Max Pritikin wrote: (Hello, I'm asking again. Please let me know if you think this would be more appropriately addressed to the openssl-dev list or something.) In summary: Is it possible to use sha256 when generating an ecdsa certificate? I'm currently working on it so please have a

Re: BN_bin2bn problem

2006-10-20 Thread Nils Larsch
Olga Kornievskaia wrote: ... Ok. Thanks. I was hoping that a leading zero was the answer to my real problem which is. I'm using the above p and a generator g = 2 (both are well-known group 2 DH parameters described in the RFC 2412). I initialize the DH structure with them and the then call

Re: BN_bin2bn problem

2006-10-19 Thread Nils Larsch
Olga Kornievskaia wrote: Hi, can anyone tell me how to fix the leading zero in BIGNUM. I have the following code: unsigned char pkinit_1024_dhprime[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80,

Re: ECDSA signature conversion ?

2006-10-18 Thread Nils Larsch
Michael Stephan wrote: Hallo, I try to verify an ECDSA signature, which is by definition given as the concatenation of 2 octet-streams (BIGNUM r and BIGNUM s), the base64 encoded version is: 449afHAqHfJZmkET0a0hYVpaj+n1bbe4eTmHRAQsA+Zsl/px3AWzb5fWGjRzWWtz (This is part of an xmldsig-ecdsa

Re: Creating custom ASN1 data structure

2006-10-18 Thread Nils Larsch
Hon Hwang wrote: Hi all, I am attempting to understand how to create ASN.1 data structure in OpenSSL. First off, a simple ASN.1 structure that I want to create as the starting point. VersionInfo := SEQUENCE { major INTEGER, minor INTEGER } From looking through the posts in this mailing

Re: Is there any API available to convert the DER formatted file to Base64 formatted file?

2006-09-06 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi Team, Is there any API available in OPENSSL to convert the DER formatted file to Base64 formatted file? Please let me know your thoughts. Thank you. have a look at what openssl base64 ... does (or openssl enc -base64 ...). Cheers, Nils

Re: Unable to locate the keystore/certificate store or private key

2006-08-31 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Nils, The basic succession of calls are as follows. I think the program waits for an ssl_read or ssl_write to implicitly trigger the handshake process. meth = TLSv1_client_method() SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); SSL_CTX_new(meth); ssl =

Re: Unable to locate the keystore/certificate store or private key

2006-08-29 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Excellent, excellent idea. Is ssldump an API call? it's an application to analyze a ssl connection (see http://www.rtfm.com/ssldump/ ) Cheers, Nils __ OpenSSL Project

Re: Unable to locate the keystore/certificate store or private key

2006-08-28 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Nils, Yes, 0.9.6b is the exact version. Please help! hmm, did you read the rest of my mail ? Do you have the source code ? Cheers, Nils __ OpenSSL Project

Re: What are the letter codes for SSL_state_string()

2006-08-27 Thread Nils Larsch
Frank Büttner wrote: Hello, knows anyone the letter codes of the function SSL_state_string()? The the doc I only can read: RETURN VALUES Detailed description of possible states to be included later. :( try SSL_state_string_long() for a more detailed description of the current state. Cheers,

Re: SIGSEGV in ERR_error_string()

2006-08-26 Thread Nils Larsch
Grégory Starck wrote: Hi all, I'm experiencing reproductable segv in ERR_error_string. I've reduced my original code to a simpler test code wich show this ; see at end. It's reproductable on ubuntu and debian. If I use ERR_error_string_n then I've no problem. some infos about the ubuntu

Re: Unable to locate the keystore/certificate store or private key

2006-08-26 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi, I'm using openssl, (I think the slimmed down engine version), and openssl 0.9.6 ? since there's no separate engine verion for openssl = 0.9.7 attempting to support a program written by someone else. The server that I'm talking to recently moved to a new ISP

Re: SSL_set_cipher_list returns allways 1

2006-08-26 Thread Nils Larsch
Frank Büttner wrote: So now I think it is an bug in the version 0.9.8b. Because with lib 0.9.8a it will not happened. Can some one verify it? I've just tested openssl ciphers trash with openssl 0.9.8a, 0.9.8b and the cvs version (openssl ciphers calls SSL_CTX_set_cipher_list()) and all

Re: EVP_Verify on self signed cert

2006-07-21 Thread Nils Larsch
Alfred Thomas wrote: Hi all Is the following supposed to work if testcert.pem is a selfsigned cert that failes with error 18 when I do openssl verify testcert.pem I want to ignore the fact that it is an untrusted cert and read the public key regardless. X509 * x509; EVP_MD_CTX md_ctx;

Re: Unknown digest

2006-07-20 Thread Nils Larsch
Alfred Thomas wrote: Hi Can anyone please teel me why the attached PEM file gets an unknown message digest algorithm when I use openssl verify fail.pem The PEM file was a X509 certificate containing a ECDSA public key using the B-163 curve Any ideas would be appreciated. [EMAIL

Re: GENERAL_NAME_free

2006-07-20 Thread Nils Larsch
Bhat, Jayalakshmi Manjunath wrote: Hi All, Where do I find the definition for GENERAL_NAME_free? There are few files using this function. But I am not anle find the definition for this function. Please can any one help me. it's defined in crypto/x509v3/v3_genn.c through the

Re: Read a DER encode X509 certificate from file

2006-07-12 Thread Nils Larsch
Alfred Thomas wrote: Hi all I need to read a DER encoded X509 certificate from file to get the public key to verify an ECDSA signature. Can anyone please give me a pointer as to what to do? What I need is to: Read the X509 certificate use d2i_X509() to decode the DER encoded certificate

Re: Generating an ECDSA signature

2006-07-10 Thread Nils Larsch
Alfred Thomas wrote: Can anyone please help me to generate a ECDSA signature and verify it. I am using openssl 0.9.8b which I compiled for Windows CE and I am using embedded Visual C++. The problem is that I cannot find the definitions of NID_sect163r2 (Which is used in all the demos) anywhere.

Re: Generating an ECDSA signature

2006-07-10 Thread Nils Larsch
Alfred Thomas wrote: Hi Nils Sorry, I am still very new to OpenSSL, thanks for your quick response. I found the definition in obj_mac.h thanks, and I got the application to sign and verify the data. I am using low-level ECDSA_sign. We receive the public key as a binary file (not in a PKCS12 or

Re: Generating an ECDSA signature

2006-07-10 Thread Nils Larsch
Alfred Thomas wrote: did you try d2i_PUBKEY() ? In this functions doesn't work it would be interesting to know what format the public key has. Not yet, I will have a look at it now. I actually need an EC_KEY and d2i_PUBKEY() returns an EVP_PKEY, how can I get the EC_KEY needed?

Re: valgrind warnings for 0.9.8b

2006-06-14 Thread Nils Larsch
Erik Leunissen wrote: I've run under valgrind an application which has been linked to libcrypto.a from the openssl0.9.8b release. Valgrind reports some warnings which all relate to uninitialized values. I really do not know whether that's significant, but just in case I attach the valgrind

Re: i can't find the EC_PRIVATEKEY_new()) and d2i_EC_PRIVATEKEY()

2006-06-14 Thread Nils Larsch
孙 金龙 wrote: when i watch the EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) { int ok=0; EC_KEY *ret=NULL; EC_PRIVATEKEY *priv_key=NULL; if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {

Re: i am confused in PEM_read_PrivateKey

2006-06-14 Thread Nils Larsch
孙 金龙 wrote: thanks! i only want to read ec privatekey my ec privatekey is below -BEGIN EC PRIVATE KEY- MGACAQEEGAu0lmj+Fgurl8m7Tpwi4+wZk9GRSgdyjKALBgkqgRzXYwEBAgGhNAMy AQS0/wY++sZk+W3QERcmJ+5m1l+PKkaFhJelGBfWaDN4vmSZg7ltf8YtRaUVvyaS m1I= -END EC PRIVATE KEY- so i use

Re: valgrind warnings for 0.9.8b

2006-06-14 Thread Nils Larsch
Marek Marcola wrote: Hello, Erik Leunissen wrote: I've run under valgrind an application which has been linked to libcrypto.a from the openssl0.9.8b release. Valgrind reports some warnings which all relate to uninitialized values. I really do not know whether that's significant, but just in

Re: generate EMV Certificate

2006-05-15 Thread Nils Larsch
hao chen wrote: Hi, I highly appreciate if any one can tell me if openssl is able to generate EMV Certificate. no, you need to create them manually using the basic hash and RSA operations. Cheers, Nils __ OpenSSL Project

Re: ECC in Openssl!

2006-05-11 Thread Nils Larsch
puneet batura wrote: Hi, I am trying to generate a 163 bit key in openssl using ECC but was not been able to do so. I am using openssl-0.9.8a version can anyone show me a example how to do that? for example openssl ecparam -name sect163k1 -out eckey.pem -genkey -noout should work ...

Re: ECC in Openssl!

2006-05-11 Thread Nils Larsch
puneet batura wrote: Hi Nils, Yes i have tried that but it says that 'ecparam' is not a valid argument.i am using openssl-0.9.8a version. Is this supported for this version or i have to go with some other version. it should be supported in 0.9.8a but perhaps it has been disabled in your

Re: Problems building 0.9.8a on Intel Mac

2006-04-20 Thread Nils Larsch
Marko Asplund wrote: On 2006-04-14, at 12.26, Nils Larsch wrote: try a recent snapshot from the stable branch and let openssl build shared libraries (see first problem mentioned in the PROBLEM file). i tried the workaround described in the PROBLEMS file with openssl-0.9.8-stable-SNAP

Re: Problems building 0.9.8a on Intel Mac

2006-04-14 Thread Nils Larsch
[EMAIL PROTECTED] wrote: hi i'm having problems trying to build OpenSSL 0.9.8a on an Intel based Mac OS X 10.4.6. if i've understood correctly, building goes fine up to the point where the openssl binary is being linked. at that point i get lots of errors about undefined symbols and the

Re: mactel install?

2006-03-30 Thread Nils Larsch
John Russell wrote: ./Configure darwin-i386-cc --prefix=/usr/webtools05/apache2 --openssldir=/usr/webtools05/apache2/ Install on mac (intel) fails with collect2: ld returned 1 exit status make[2]: *** [link_app.] Error 1 make[1]: *** [openssl] Error 2 make: *** [build_apps] Error 1 This is

Re: Multiple calls to ERR_load_crypto_string()

2006-03-23 Thread Nils Larsch
Fukuba, Yoshiki wrote: Hi, After multiple calls to ERR_load_crypto_string(), we cannot get error message using ERR_error_string(). A short sample is as follows: = #include openssl/err.h int main() { ERR_load_crypto_strings(); printf(%s\n,ERR_error_string(101163138,NULL));

Re: DSA_sign()

2006-03-02 Thread Nils Larsch
Julien Demoor wrote: Hello, I'm getting an error with the DSA_sign() function : data too large for key size. I have inputed a 40-byte-long string representing a hexadecimal SHA-1 digest. I can't find what the correct digest format is, nor if anything else may lead to that error. DSA_sign()

Re: calling SSL_library_init multiple times

2006-02-27 Thread Nils Larsch
Jagannadha Bhattu G wrote: Hi, Can I call SSL_library_init multiple times in my code under different threads? as SSL_library_init() initializes global tables it should only be called from one thread a time and of course no other thread should use the global data while SSL_library_init() is

Re: Diffarent Error codes have same value

2006-02-15 Thread Nils Larsch
Konark wrote: Hi All , I found in ssl.h header file that error codes repeats many times like. #define SSL_R_BAD_ECDSA_SIGNATURE 1112 #define SSL_R_KEY_ARG_TOO_LONG 1112 #define SSL_R_BAD_ECDSA_SIGNATURE

Re: short-ish signatures (again)

2006-02-14 Thread Nils Larsch
Bob Mearns wrote: ... DSA, with its 320-bit sigs, is out for this application. I've played with RSA a bit, but I run into problems with the digest being too long when using RSA keys shorter than 384 bits. I thought I'd read that the RSA signature should be the same length as the number of bits

Re: short-ish signatures (again)

2006-02-14 Thread Nils Larsch
Victor Duchovni wrote: On Tue, Feb 14, 2006 at 02:50:19PM -0800, Bob Mearns wrote: Sorry - more details: This isn't a comm aplication - it amounts to authentication of application data files. The signer is an utility which exists solely in a vendor's environment. The verifier is an

Re: X509_STORE

2006-02-02 Thread Nils Larsch
Steffen Lips wrote: Hi, We have already some leaks in our application. I found out, that for STACK_OF(X509) there are two cleanup functions. sk_X509_free to free only the 'stackframe', and sk_509_pop_free for freeing the whole stack. Is there something for X509_STORE, too? X509_STORE_free

Re: Memory leaks

2006-01-27 Thread Nils Larsch
Steffen Lips wrote: Hi everybody, we have written a server application wich uses openssl. now we found out, that memory increases rapidly. Then we found out, that there are memory leaks in openssl. so try this little program: #include openssl/bio.h #include openssl/err.h #include string.h

Re: [EMAIL PROTECTED]: Using ECDH with OpenSSL]

2005-12-03 Thread Nils Larsch
Hines, Philip D. wrote: Using the C API. I am working on a plugin for GAIM which uses ECDH for establishing encrypted sessions. I think I figured out most of it...right now I can make it work locally, but the public and private keys are in structures with many pointers and I am having

Re: [EMAIL PROTECTED]: Using ECDH with OpenSSL]

2005-12-02 Thread Nils Larsch
,,, Can you give me any pointers on using ECDH (and ECDSA if possible) with OpenSSL? I have been trying to find documentation, but I just can't find any, and the code is not commented so it is hard to tell what I need to do to use it. C api or command line ? In case of the former I've added

Re: dynamic engines in openssl.cnf

2005-11-14 Thread Nils Larsch
Cornelius Koelbel wrote: ... But I'd like to load the engine from the config file, so that I can add the openssl command to a script. --snip-- [ openssl_init ] engines = engine_section [ engine_section ] pkcs11 = pkcs11_engine_section [ pkcs11_engine_section ] init= 1

Re: base64 encode/decode

2005-11-02 Thread Nils Larsch
Patrick Guio wrote: ... I think there is a typo in the code snippet on the webpage http://www.openssl.org/docs/crypto/BIO_f_base64.html# The statement while((inlen = BIO_read(bio, inbuf, 512) 0) should read while((inlen = BIO_read(bio, inbuf, 512)) 0) I've committed a fix for the underlying

Re: EC Digest error

2005-11-01 Thread Nils Larsch
Lloyd Brown wrote: Hello all, I'm struggling to get some openssl elliptic curve based file digest/digital sig work done. I'm able to generate both ec and rsa keys without a problem, and am trying to digest a file using the openssl dgst command. However, I get something like this: [EMAIL

Re: EC Digest error

2005-11-01 Thread Nils Larsch
Lloyd Brown wrote: ... [EMAIL PROTECTED]:~$ openssl dgst -ecdsa-with-SHA1 -hex -sign ec.key.prime192v2.pem -out ec.test.sig.hex.sha512 .viminfo [EMAIL PROTECTED]:~$ openssl dgst -ecdsa-with-SHA1 -hex -verify ec.key.prime192v2.pem.pub -signature ec.test.sig.hex.sha512 .viminfo Error Verifying

Re: Enumerating supported algorithms

2005-10-12 Thread Nils Larsch
by OpenSSL_add_all_digests etc. Cheers, Nils -- Nils Larsch [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~nils/ __ OpenSSL Project http://www.openssl.org User Support

Re: EVP_EcryptInit() obsolete?

2005-10-12 Thread Nils Larsch
On Wed, Oct 12, 2005, Adam Jones wrote: I have been told that EVP_EcryptInit() is obsolete and EVP_EncryptInit_ex() should be used instead. Can anyone confirm that? this is correct, see: http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#NOTES Cheers, Nils -- Nils Larsch

Re: duplicate RSA struct

2005-10-03 Thread Nils Larsch
Stefan Vatev wrote: Hello guys, I'd like to know what's the best way to duplicate the RSA struct. I want something like X509_dup. The only way that come to my mind is to rsa = RSA_new() and then for each member of rsa to BN_new and BN_dup Any ideas will be highly appreciated. what about: RSA

Re: 0.9.8: simple engine call causes loop

2005-09-28 Thread Nils Larsch
Kent Yoder wrote: One concern here... The solution as it is in the latest snapshot will require apps to always call ENGINE_load_builtin_engines() before a ENGINE_load_dynamic() should be sufficient call to ENGINE_by_id(ID), even if ID is a shared object engine. Is this the desired

Re: 0.9.8: simple engine call causes loop

2005-09-27 Thread Nils Larsch
Kent Yoder wrote: Hi, Calling ENGINE_by_id(anything) before making any other calls to OpenSSL seems to cause infinite recursion in trying to load the dynamic engine. I believe adding a call to ENGINE_load_dynamic() before attempting to load the dynamic engine inside ENGINE_by_id() will fix

Re: DH shared key generation using Oakley groups.

2005-09-24 Thread Nils Larsch
joseph k j wrote: ... I am using openssl-0.9.8-stable-SNAP-20050810, BN_set_word(BIGNUM *a, unsigned long w); what should i do if i need to set a prime whose bits exceeds that of a long. can some one give me a pointer to a good doc on BN. depends on the format of the number

Re: DH shared key generation using Oakley groups.

2005-09-23 Thread Nils Larsch
joseph k j wrote: hello everyone, I am currently using the following functions, a = DH_new(); DH_generate_parameters_ex(a, prime_len, generator, cb ); here i see the prime generated is random, each time i call the function it genrerates a new prime. but how is it possible for me to

Re: how do I build openssl with elliptic curve support?

2005-09-23 Thread Nils Larsch
David Stutzman wrote: I've tried a few different ./config lines and I can't seem to enable any of the elliptic curve functionality. When I run openssl ciphers I don't see any EC stuff. Can someone please provide a list of the things to enable or just a whole ./config command? you don't

Re: how do I build openssl with elliptic curve support?

2005-09-23 Thread Nils Larsch
David Stutzman wrote: Nils Larsch wrote: you don't need special config options to enable the ecc stuff, they should be enabled by default the ecc ssl ciphers are experimental and hence not listed unless you explicilty specify them (there's still no rfc for tls with ecc). Try openssl ciphers

Re: crypto

2005-09-23 Thread Nils Larsch
Saber Zrelli wrote: Hi , I am trying to use openssl's crypto library to encrypt packets before transmitting them into a TCP connection. I have some difficulties on using DES funcions. below is the code I wrote, it compiles but core-dump occurs at line 48. char *

Re: Diffie Hellman Parameter Generation Question

2005-09-21 Thread Nils Larsch
Jonathon Green wrote: Hi List, I have a question which is partly OpenSSL specific and partly a more general Diffie-Hellman (parameter generation) question The background for my problem is that I'm writing an engine and am trying to implement the: int (*generate_params)(DH *dh, int

Re: compile opensll with -d option

2005-09-07 Thread Nils Larsch
Stefan Vatev wrote: I'm struggling in compiling the openssl with the debug option. As it's written in the INSTALL file I type in ./config -d The last line of the output is : Configured for debug-linux-elf, so I think it's configured well. The error i get when I try to make it is : /usr/bin/ld:

Re: problem with d2i_X509() ??

2005-09-04 Thread Nils Larsch
Rajeshwar Singh Jenwar wrote: Hi All, I have to read x509 certificate(in .pem format) from memory. I have written two functions. Fn.1 /* get X509 structure from memory. */ extern X509 *mem2x509(vchar_t *cert) { X509 *x509; unsigned char *bp; bp = (unsigned char *) cert-v; x509 =

Re: DES_ede3_cbc_encrypt and padding

2005-09-02 Thread Nils Larsch
Alicia da Conceicao wrote: Greetings: The DES_ede3_cbc_encrypt() routine does not appear to properly pad data to fill out the last block. Consider, if the last block contains 4 bytes for the unencrypted text test, DES_ede3_cbc_encrypt() is only padding the remaining characters with NULL

Re: OSSL 0.9.8 Engine problems

2005-08-31 Thread Nils Larsch
Steffen Pankratz wrote: On Tue, 30 Aug 2005 23:53:37 +0200 Nils Larsch [EMAIL PROTECTED] wrote: Steffen Pankratz wrote: ... well, if openssl is build without DES support the DES nids are not added to the internal list of OIDs when OPENSSL_add_all_ciphers is called, hence the OBJ_* functions

Re: Openssl Engine calling code (soft pkcs11) also written in openssl conflict

2005-08-31 Thread Nils Larsch
Christopher Nebergall wrote: I've been working with some patches to curl I found on the curl mailing list to support openssl and opensc's engine_pkcs11. Basically it consists of Curl 7.14 + patch which adds dynamic engine support - opensc-20050826 [engine_pkcs11.so] - soft-pkcs11 1.2 on

Re: OSSL 0.9.8 Engine problems

2005-08-30 Thread Nils Larsch
Steffen Pankratz wrote: ... well, if openssl is build without DES support the DES nids are not added to the internal list of OIDs when OPENSSL_add_all_ciphers is called, hence the OBJ_* functions know nothing about DES. logical any chance to make openssl aware of -des-ecb when build without

Re: CA generation/certificate serial number

2005-08-30 Thread Nils Larsch
Frédéric Donnat wrote: Hi, Sorry for the mistake (nothing to deal with openssl.cnf file). I was just looking for ca.txt file. Is it normal behavior of openssl to be able to view a certificate without serial number using (without any error mentioned): openssl x509 -in some_cert_without_sn.pem

Re: openssl ciphers

2005-08-29 Thread Nils Larsch
Steven Reddie wrote: Which version are you using? 0.9.8 does what I'd expect: $ openssl ciphers AES+DES Error in cipher list 3312:error:144020B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1167: yep, this has been fixed in OpenSSL_0_9_7-stable and

Re: ecc keys of openssl- support by IE and Firefox

2005-08-19 Thread Nils Larsch
Gaurav Kumar wrote: i am newbie to ECC, kindly let me know if ECC keys generated by openssl are supported by Internet explorer / FireFox or not. it should be noted that there's still no RFC for tls with ecc, so everything is still very experimental. Nils

  1   2   3   >