Re: Generating an ECDSA signature

2006-07-10 Thread Nils Larsch
Alfred Thomas wrote: Can anyone please help me to generate a ECDSA signature and verify it. I am using openssl 0.9.8b which I compiled for Windows CE and I am using embedded Visual C++. The problem is that I cannot find the definitions of NID_sect163r2 (Which is used in all the demos) anywhere.

Re: Generating an ECDSA signature

2006-07-10 Thread Nils Larsch
Alfred Thomas wrote: Hi Nils Sorry, I am still very new to OpenSSL, thanks for your quick response. I found the definition in obj_mac.h thanks, and I got the application to sign and verify the data. I am using low-level ECDSA_sign. We receive the public key as a binary file (not in a PKCS12 or

Re: Generating an ECDSA signature

2006-07-10 Thread Nils Larsch
Alfred Thomas wrote: did you try d2i_PUBKEY() ? In this functions doesn't work it would be interesting to know what format the public key has. Not yet, I will have a look at it now. I actually need an EC_KEY and d2i_PUBKEY() returns an EVP_PKEY, how can I get the EC_KEY needed?

Re: Read a DER encode X509 certificate from file

2006-07-12 Thread Nils Larsch
Alfred Thomas wrote: Hi all I need to read a DER encoded X509 certificate from file to get the public key to verify an ECDSA signature. Can anyone please give me a pointer as to what to do? What I need is to: Read the X509 certificate use d2i_X509() to decode the DER encoded certificate

Re: Unknown digest

2006-07-20 Thread Nils Larsch
Alfred Thomas wrote: Hi Can anyone please teel me why the attached PEM file gets an unknown message digest algorithm when I use openssl verify fail.pem The PEM file was a X509 certificate containing a ECDSA public key using the B-163 curve Any ideas would be appreciated. [EMAIL

Re: GENERAL_NAME_free

2006-07-20 Thread Nils Larsch
Bhat, Jayalakshmi Manjunath wrote: Hi All, Where do I find the definition for GENERAL_NAME_free? There are few files using this function. But I am not anle find the definition for this function. Please can any one help me. it's defined in crypto/x509v3/v3_genn.c through the

Re: EVP_Verify on self signed cert

2006-07-21 Thread Nils Larsch
Alfred Thomas wrote: Hi all Is the following supposed to work if testcert.pem is a selfsigned cert that failes with error 18 when I do openssl verify testcert.pem I want to ignore the fact that it is an untrusted cert and read the public key regardless. X509 * x509; EVP_MD_CTX md_ctx;

Re: SIGSEGV in ERR_error_string()

2006-08-26 Thread Nils Larsch
Grégory Starck wrote: Hi all, I'm experiencing reproductable segv in ERR_error_string. I've reduced my original code to a simpler test code wich show this ; see at end. It's reproductable on ubuntu and debian. If I use ERR_error_string_n then I've no problem. some infos about the ubuntu

Re: Unable to locate the keystore/certificate store or private key

2006-08-26 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi, I'm using openssl, (I think the slimmed down engine version), and openssl 0.9.6 ? since there's no separate engine verion for openssl = 0.9.7 attempting to support a program written by someone else. The server that I'm talking to recently moved to a new ISP

Re: SSL_set_cipher_list returns allways 1

2006-08-26 Thread Nils Larsch
Frank Büttner wrote: So now I think it is an bug in the version 0.9.8b. Because with lib 0.9.8a it will not happened. Can some one verify it? I've just tested openssl ciphers trash with openssl 0.9.8a, 0.9.8b and the cvs version (openssl ciphers calls SSL_CTX_set_cipher_list()) and all

Re: What are the letter codes for SSL_state_string()

2006-08-27 Thread Nils Larsch
Frank Büttner wrote: Hello, knows anyone the letter codes of the function SSL_state_string()? The the doc I only can read: RETURN VALUES Detailed description of possible states to be included later. :( try SSL_state_string_long() for a more detailed description of the current state. Cheers,

Re: Unable to locate the keystore/certificate store or private key

2006-08-28 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Nils, Yes, 0.9.6b is the exact version. Please help! hmm, did you read the rest of my mail ? Do you have the source code ? Cheers, Nils __ OpenSSL Project

Re: Unable to locate the keystore/certificate store or private key

2006-08-29 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Excellent, excellent idea. Is ssldump an API call? it's an application to analyze a ssl connection (see http://www.rtfm.com/ssldump/ ) Cheers, Nils __ OpenSSL Project

Re: Unable to locate the keystore/certificate store or private key

2006-08-31 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Nils, The basic succession of calls are as follows. I think the program waits for an ssl_read or ssl_write to implicitly trigger the handshake process. meth = TLSv1_client_method() SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); SSL_CTX_new(meth); ssl =

Re: Is there any API available to convert the DER formatted file to Base64 formatted file?

2006-09-06 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi Team, Is there any API available in OPENSSL to convert the DER formatted file to Base64 formatted file? Please let me know your thoughts. Thank you. have a look at what openssl base64 ... does (or openssl enc -base64 ...). Cheers, Nils

Re: ECDSA signature conversion ?

2006-10-18 Thread Nils Larsch
Michael Stephan wrote: Hallo, I try to verify an ECDSA signature, which is by definition given as the concatenation of 2 octet-streams (BIGNUM r and BIGNUM s), the base64 encoded version is: 449afHAqHfJZmkET0a0hYVpaj+n1bbe4eTmHRAQsA+Zsl/px3AWzb5fWGjRzWWtz (This is part of an xmldsig-ecdsa

Re: Creating custom ASN1 data structure

2006-10-18 Thread Nils Larsch
Hon Hwang wrote: Hi all, I am attempting to understand how to create ASN.1 data structure in OpenSSL. First off, a simple ASN.1 structure that I want to create as the starting point. VersionInfo := SEQUENCE { major INTEGER, minor INTEGER } From looking through the posts in this mailing

Re: BN_bin2bn problem

2006-10-19 Thread Nils Larsch
Olga Kornievskaia wrote: Hi, can anyone tell me how to fix the leading zero in BIGNUM. I have the following code: unsigned char pkinit_1024_dhprime[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80,

Re: BN_bin2bn problem

2006-10-20 Thread Nils Larsch
Olga Kornievskaia wrote: ... Ok. Thanks. I was hoping that a leading zero was the answer to my real problem which is. I'm using the above p and a generator g = 2 (both are well-known group 2 DH parameters described in the RFC 2412). I initialize the DH structure with them and the then call

Re: ecdsa certificates and sha256

2006-10-23 Thread Nils Larsch
Max Pritikin wrote: (Hello, I'm asking again. Please let me know if you think this would be more appropriately addressed to the openssl-dev list or something.) In summary: Is it possible to use sha256 when generating an ecdsa certificate? I'm currently working on it so please have a

Re: AW: SHA2

2006-10-30 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Is there already a stable version of OpenSSL in the field that supports SHA256? yep, 0.9.8 Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing

Re: Use of X509_NAME_oneline

2006-11-03 Thread Nils Larsch
Kaushalye Kapuruge wrote: Hi list, Here is my code to get the issuer of an X509 certificate in PEM format. I'm using X509_NAME_oneline() to convert the X509_NAME to a string. But the man page discourage the use of it. Is there any other function serves for the same purpose.

Re: d2i/i2d_EC_PUBKEY_bio and d2i/i2d_EC_PUBKEY_fp functions

2006-11-03 Thread Nils Larsch
Jordi Jaen Pallares wrote: Dear list, I used the ecdhtest.c file as starting point to write a small test application to do ECDH key exchange over a network. In order to encode the peer's public keys in a TCP message I used the i2d_EC_PUBKEY_bio functions to write the public keys to memory

Re: ECC curve problem

2006-11-22 Thread Nils Larsch
Abhishek Tripathi wrote: Hi Friends, Presently I am working on some code which uses the Openssl 0.9.8-dev version in which ECC support was provided first time. 0.9.8d has already been released Can anybody help me out from where I can get the change log which tells me

Re: ECC curve problem

2006-11-22 Thread Nils Larsch
Abhishek Tripathi wrote: Hi Nils , Thanks for your guidance but I kindly bring to your notice that 0.9.8-dev doesn't stands for 0.9.8d .It's the first version in 0.9.8 series before 0.9.8a.that's why I asked for change log because a lot of changes are made in latest

Re: ECC curve problem

2006-11-23 Thread Nils Larsch
Abhishek Tripathi wrote: Hi Nils, Now you got my point but the code on which I am working uses the too much internals of those structures .That why I needed the change log.In old OpenSSL code for the EC_KEY_METH_DATA they used some ECDSA_DATA_new() as follows EC_KEY *key ;

Re: ITU X509/ RFC 3281 Attribute Certificates API Beta

2006-11-24 Thread Nils Larsch
Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Tue, 10 Oct 2006 11:35:30 +0200, Daniel Diaz Sanchez [EMAIL PROTECTED] said: dds Hello, dds dds Some source code to generate attribute certificates using OpenSSL can be dds found at: dds dds

Re: EVP_Pkey serialize/desearileze from char

2006-11-28 Thread Nils Larsch
Marek Marcola wrote: Hello, I woud like my public key to be embedded in my source code as static char*, cause later I want to verify my licence with that key. x509 = PEM_read_X509(fp, NULL, NULL, NULL); pkey = X509_get_pubkey(x509); //Serialization for(i=0; i sizeof(*pkey); i++){

Re: Bignum is not thread-safe

2006-12-11 Thread Nils Larsch
Michal Trojnara wrote: Dear OpenSSL users, When performing stress-testing of stunnel with session cache disabled I receive core dumps on concurrent SSL_connect() calls. Here is an example stack backtrace: #0 0xa7e60d41 in BN_ucmp (a=0x80a28fc, b=0x80a1f08) at bn_lib.c:662 662

Re: ECDSA: using the same EC_KEY to sign and verify...

2006-12-15 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi all, here I come again. I'm testing the ECDSAtest.c approach to make my own test and I saw one thing that I don't really know if it's right. I'm sorry about taking your time, but I'm really trying to learn EC! 01 int main() { 02 const char message[] = abc; 03

Re: how to use the shared key through ECDH_compute_key method

2006-12-15 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi all, I'm a new user trying to use the EC_DH benefits on key sharing. But I'm having some problems to understand how it works... First, in(ecdhtest.c), aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1); it generates the following key in both

Re: ECSDA and digest algorithm OID in OpenSSL 0.9.9

2006-12-16 Thread Nils Larsch
Ulrich Matejek wrote: Hi everybody, when experimenting with OpenSSL v0.9.9 (since that version allows choosing the digest algorithm when creating a PKCS#7 structure) I encountered an odd behaviour: no matter what argument was specified for the -md parameter, the resulting PKCS#7 structure had

Re: ECSDA and digest algorithm OID in OpenSSL 0.9.9

2006-12-20 Thread Nils Larsch
Ulrich Matejek wrote: Hi everybody, when experimenting with OpenSSL v0.9.9 (since that version allows choosing the digest algorithm when creating a PKCS#7 structure) I encountered an odd behaviour: no matter what argument was specified for the -md parameter, the resulting PKCS#7 structure had

Re: Problem to compile static void *KDF1_SHA1

2006-12-21 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi all, I've created a method to generate ECDH Key, based on ecdhtest.c, available at /openssl/test directory. But I'm facing some trouble to compile it. I've inserted the following code in the begining of the file, acording ecdhtest.c, static const int KDF1_SHA1_len =

Re: BIT STRING Encoding with ECDSA-384 1 byte too long

2006-12-29 Thread Nils Larsch
Schifman, Jon wrote: I'm using OpenSSL 0.9.8d to work on generating X.509 certificates for use with ECDSA using the SECP384R1 curve. When I generate a certificate, the public key created is 97 bytes, but I know it should be 96 bytes (2 384 bit parameters for the x,y points on the curve). It

Re: Avoid large memory consumption when using pkcs7_sign

2006-12-29 Thread Nils Larsch
Hagai Yaffe wrote: Hello, I am using PKCS7_sign for applying Digital Signature to files, when I am creating an enveloped PKCS#7 file that contains also the signed file content all the signed file data is being loaded to memory (this would be a problem with large files), I know that I can

Re: OpenSSL crashes in verify with this specific file.

2007-02-12 Thread Nils Larsch
Steffen Lips wrote: Hi Kyle, I am using version 0.9.8c. I know that the verifying is ok when using -inform DER, because the format is DER. But when using -inform SMIME, OpenSSL normally exits normally with some error messages. But with this file openssl crashes. This happens in

Re: Sign using RSA-SHA1

2007-02-13 Thread Nils Larsch
Kaushalye Kapuruge wrote: Hi List, I need to sign a text using RSA-SHA1. ( http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 as per XML-Signature specification http://www.w3.org/TR/xmldsig-core/) I found a set of EVP_ functions to do this. i.e.

Re: Sign using RSA-SHA1

2007-02-14 Thread Nils Larsch
WCR wrote: Hi All I need to sign a text using RSA-SHA1. ( http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2000/09/xmldsig#rsa-sha1 as per XML-Signature specification http://www.w3.org/TR/xmldsig-core/) I'm a newbie and want to sign a RSA-SHA1 from the command line? I've tried:

Re: Public key validation for ECDSA

2007-03-02 Thread Nils Larsch
Xiaoyu Ruan wrote: Hi dear fellows, I would like to know if there is any function(s) in OpenSSL that handles public key validation for ECDSA. Given a point (public key) and a curve, I would like to test if this point is a valid public key for this curve. have a look at

Re: Public key validation for ECDSA

2007-03-03 Thread Nils Larsch
Victor Duchovni wrote: On Fri, Mar 02, 2007 at 05:56:24PM -0500, Xiaoyu Ruan wrote: Thanks. Refer to the sample test given in PKV.txt in http://csrc.nist.gov/cryptval/dss/ecdsatestvectors.zip. I tried EC_KEY_check_key() against six NIST recommended EC curves P-192 P-224 K-163 K-233 B-163

Re: 2 is not prime?

2007-03-07 Thread Nils Larsch
Bill Colvin wrote: To add to the list: openssl version OpenSSL 0.9.7m-fips 23 Feb 2007 openssl prime 2 2 is not prime I've committed a patch [1] for this problem only in openssl = 0.9.8 Nils [1] http://cvs.openssl.org/chngview?cn=14780

Re: How to read a EC_KEY from a certificate

2007-03-09 Thread Nils Larsch
Jordi Jaen Pallares wrote: ... Anyway, I will need to extract (sooner or later) the respective EC keys from the certificate, use X509_get_pubkey() + EVP_PKEY_get1_EC_KEY() (note: both function increase the reference count of the object) ... [EMAIL PROTECTED]:~/Work/test$ ./opencert Opened

Re: Bug in ASN1_item_d2i?

2007-03-12 Thread Nils Larsch
William Lachance wrote: Hi, I'm using the ASN1_item_d2i method for getting extension info out of an x509 certificate. It _appears_ that it's changing the dereferenced address of the 'in' parameter, even though it's supposed to be const. ... ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const

Re: Exporting not-by-default functions in OpenSSL DLLs

2007-03-14 Thread Nils Larsch
Xiaoyu Ruan wrote: Greetings All, I have two questions on OpenSSL: 1. How to have the DLLs or SO’s export functions that are not exported by default, such as ECDSA etc? don't know a function ECDSA ;-) Seriously, there (normally) is a reason why certain functions are not

Re: Problem with ecdsa

2007-03-18 Thread Nils Larsch
Moin Jürgen, Jürgen Heiss wrote: Hi everybody, I try to verify a xml file which was signed with ecdsa-sha1. I alredy read to SignatureValue from the xmlfile. which is. 724PlFGHTTL1cFlLFU6g6UetcPVBEAN6oNpogAUx3rgELFH86gA+NqvjVf316zek are you _really_ sure that this is a

Re: sigbuf parameter of RSA_verify

2007-03-18 Thread Nils Larsch
James Walker wrote: I'm wondering why the sigbuf parameter of RSA_verify is declared as unsigned char* rather than const unsigned char*. It's not going to change the signature, is it? it should not change the signature input and in openssl = 0.9.8 it is const. Nils

Re: configure --export?

2007-03-18 Thread Nils Larsch
Geoffrey Coram wrote: I'm using the OpenSSL DLLs to go along with my e-mail client, nPOP/nPOPuk, for Windows CE. For myself, I've successfully compiled 0.9.8d under Windows CE 2.11 for ARM (as well as MIPS and SH4); I can't find binaries for CE2.11 anywhere on the web. Some other nPOPuk

Re: Problem with ecdsa

2007-03-19 Thread Nils Larsch
Nils Larsch wrote: Moin Jürgen, Jürgen Heiss wrote: Hi everybody, I try to verify a xml file which was signed with ecdsa-sha1. I alredy read to SignatureValue from the xmlfile. which is. 724PlFGHTTL1cFlLFU6g6UetcPVBEAN6oNpogAUx3rgELFH86gA+NqvjVf316zek are you _really_ sure

Re: Problem with ecdsa

2007-03-20 Thread Nils Larsch
jimmy wrote: ... you see, as Nils, pointed out your blob is not in asn.1 der format (not starting with 0x30..). since ecdsa_sig is BIGNUM *r, *s; you can try using the BN_bin2bn() function to directly convert your blob to BIGNUM. you'll need to do this twice, once for r once for s. Since

Re: Import private key with d2i_AutoPrivateKey

2007-03-23 Thread Nils Larsch
Hellstern, Thomas (LfSt) wrote: ... [exec] d2i_AutoPrivateKey returned a key at 0x [exec] ERR_get_error()=218783872 (0x0d0a6080) [exec] ERR_lib_error_string(rc)=asn1 encoding routines [exec] ERR_func_error_string(rc)=LONG_C2I [exec]

Re: Openssl ocsp

2007-04-02 Thread Nils Larsch
[EMAIL PROTECTED] wrote: Hi all, I try to ask an ocsp responder for the status of some certificates using openssl as ocsp client. Doing that the client produces the following Messages: ---

Re: 0.9.8e changes BF cfb encryption

2007-04-11 Thread Nils Larsch
Valient Gough wrote: My previous mail doesn't seem to have appeared on the list, so sending again: Hello, As the maintainer of a package which uses OpenSSL, I've received some reports of 0.9.8e failing to decrypt data which was encrypted by previous versions of OpenSSL. Attached is a

Re: openssl error while retreaving key from smartcard from wpa_supplicant?

2007-07-02 Thread Nils Larsch
Carles Fernandez i Julia wrote: ... That's the point : I have the private key certificate stored in the smartcard, not located in a plain file. That's why I commented the line above. the engine doesn't support using certificates stored on smart cards (and I don't even think that this extremly

Re: openssl error while retreaving key from smartcard from wpa_supplicant?

2007-07-03 Thread Nils Larsch
Carles Fernandez i Julia wrote: En/na Nils Larsch ha escrit: Carles Fernandez i Julia wrote: ... That's the point : I have the private key certificate stored in the smartcard, not located in a plain file. That's why I commented the line above. the engine doesn't support using certificates

Re: EC 224bits

2007-07-10 Thread Nils Larsch
C K KIRAN-KNTX36 wrote: Hi All, Is there any crypto function similar to the below one, int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); for EC, int EC_set_private_key(const unsigned char *userKey, const int bits, EC_KEY *key); int

Re: Key generation

2005-03-16 Thread Nils Larsch
Michael D'Errico wrote: Hi, I read somewhere that it is a good idea to cryptographically hash your key material to generate a key, so I wrote a function to do that. it's an even better idea to use well known/tested algorithm for key generation I'm not exactly sure I'm doing what they suggest, so

Re: DSA key size

2005-03-17 Thread Nils Larsch
Michael D'Errico wrote: I want to find out how big a DSA key is (to enforce a lower limit) but DSA_size only reports the size of a signature. Is there some way to find out how many bits the key is? in case you mean with size of the key the size of the modulus p you could do something like

Re: I have an x509 certificate, how can I sign email with it? What is the command?

2005-03-23 Thread Nils Larsch
Chevalier, Victor T. wrote: I have an x509 certificate, how can I sign email with it? What is the command? 'openssl smime ...' Nils __ OpenSSL Project http://www.openssl.org User Support Mailing

Re: New user trying to figure out certificates

2005-03-23 Thread Nils Larsch
line:pem_lib.c:637:Expecting: ANY PRIVATE KEY 19549:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709: yep, no private key present hence this error message Cheers, Nils -- Nils Larsch [EMAIL PROTECTED] OpenSSL Project http

Re: Initialization Vectors.

2005-03-24 Thread Nils Larsch
recommend to use them Cheers, Nils -- Nils Larsch [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~nils/ __ OpenSSL Project http://www.openssl.org User Support

Re: Possible to have multiple organizational units in openssl.cnf?

2005-03-24 Thread Nils Larsch
On Thu, Mar 24, 2005, Chevalier, Victor T. wrote: Is it possible to have multiple organizational units in openssl.cnf? I am trying to define more than one OU, not sure how. 0.OU = bla1 1.OU = bla2 ... Cheers, Nils -- Nils Larsch [EMAIL PROTECTED] OpenSSL Project

Re: d2i_X509_bio i2d_X509 problem?

2005-03-26 Thread Nils Larsch
Justin Hsiung wrote: Hi, I had a small program as shown below to read a self-signed DER encoded certificate from Linux filesystem and still want to keep it in DER format in buf. Therefore, I use both d2i_X509_bio i2d_X509 to achieve this. Unfortunately, I encountered some problems when I

Re: RES: cert extract / unable to load PKCS7 object

2005-03-28 Thread Nils Larsch
Rafael wrote: I'm sorry. Below is the file that I'm using. -BEGIN PKCS7- MIII7gYJKoZIhvcNAQcCoIII3zCCCNsCAQExADALBgkqhkiG9w0BBwGgggjDMIIC SzCCAbSgAwIB AgIDDldsMA0GCSqGSIb3DQEBBAUAMGIxCzAJBgNVBAYTAlpBMSU wIwYDVQQKExxUaGF3dGUgQ29u c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEy ... openssl doesn't

Re: Problem deallocating memory using d2i_TS_RESP

2005-03-29 Thread Nils Larsch
Aftab Alam wrote: Hi All, I am using the following code to create TS response object from DER encoded data, bool CreateResponseFromFile(const char * pszTSResponsePath) { char * buffer; long size; //C:\\ts\\TstResponse.tsr ifstream file (pszTSResponsePath,

Re: EVP Public Key Interface X low level RSA

2005-03-29 Thread Nils Larsch
Rafael Cividanes wrote: I was studing the EVP interface for public key to use RSA. I'd like to know if the low level interface using /openssl/rsa.h/ is better than EVP (hight level) solution. In symetric encryption the list told me that EVP interface was the best solution. unless you need

Re: Problems with EVP_DecryptFinal

2005-03-29 Thread Nils Larsch
Tyler Durden wrote: Hello, I write the next c programming code that allow to do a test of encryption and decryption. I understand that I do bad, because the EVP_DecryptionFinal return 0 therefore the decrypted data are not match that the original data. Please help me. Thaks very much The code is

Re: DH_generate_key generates wrong public key size?

2005-04-01 Thread Nils Larsch
Bob Bradley wrote: I'm seeing DH_generate_key generate a public key that is 1 byte less than expected (127 instead of 128 bytes for a 1024-bit key), but only sporadically (about every 200-300 tries). I've written the following test case that always fails for me in less than 300 iterations. I've

Re: DH_generate_key generates wrong public key size?

2005-04-01 Thread Nils Larsch
Bob Bradley wrote: On 4/1/05 1:57 AM, Nils Larsch [EMAIL PROTECTED] wrote: the dh public key is the result of g**k mod p (k is the private key) operation and hence may have less than BN_num_bytes(p) bytes (approx. every 256 key should have = 127 bytes). I didn't realize that. Thanks

Re: unreachable l code in OpenSSL 0.9.7f

2005-04-01 Thread Nils Larsch
prakash babu wrote: Hello All, I find some unreachable codes in OpenSSL 0.9.7f . Their details are as follows. *File:pk7_lib.c Line: 187 */break; p7-d.signed_and_enveloped-enc_data-content_type =OBJ_nid2obj(NID_pkcs7_data); break;/ ... please create a ticket by

Re: Problem building shared libs for openssl0.9.7f

2005-04-02 Thread Nils Larsch
Erik Leunissen wrote: L.S. About a week ago, I mentioned in a post to this newsgroup a problem building shared libraries for openssl0.9.7f on Linux. I wondered whether others are able to build shared libs, or perhaps are able to reproduce the problem. Below you find specifics about my system

Re: DH_generate_key generates wrong public key size?

2005-04-02 Thread Nils Larsch
Bob Bradley wrote: On 4/1/05 8:20 AM, Nils Larsch [EMAIL PROTECTED] wrote: this of course reduces the key space for the private key, but if you really need a fixed size public key you need to do it. Would it reduce security or be unsafe to simply prepend zero bytes after calling BN_bn2bin

Re: [openssl-users] I need some help with parsing a X509 certificate

2005-04-06 Thread Nils Larsch
Francois noel wrote: Hi When I read a PEM certificate with PEM_read_bio_X509(bp, NULL, 0, NULL); that return me a X509 object. who can I display it in STRING or char * format? try X509_print_ex Nils __ OpenSSL Project

Re: Problem with RSA_private_decrypt RSA_print_fp

2005-04-13 Thread Nils Larsch
Tyler Durden wrote: Sorry, I forget put in the flen parameter of the function RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding); the value returned by the RSA_public_encrypt(...), but I have not solved the problem with the function int RSA_print_fp(FILE

Re: plans for SHA-256, SHA-384, SHA-512 ?

2005-04-13 Thread Nils Larsch
Phil Howard wrote: Are there any plans to add SHA-256, SHA-384, and SHA-512 to OpenSSL? have a look at 0.9.8-dev (use a recent snapshot of the cvs head) Nils __ OpenSSL Project

Re: How to manage memory in d2i_XX functions

2005-04-14 Thread Nils Larsch
Aftab Alam wrote: Hi All, Ive been finding it difficult to manage memory while using OpenSSL d2i functions. I have written the following function to Sign OCSP request. unsigned char *in = new unsigned char[OCSPRequestData.GetLength()]; memcpy(in, OCSPRequestData.GetData(),

Re: Problem with RSA_private_decrypt RSA_print_fp

2005-04-14 Thread Nils Larsch
Tyler Durden wrote: I am using Windows 2000 and XP with Visula Studio .NET. Sorry I don't know what is backtrace. did you read the FAQ entry I've compiled a program under Windows and it crashes: why? ? Nils __ OpenSSL Project

Re: Generate RSA key

2005-04-19 Thread Nils Larsch
Angel Martinez Gonzalez wrote: Hello: I want to generate a RSA pair key. I do the following: RSA *claveRSA; int num = 1024; // Tamaño del módulo. unsigned long e = 3; // Exponente público RAND_screen(); claveRSA = RSA_new(); claveRSA = RSA_generate_key(num, e, NULL, NULL); the RSA_new()

Re: WRONG FINAL BLOCK LENGTH

2005-04-19 Thread Nils Larsch
Douglas Laing wrote: I copied the do_crypt routine (General encryption, decryption function example using FILE I/O and RC2 with an 80 bit key) from the EVP_EncryptInit(3) man page and used it to encrypt a 433282 byte file. Function EVP_CipherFinal_ex fails and ERR_get_error returns

Re: Error with PEM_write_RSAPrivateKey function

2005-04-19 Thread Nils Larsch
Angel Martinez Gonzalez wrote: Hello: I use this function to generate a RSA pair key and write the public and private key in a files. But this function have a error at execution time. what kind or error (error message) ? Nils __

Re: Timestamp server and certificate creation

2005-04-19 Thread Nils Larsch
Sebastiano Zabert wrote: Hi, I'm trying to setup a timestamp server on a linux box with debian. I've downloaded and compiled apache_1.3.33, mod_ssl-2.8.22-1.3.33 and mod_tsa; all fine until I try to start apache, the server don't start and when I go to search in logs/error_log i find: [Mon Apr

Re: Error with PEM_write_RSAPrivateKey function

2005-04-20 Thread Nils Larsch
Angel Martinez Gonzalez wrote: Hello: This is the error message that I obtained: The instruction in 0x78468216 refers to memory in 0x0010. Memory can not written. I send you a image with this error message. did you read the FAQ item I've compiled a program under Windows and it crashes: why? ?

Re: Downgrade OpenSSL

2005-04-20 Thread Nils Larsch
Stefan Müller wrote: Hi, I am running FreeBSD 5.3Beta4 with OpenSSL 0.9.7d installed. For my student research project on timing attacks against SSL, I need to downgrade OpenSSL to version 0.9.7 release Dec 31_2002 (or to OpenSSL = 0.9.6h) since newer versions are already patched against these

Re: Encrypting binary files with evp symmetric cipher - Error

2005-04-20 Thread Nils Larsch
Rafael Cividanes wrote: Hi, I'm trying to do a program to encrypt and decrypt a file using EVP API. I read the input file (plaintext) in binary mode using a buffer of 100 bytes to encrypt. The function restult_aes is the encryption / decryption funcion. I'm calling the funcions EVP_Encrypt and

Re: Problem with BN_rand_range

2005-04-22 Thread Nils Larsch
Angel Martinez Gonzalez wrote: Hello: I want to generate a random number making use of BN_rand_range() function. But I obtain an error at execution time. This is my code: error = BN_rand_range(A, claveDSA_TTP-q); if (error == 1) printf (A obtenido correctamente\n); else printf (Error

Re: Problem using DSA_verify()

2005-04-24 Thread Nils Larsch
Erik Leunissen wrote: L.S. I'm having a problem using DSA_verify. The actual call in my C program (including some context), the results on stdout and lookup of the meaning of openssl error codes are given below. I still cannot conclude from the meaning of the error messages what I've done

Re: Problem using DSA_verify()

2005-04-24 Thread Nils Larsch
Erik Leunissen wrote: Nils Larsch wrote: ==result = DSA_verify(NID_sha1, hash, 20, \ sig, 20, dsa); sure that your signature is 20 bytes long, as it is a structure containing two 160 bit numbers it seems a little bit short to me :) Thanks for your response, Nils. You appear

Re: Using ripemd160 causes nonvalid digital signature CA

2005-04-27 Thread Nils Larsch
Oliver wrote: Would anyone be aware whether a problem exists using ripemd160 message digests when creating a self-signed CA in OpenSSL, as opposed to using SHA1. I recently created a self-signed CA using ripemd160 as opposed to SHA1 using Win32 OpenSSL v0.9.7f on a WinXP system; however, when

Re: Usage of DSA parameters p, q and g with DSA_verify() and DSA_sign()

2005-04-27 Thread Nils Larsch
Erik Leunissen wrote: L.S. It is unclear to me whether a DSA object used for signing (using DSA_sign() ), need the parameters p, q and g filled in, or just the private key? An analogous question regarding a DSA object used for verifying (using DSA_verify() ). Does it need the parameters filled

Re: SHA2

2005-05-11 Thread Nils Larsch
Milan Tomic wrote: I'm trying to generate self signed certificates with sha256, sha384 and sha512 algorithms for testing purposes. It seems openssl.exe doesn't understand it, although I have downloaded latest version (openssl-0.9.7g). try a recent snapshot from 0.9.8-dev (the cvs head) Nils

Re: Verifying a signature

2005-05-11 Thread Nils Larsch
Andreas Hoffmann wrote: ... md_ctx = EVP_MD_CTX_create(); EVP_VerifyInit_ex(md_ctx, EVP_sha1(), NULL ); EVP_VerifyUpdate(md_ctx, data, data_length); sig_err = EVP_VerifyFinal(md_ctx, signature, signature_length, pkey); if (sig_err == -1) { printf(An error occured while verifying the

Re: Problem to cipher/decypher a struct with RSA

2005-05-11 Thread Nils Larsch
Angel Martinez Gonzalez wrote: Hello: I want to cypher/decypher an struct: struct PeticionSeudonimo { char *mensaje; int id_peticion; DES_cblock *clave_simetrica; }peticion_seudonimo; To do this, I first convert this struct to char *: char *ptrPeticionSeudonimo = (char

Re: Valgrind suppressions?

2005-05-15 Thread Nils Larsch
Brad Hards wrote: I'm coming across a lot of valgrind warnings for the BN code. Eg: ==20718== Conditional jump or move depends on uninitialised value(s) ==20718==at 0x4E34666D: bn_mul_recursive (bn_mul.c:111) ==20718==by 0x4E3475D2: BN_mul (bn_mul.c:708) ==20718==by 0x4E34D1CC:

Re: Problems with the function i2d_DSA_PUBKEY(...)

2005-05-19 Thread Nils Larsch
Tyler Durden wrote: Hellos, I have some problems with the function i2d_DSA_PUBKEY. I want serialize the public key to send this to a client Java for this can read this public key. I get serialize with openSSL, but the Java client throw an exception of the bad encoded when read this. Java have

Re: Problem loading engine module libgmp.so

2005-05-24 Thread Nils Larsch
prakash babu wrote: Hello All, I am using OpenSSL version 0.9.8 beta. I built this version successfully in HPUX. While using the engine command I am able to load *all the engines* except *libgmp.so* *1. openssl engine - dynamic -pre

Re: Doubt regarding EMSA-PKCS1-v1_5

2005-05-24 Thread Nils Larsch
Suram Chandra Sekhar wrote: Hi all, I have a doubt regarding EMSA-PKCS1-v1_5 usage in OpenSSL. My requirement is that I want to sign some data using a specific Hash Algorithm (SHA1). For this Iam trying to do the following steps instead of calling rsa_sign() function directly. 1.

Re: Doubt regarding EMSA-PKCS1-v1_5

2005-05-24 Thread Nils Larsch
Ken Goldman wrote: ... RSA_private_encrypt adds only the 0x00 || 0x01 || PS || 0x00 padding (if padding == RSA_PKCS1_PADDING). If you want to let openssl do the whole encoding/padding use RSA_sign or if you want to create the T value manually you need to use i2d_X509_SIG, see RSA_sign.

Re: EVP_SignFinal third parameter type

2005-05-27 Thread Nils Larsch
Silvia Gisela Pavon Velasco wrote: I'm trying to sign a file and when I try to compile it I get the following warning in the EVP_SignFinal function: $ cc -o sign_test -I/opt/openssl/include -lssl -lcrypto sign_test.c cc: sign_test.c, line 43: warning 604: Pointers are not

Re: valgrind errors

2005-06-02 Thread Nils Larsch
Alexis Lefort wrote: Hello all, I develeopped a server which seems to work quite fine. When I use Valgrind to check for problems, it returns me thousands of problems wich seems to be caused by the OpenSSL librairie! follows some of the returns: ==23622== Syscall param write(buf) points to

Re: Read a Bignum from file

2005-06-03 Thread Nils Larsch
Angel Martinez Gonzalez wrote: Hello: I wrote a BIGNUM into a file using the function: int BN_print_fp(FILE *fp, const BIGNUM *a); But, How I can read this bignum from this file?. I don´t know a openssl function to read a bignum from a file. read it into memory and use BN_hex2bn

  1   2   3   >