Re: Convert encrypted data into ascii format

2002-03-27 Thread Valery 

Dear Gunther

 Tons. Typically people use base64 armor for ASCII. OpenSSL does that,
 for example, with the PEM certificate format.

Where can I see example of using base64.
You wrote: OpenSSL does that
Is there an example on how OpenSSL converts encrypted data in binary format
into ascii?
Could you help me, please?

I look forward to hearing from you as soon as possible.

Yours sincerely,
Valery
E-mail: [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: cvs commit: openssl/crypto/objects obj_dat.h obj_mac.hobjects.txt

2002-03-27 Thread Richard Levitte - VMS Whacker 

From: [EMAIL PROTECTED]

jaenicke jaenicke26-Mar-2002 18:15:37
jaenicke 
jaenicke   Modified:.Tag: OpenSSL_0_9_7-stable CHANGES
jaenickecrypto/objects Tag: OpenSSL_0_9_7-stable obj_dat.h obj_mac.h
jaenicke objects.txt
jaenicke   Log:
jaenicke   Make short names of objects RFC2256-compliant.

If you haven't already done it, I'd suggest you apply that change to
the 0.9.6 branch as well.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[joop@fokus.gmd.de: SPKAC file and non-ASCII DNs]

2002-03-27 Thread Robert Joop 

i sent this to -users a few days ago, but perhaps the people who know
the answer only hang around on -dev...?

rj

---BeginMessage---

when i create a client certificate using a mozilla browser, a CGI script
generates an SPKAC file for use with `openssl ca -spkac infile`.
the DN then becomes of ASN.1 type T61STRING which is encoded illegally,
which the openssl documentation admits:

quote src=http://www.openssl.org/docs/apps/req.html;
BUGS

OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively treats 
them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. This can cause 
problems if you need characters that aren't available in PrintableStrings and you 
don't want to or can't use BMPStrings.

As a consequence of the T61String handling the only correct way to represent accented 
characters in OpenSSL is to use a BMPString: unfortunately Netscape currently chokes 
on these. If you have to use accented characters with Netscape and MSIE then you 
currently need to use the invalid T61String form. 
/quote

what does an SPKAC file have to look like so that the DN turns up encoded
as ASN.1 BMPString?

the req command has a -utf8 option, but it doesn't read SPKAC files,
so i can't use it to turn the SPKAC file into PKCS#10.
the spkac command hasn't got any -utf8 option.

is there any other way to generate a correctly encoded non-ASCII DN for
a mozilla client?

rj
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

---End Message---

Re: cvs commit: openssl/crypto/objects obj_dat.h obj_mac.h objects.txt

2002-03-27 Thread Lutz Jaenicke 

On Wed, Mar 27, 2002 at 01:24:25PM +0100, Richard Levitte - VMS Whacker wrote:
 From: [EMAIL PROTECTED]
 
 jaenicke jaenicke26-Mar-2002 18:15:37
 jaenicke 
 jaenicke   Modified:.Tag: OpenSSL_0_9_7-stable CHANGES
 jaenickecrypto/objects Tag: OpenSSL_0_9_7-stable obj_dat.h obj_mac.h
 jaenicke objects.txt
 jaenicke   Log:
 jaenicke   Make short names of objects RFC2256-compliant.
 
 If you haven't already done it, I'd suggest you apply that change to
 the 0.9.6 branch as well.

I left this out intentionally as it _might_ break compatibility.
Additionally: the people concerned about this problem seem to be the
OpenCA developers and users and they are using openssl-0.9.7-dev
snapshots because of required extensions anyway.

Of course, I could easily apply the same change to 0.9.6-stable, if
this is considered useful.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Convert encrypted data into ascii format

2002-03-27 Thread Gunther Schadow 

Valery wrote:


 Where can I see example of using base64.
 You wrote: OpenSSL does that
 Is there an example on how OpenSSL converts encrypted data in binary format
 into ascii?
 Could you help me, please?


Well, haven't you used the OpenSSL tools at all? If you did,
you had seen the PEM format output to some things like
certificates etc. The letter-scramble that you see coming
out of there is base64 encoding. The base64 encoding is
defined in the MIME specification RFC 2045
[http://www.ietf.org/rfc/rfc2045.txt].

If you browse through the OpenSSL source code you'll see
routines for encoding things in base64.

regards,
-Gunther



-- 
Gunther Schadow, M.D., Ph.D.[EMAIL PROTECTED]
Medical Information Scientist  Regenstrief Institute for Health Care
Adjunct Assistant ProfessorIndiana University School of Medicine
tel:1(317)630-7960 http://aurora.regenstrief.org


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: MD5 calculation...

2002-03-27 Thread Ben Laurie 

Bill Pringlemeir wrote:
 
 In crypto/md5/md5_dgst.c, there is lots of code as follows,
 
 /* Round 0 */
 R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
 R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
 R0(C,D,A,B,X[ 2],17,0x242070dbL);
 R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
 ...
 
 This expands to the following on an ARM processor (gcc 2.7.2, 2.9.5)
 
 0588 .L100:
  588:   e597ldr r0, [r7]
  58c:   e028300aeor r3, r8, r10
  590:   e003300band r3, r3, r11
  594:   e0892000add r2, r9, r0
  598:   e023300aeor r3, r3, r10
  59c:   e0822003add r2, r2, r3
  5a0:   e24295a2sub r9, r2, #679477248  ; 0x2880
  5a4:   e2499955sub r9, r9, #1392640; 0x154000
  5a8:   e2499d6esub r9, r9, #7040   ; 0x1b80
  5ac:   e2499008sub r9, r9, #8  ; 0x8
  5b0:   e1a09ce9mov r9, r9, ror #25
 
 This assembler is for the first R0 with the following defines,
 
 #define ROTATE(a,n) (((a)(n))|(((a)0x)(32-(n
 
 #define F(b,c,d)c) ^ (d))  (b)) ^ (d))
 #define G(b,c,d)b) ^ (c))  (d)) ^ (c))
 #define H(b,c,d)((b) ^ (c) ^ (d))
 #define I(b,c,d)(((~(d)) | (b)) ^ (c))
 
 #define R0(a,b,c,d,k,s,t) { \
 a+=((k)+(t)+F((b),(c),(d))); \
 a=ROTATE(a,s); \
 a+=b; };\
 
 Things are going great with the rotate.  It has been translated to this
 line,
  5b0:   e1a09ce9mov r9, r9, ror #25
 
 The other assembler is quite good as well.  However, the ARM suffers
 with 8 bit constants.  The value 0xd76aa478 gets translated to (well,
 at least according to me),
 
  5a0:   e24295a2sub r9, r2, #679477248  ; 0x2880
  5a4:   e2499955sub r9, r9, #1392640; 0x154000
  5a8:   e2499d6esub r9, r9, #7040   ; 0x1b80
  5ac:   e2499008sub r9, r9, #8  ; 0x8
 
 I know that gcc would produce better code if the hash constants were
 stored in a static const array.  A pointer could then move along and
 retrieve the constants.  This would also save space (and time??) on
 most architectures that I know.  The same array can be shared with the
 two md5 functions.
 
void md5_block_host_order (MD5_CTX *c, const void *data, int num);
void md5_block_data_order (MD5_CTX *c, const void *data_, int num);
 
 ... This seems too good when I tell the story.  What harsh part of
 reality comes and messes things up?  The other assembler versions of
 the same macros?  I can implement ARM version that use a constant load
 like this mov %3,=#0xd76aa478.  But this makes the compiler put the
 constants willy-nilly and cache effects wouldn't work as well as with
 an array.

The short answer is: benchmark it. If it works better, then it works
better ;-)

openssl speed md5 is your friend.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

S/MIME Library

2002-03-27 Thread Tim Tassonis 

Hi

I'm currently writing an S/MIME Gateway which transarently
signs/encypts/verifies/decrypts mail messages. As input, I get the raw
mail, including all headers and mime parts.

I already successfully parsed a pkcs12 and signed a message, however, a
few things are open:

SMIME_write_PKCS7(out_bio_buffer, p7,in_bio_buffer, flags);

lets me write the signature to a out_bio_buffer. I assume out_bio_buffer
can be a memory buffer as well:

char *out_buffer;
BIO *out_bio_buffer;
out_buffer = malloc(the_size_of_the_buffer);
out_bio_buffer = BIO_new_mem_buf(out_buffer,the_size_of_the_buffer);
SMIME_write_PKCS7(out_bio_buffer, p7,in_bio_buffer, flags);

- If this is correct, how can I find out the_size_of_the_buffer?
- If this is correct, can I then access the signature directly by reading
out_buffer?


The other question is:

Is there a function in the smime part of openssl that lets me extract the
header from the body part of a message, so I can simply:

- extract header and body
- sign body
- put together header and signed body

and then get a valid signed mail?

If not, does anybody know of a small library doing this. gmime is a bit
buggy in this respect (sorry for being a bit off-topic).

Bye
Tim
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

SSL_connect:failed in SSLv3 read server hello A

2002-03-27 Thread Jeff Roberts 

Does anyone know what could cause this error ?

SSL_connect:failed in SSLv3 read server hello A

This is the sequence of events:

Received SOCKET_MESSAGE Of FD_CONNECT, Return Code = 0
'OpenSSL Callback : SSL_connect:before/connect initialization
'OpenSSL Callback : SSL_connect:SSLv3 write client hello A
'OpenSSL Callback : SSL_connect:failed in SSLv3 read server hello A
connect()ed To:204.65.1.118
Port :2024
Received SOCKET_MESSAGE Of FD_WRITE
Received SOCKET_MESSAGE Of FD_CLOSE

thank you
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

SSL_connect:failed in SSLv3 read server hello A

2002-03-27 Thread Jeff Roberts 

Does anyone know what could cause this error ?

SSL_connect:failed in SSLv3 read server hello A

This is the sequence of events:

Received SOCKET_MESSAGE Of FD_CONNECT, Return Code = 0
'OpenSSL Callback : SSL_connect:before/connect initialization
'OpenSSL Callback : SSL_connect:SSLv3 write client hello A
'OpenSSL Callback : SSL_connect:failed in SSLv3 read server hello A
connect()ed To:204.65.1.118
Port :2024
Received SOCKET_MESSAGE Of FD_WRITE
Received SOCKET_MESSAGE Of FD_CLOSE

thank you


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]