Problem with mkcert
I've compiled and installed openssl-0.9.7-stable-snap-20020226, and tried to use ..\demos\x509\mkcert.c I've compiled and installed mkcert.c, using the ..\out32dll\*.lib in order to build it. Next I copied the ..\out32dll\*.dll onto ..\demos\x509\debug (the directory of mkcert.exe) When executing, mkcert.exe starts, but few seconds later it crash with the following message : memory cannot be "written"!! What's wrong? Should I configure the Visual Studio parameters ? Sholud it depend on the dll (static-dynamic)??? What to do? Thanks in advance paolo rossi
Re: PKCS #11 (Cryptoki token devices) Openssl integration
Eric, finally I get into Your Patched version (Adnovum Patch of 15.06.01) The problems are two : 1) Using the 15.06.01 patch (pkcs11 + diff patch) I can only do the following command : openssl pkcs11 -l c:\gclib.dll -out dumpfile Answer : are available other commands (in order to sign, encrypt, write ecc.) 2) Do you have the diff patch for the 13.12.01 patch version (the second you sent)? Thanks in advance Paolo - Original Message - From: Eric Laroche [EMAIL PROTECTED] To: Paolo Rossi [EMAIL PROTECTED] Sent: Wednesday, October 17, 2001 11:45 AM Subject: Re: PKCS #11 (Cryptoki token devices) Openssl integration Hi Paolo, Paolo Rossi wrote: I'm trying to compile the software in win32 environment (NT4SP4) with no result (I would like to interface a gemplus smart-card with gclib.dll). I 've installed openssl-engine-0.9.6, and unzipped your files (not the patch) in : c:\open...\crpypto\pkcs11. When I run mingw32.bat (I use gcc-2.95.2-msvcrt compiler ) there is a problem and the compilation fails. I've only modified mkfiles.pl, by adding the follow line : crypto/pkcs11, What is wrong? You need somehow to apply the provided 'patch' pkcs11.openssl.adnovum.20010615.patch.gz (either by using GNU 'patch' or manually). If you 'gunzip' the file, you will get a human-readable 'unified' 'diff' (generated by GNU 'diff -u'). Let me explain how to apply the changes manually, by a sample: * change apps/progs.h: These four lines are meta info, identifying files, timestamps, and locations in the file. diff -ur openssl-SNAP-20010613/apps/progs.h OpenSSL/openssl/apps/progs.h --- openssl-SNAP-20010613/apps/progs.h Mon Feb 19 18:00:26 2001 +++ OpenSSL/openssl/apps/progs.h Fri Jun 15 00:00:00 2001 @@ -37,6 +37,7 @@ Lines beginning with ' ' are 'context' lines, used as an orientation. don't add/delete/change these! extern int rand_main(int argc,char *argv[]); extern int engine_main(int argc,char *argv[]); extern int ocsp_main(int argc,char *argv[]); Add lines beginning with '+', e.g. this line: +extern int pkcs11_main(int argc,char *argv[]); More context lines: #define FUNC_TYPE_GENERAL 1 #define FUNC_TYPE_MD 2 Delete lines beginning with '-', change '-'/'+' line pairs accordingly. In the specific patch, changes are done mainly on makefiles, and some code is added to ssl/ssl_rsa.c. Hope this helps. Regards, Eric __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
HOw to apply new patch
Eric I did almost the above instructions, with success (installation, not testing). I will let you know about the testing. Paolo - Original Message - From: Paolo Rossi To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, January 16, 2002 11:19 AM Subject: Re: [PATCH] PKCS#11 code update So I have to do the following steps (I use Win2000, with CYGWIN): 1) gunzip the patch-file : "pkcs11.openssl.adnovum.20010615.patch.gz" in : /cygwin/user/tmp/ directory 2) download the file : openssl-SNAP-20010613.tar.gz (the one the above patch refer to) 3) gunzip the above filein the same directory so to create : /cygwin/user/tmp/openssl-SNAP-20010613/*.* 4) cd to /cygwin/user/tmp 5) execute the command : patch -p /tmp/pkcs11.openssl.adnovum.20010615.patch 6) use thenew 2001/12/12 patch for "REPLACE" the files contained in /cygwin/user/tmp/openssl-SNAP-20010613/crypto/pkcs11/*.* 7) other adjustements? 8) rebuild openssl I have two questions: 1) is the above procedure correct? 2) what I have to do for step number 7)? Best regards Thank you in advance Paolo Rossi
Re: [PATCH] PKCS#11 code update
So I have to do the following steps (I use Win2000, with CYGWIN): 1) gunzip the patch-file : "pkcs11.openssl.adnovum.20010615.patch.gz" in : /cygwin/user/tmp/ directory 2) download the file : openssl-SNAP-20010613.tar.gz (the one the above patch refer to) 3) gunzip the above filein the same directory so to create : /cygwin/user/tmp/openssl-SNAP-20010613/*.* 4) cd to /cygwin/user/tmp 5) execute the command : patch -p /tmp/pkcs11.openssl.adnovum.20010615.patch 6) use thenew 2001/12/12 patch for "REPLACE" the files contained in /cygwin/user/tmp/openssl-SNAP-20010613/crypto/pkcs11/*.* 7) other adjustements? 8) rebuild openssl I have two questions: 1) is the above procedure correct? 2) what I have to do for step number 7)? Best regards Thank you in advance Paolo Rossi
Re: [PATCH] PKCS#11 code update
Dear Eric You wrote me this on last October (see besides) I'm asking you what I've to do in order to install and use this new version of patch. Thank you in advance Paolo - Hi Paolo, Paolo Rossi wrote: I'm trying to compile the software in win32 environment (NT4SP4) with no result (I would like to interface a gemplus smart-card with gclib.dll). I 've installed openssl-engine-0.9.6, and unzipped your files (not the patch) in : c:\open...\crpypto\pkcs11. When I run mingw32.bat (I use gcc-2.95.2-msvcrt compiler ) there is a problem and the compilation fails. I've only modified mkfiles.pl, by adding the follow line : crypto/pkcs11, What is wrong? You need somehow to apply the provided 'patch' pkcs11.openssl.adnovum.20010615.patch.gz (either by using GNU 'patch' or manually). If you 'gunzip' the file, you will get a human-readable 'unified' 'diff' (generated by GNU 'diff -u'). Let me explain how to apply the changes manually, by a sample: * change apps/progs.h: These four lines are meta info, identifying files, timestamps, and locations in the file. diff -ur openssl-SNAP-20010613/apps/progs.h OpenSSL/openssl/apps/progs.h --- openssl-SNAP-20010613/apps/progs.h Mon Feb 19 18:00:26 2001 +++ OpenSSL/openssl/apps/progs.h Fri Jun 15 00:00:00 2001 @@ -37,6 +37,7 @@ Lines beginning with ' ' are 'context' lines, used as an orientation. don't add/delete/change these! extern int rand_main(int argc,char *argv[]); extern int engine_main(int argc,char *argv[]); extern int ocsp_main(int argc,char *argv[]); Add lines beginning with '+', e.g. this line: +extern int pkcs11_main(int argc,char *argv[]); More context lines: #define FUNC_TYPE_GENERAL 1 #define FUNC_TYPE_MD 2 Delete lines beginning with '-', change '-'/'+' line pairs accordingly. In the specific patch, changes are done mainly on makefiles, and some code is added to ssl/ssl_rsa.c. Hope this helps. Regards, Eric -- - Original Message - From: Eric Laroche [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 12, 2001 1:18 PM Subject: [PATCH] PKCS#11 code update Hi developers, I reworked some of our (AdNovum's) previously posted OpenSSL PKCS#11 code. Code robustness has been enhanced and the code is (so I hope) clearer, and better layered (into a core PKCS#11 part and a PKCS#11 token object finding (keys, certs) part). The object finding logic has been enhanced to allow 'denormalized(?)' keys and certificates to be found and loaded (e.g. private keys missing modulus attribute, or certificates missing the (rsa) key type...). The token object specification format has been widened. It is now more powerful and more intuitive, using name/value pairs, e.g.: pkcs11:library=cryptokitokenlabel=ericobjectlabel=twodologin=true The object specification format is now open to allow the notation of such things as: 'should a sign/verify request be handled by the token or by openssl?' (non-extractable/sensitive keys vs. speed issues...). however, that has not been implemented yet; sensitive operations such as signatures are generally done by the token, verifies are done by OpenSSL (which is faster, in most cases). Some open issues are: - Thread safeness issues are not exhaustively done. - There are still some (minor) TODOs scattered in the code. - It needs, of course, more test cases, with more use patterns. Best regards, Eric -- Eric Laroche [EMAIL PROTECTED], AdNovum Informatik AG __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]