verifying passphrase..

2000-09-19 Thread Shashank 

Hi,

I generate pkcs#8 certificates and private keys ancrypted with
passphrase. But am unable to get the method that uses this passphrase
which helps to decrypt the encrypted key.

I need to know b'coz in my implementation  I have file containing
encrypted  keys, and so I want to implement something like this:
if I use a phrase then this should verify against each encrypted key.
and  I want to make it return true or false.
depending upon whether it is encrypted using that passphrase or not.

shashank




__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Changes for US users?

2000-09-19 Thread Richard Levitte - VMS Whacker 

From: "Erik Petersen" <[EMAIL PROTECTED]>

erikj> Now that RSA is public domain, are there any other changes other than
erikj> recompile without the rsaref parameter and create new certs?

Unless you want to make them stronger, what's the reason to create new
certs?

Note: I know nothing about RSAref.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Changes for US users?

2000-09-19 Thread Erik Petersen 

Now that RSA is public domain, are there any other changes other than
recompile without the rsaref parameter and create new certs?

Thanks in advance,

> Erik Petersen
> Chief Integration Architect
> SWS Integration, L.L.C.
> [EMAIL PROTECTED]
> [EMAIL PROTECTED] (text messaging)
> (425)881-3332(Office)
> (425)785-7247(cell)
> The mind is like a parachute ... if it doesn't open it doesn't work --
> Author unknown 
> 

 winmail.dat

Re: SOLARIS 8 GCC 2.95.2 ld: fatal: file values-Xa.o

2000-09-19 Thread Pablo J. Royo 

Sorry.The true page is

http://www.sunfreeware.com/faq.html

Question is Q5.

-Original Message-
From: Pablo J. Royo <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: martes 19 de septiembre de 2000 17:30
Subject: Re: SOLARIS 8 GCC 2.95.2 ld: fatal: file values-Xa.o


>See the Solaris2 FAQ, question five Q5 at
>
>http://www.wins.uva.nl/pub/solaris/solaris2/
>
>
>-Original Message-
>From: Castellanos, Leon <[EMAIL PROTECTED]>
>To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
>Date: martes 19 de septiembre de 2000 17:15
>Subject: SOLARIS 8 GCC 2.95.2 ld: fatal: file values-Xa.o
>
>
>>Anyone know how to fix this? The file exists but it doesn't seem to like
it
>>
>>making all in apps...
>>rm -f openssl
>>gcc -o openssl -DMONOLITH -I../include -DTHREADS -D_REENTRANT
>>-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
>>-DULTRASPARC -DMD5_ASM openssl.o verify.o asn1pars.o req.o dgst.o dh.o
>>dhparam.o enc.o passwd.o gendh.o errstr.o  ca.o pkcs7.o crl2p7.o crl.o
>>rsa.o dsa.o dsaparam.o  x509.o genrsa.o gendsa.o s_server.o s_client.o
>>speed.o  s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o
>>ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o -L. -L.. -L../..
>>-L../../.. -L.. -lssl -L.. -lcrypto -lsocket -lnsl
>>ld: fatal: file values-Xa.o: cannot open file: No such file or directory
>>ld: fatal: File processing errors. No output written to openssl
>>collect2: ld returned 1 exit status
>>*** Error code 1
>>__
>>OpenSSL Project http://www.openssl.org
>>User Support Mailing List[EMAIL PROTECTED]
>>Automated List Manager   [EMAIL PROTECTED]
>>
>
>__
>OpenSSL Project http://www.openssl.org
>User Support Mailing List[EMAIL PROTECTED]
>Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: WAP compatible cert HOWTO?

2000-09-19 Thread Rene G. Eberhard \(keyon\) 

Erik

You can't create WAP certificates with OpenSSL up to now.
You can download your personal WAP certificate for free from
www.freecerts.com.

Write a short mail to my personal account if you are interested
in details.

Regards Rene


--
Rene G. Eberhard <[EMAIL PROTECTED]>
keyon
Herrenberg 35, CH-8640 Rapperswil, Switzerland
Phone +41 (0)55 220 71 63, Fax +41 (0)55 220 71 61
www.keyon.ch - applying security to your e-business

Get your WAP certificate for free: www.freecerts.com


> I've seen a few threads on the list about WAP but none that explain how to
> create a cert for WAP.
>
> Could someone point me to a "cookbook" for generating WAP certs? The
> cookbook at http://www.pseudonym.org/ssl/ was very helpfull in getting our
> HTTPS site up. Now "the powers that be" want wireless secure acces.
>
> Thanks,
>
> Erik Petersen
> Chief Integration Architect
> SWS Integration, L.L.C.
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
>



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: ssl on palm

2000-09-19 Thread Laurence Lundblade 

At 04:11 PM 9/19/00 +0200, [EMAIL PROTECTED] wrote:
>Laurence,
>
> > A lot of people will tell you that RSA is too slow for the Palm. Don't
> > believe them! It's a little slow, but entirely viable especially with
> > session resumption.
> >
> > Client-side SSL authentication IS however too slow without something like
> > ECC and/or proxy assists.
>
>Do you have (or anybody else) any experience about how slow is SSL
>authentication on PDAs without a proxy? Are there any other
>implementations of OpenSSL or SSLeay for PDAs besides Ian Goldberg's port
>of SSLeay-0.8.1?

Haven't bench marked it precisely, but it adds about two seconds of crypto 
and a similar amount for the handshake. It is quite acceptable. Then of 
course with session resumption the second connection to the server is very 
fast and incurs a second or so of delay.

Certicom has a library, soon with RSA.

LL

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compilation Problem on True64 V4.0f(!)

2000-09-19 Thread Ben Laurie 

Richard Levitte - VMS Whacker wrote:
> 
> From: Achim Spangler <[EMAIL PROTECTED]>
> 
> spangler> The error message is as follows:
> spangler> cc -I.. -I../../include -std1 -tune host -O4 -readonly_strings -c
> spangler> bss_fd.c
> spangler> cc: Error: /usr/include/sys/signal.h, line 486: In the declaration of
> spangler> "__P_C", a function cannot return a function type. (badreturntype)
> spangler> extern int __P_C(sigwait) __((const sigset_t *set, int *sig));
> spangler> ---^
> spangler> cc: Warning: /usr/include/sys/signal.h, line 486: In the declaration of
> spangler> "__P_C", a function declarator has an identifier list but is not part of
> spangler> a function definition.  Extraneous parameter names are ignored.
> spangler> (funcidlis)
> spangler> extern int __P_C(sigwait) __((const sigset_t *set, int *sig));
> spangler> ---^
> spangler> *** Exit 1
> 
> That looks very much like a Compaq poopoo...  I would guess that the
> __P_C thingy is a macro that they didn't get quite right.

I'd guess they are expecting something else to get included first. I'd
check, but Compaq never did give me a Tru64 upgrade :-(

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

Coming to ApacheCon Europe 2000? http://apachecon.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: SOLARIS 8 GCC 2.95.2 ld: fatal: file values-Xa.o

2000-09-19 Thread Pablo J. Royo 

See the Solaris2 FAQ, question five Q5 at

http://www.wins.uva.nl/pub/solaris/solaris2/


-Original Message-
From: Castellanos, Leon <[EMAIL PROTECTED]>
To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Date: martes 19 de septiembre de 2000 17:15
Subject: SOLARIS 8 GCC 2.95.2 ld: fatal: file values-Xa.o


>Anyone know how to fix this? The file exists but it doesn't seem to like it
>
>making all in apps...
>rm -f openssl
>gcc -o openssl -DMONOLITH -I../include -DTHREADS -D_REENTRANT
>-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
>-DULTRASPARC -DMD5_ASM openssl.o verify.o asn1pars.o req.o dgst.o dh.o
>dhparam.o enc.o passwd.o gendh.o errstr.o  ca.o pkcs7.o crl2p7.o crl.o
>rsa.o dsa.o dsaparam.o  x509.o genrsa.o gendsa.o s_server.o s_client.o
>speed.o  s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o
>ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o -L. -L.. -L../..
>-L../../.. -L.. -lssl -L.. -lcrypto -lsocket -lnsl
>ld: fatal: file values-Xa.o: cannot open file: No such file or directory
>ld: fatal: File processing errors. No output written to openssl
>collect2: ld returned 1 exit status
>*** Error code 1
>__
>OpenSSL Project http://www.openssl.org
>User Support Mailing List[EMAIL PROTECTED]
>Automated List Manager   [EMAIL PROTECTED]
>

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: IRIX 6.5 Compile/run Problem

2000-09-19 Thread Richard Levitte - VMS Whacker 

From: Vern Yoneyama <[EMAIL PROTECTED]>

yoneyama> I'm having major problems building OpenSSL 0.9.6 beta2 working 
yoneyama> executables. Platform: IRIX 6.5.5, using gcc 2.95.2 19991024, with 
yoneyama> RSAref 2.0.

Have you tried without RSAref?  

yoneyama> After building the RSAref library, here's how I config OpenSSL:
yoneyama> 
yoneyama>sh config -L`pwd`/../rsaref-2.0/local/rsaref \
yoneyama>threads -D_REENTRANT -fPIC

Have you tried doing just 'sh config' with no extra parameters?  I
know, it will probably not produce the kind of library you want, but
this is to check out if that makes a difference.

yoneyama>testing...
yoneyama>./destest
yoneyama>sh: ./destest: Program not supported by architecture
yoneyama>*** Error code 1 (bu21)

What does 'file test/destest' give you?  Also, do you have something
like strace or truss?  In that case, how about trying to see what you
get when you trace the program?

And to boot, it is possible that gcc doesn't produce the right thing
for your machine...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

There will be a third beta...

2000-09-19 Thread Richard Levitte - VMS Whacker 

There are four platforms where we've seen problems with 0.9.6-beta2:
HP-UX (wasn't very big, but still), Irix (also a small one), Win32
(big time!) and VMS (the output problem).

Most of them have been fixed, at least in theory (you who've reported
the problems, have you checked the latest snapshot?), all that I see
being left to do is the output problem on VMS.  Also, possibly the
mod_exp thing that I see in the STATUS file as well (has it been
fixed?)...

Therefore, I intend to build a third beta on thursday morning (swedish
time), say around 0800 UTC.  This beta will be primarly intended for
testing on the platforms where beta2 has experienced problems, but
that shouldn't stop tests on others as well.

If there are reports or fixes that you haven't sent in yet, please do
so.  The success of the coming release depends on this.  The right
address for bug reports is [EMAIL PROTECTED]

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

SOLARIS 8 GCC 2.95.2 ld: fatal: file values-Xa.o

2000-09-19 Thread Castellanos, Leon 

Anyone know how to fix this? The file exists but it doesn't seem to like it

making all in apps...
rm -f openssl
gcc -o openssl -DMONOLITH -I../include -DTHREADS -D_REENTRANT
-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
-DULTRASPARC -DMD5_ASM openssl.o verify.o asn1pars.o req.o dgst.o dh.o
dhparam.o enc.o passwd.o gendh.o errstr.o  ca.o pkcs7.o crl2p7.o crl.o
rsa.o dsa.o dsaparam.o  x509.o genrsa.o gendsa.o s_server.o s_client.o
speed.o  s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o
ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o -L. -L.. -L../..
-L../../.. -L.. -lssl -L.. -lcrypto -lsocket -lnsl
ld: fatal: file values-Xa.o: cannot open file: No such file or directory
ld: fatal: File processing errors. No output written to openssl
collect2: ld returned 1 exit status
*** Error code 1
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

IRIX 6.5 Compile/run Problem

2000-09-19 Thread Vern Yoneyama 

I'm having major problems building OpenSSL 0.9.6 beta2 working 
executables. Platform: IRIX 6.5.5, using gcc 2.95.2 19991024, with 
RSAref 2.0.

After building the RSAref library, here's how I config OpenSSL:

   sh config -L`pwd`/../rsaref-2.0/local/rsaref \
   threads -D_REENTRANT -fPIC

The build type is "irix-mips3-gcc".

Anyway, the compile seems to go well without any errors, but then 
when I run "make test" I get the following:

   testing...
   ./destest
   sh: ./destest: Program not supported by architecture
   *** Error code 1 (bu21)

It seems the other compiled executables fail too. Later, when I 
eventually try to create my certificate, I get

   /usr/local/src/openssl-0.9.6-beta2/apps/openssl: Program not supported
   by architecture

I haven't tried compiling with SGI's native CC compiler yet but I'd 
rather try to do this with gcc if at all possible.

Can anyone help me?? Below is an hinv snippet of my platform architecture.

   4 200 MHZ IP19 Processors
   CPU: MIPS R4400 Processor Chip Revision: 6.0
   FPU: MIPS R4000 Floating Point Coprocessor Revision: 0.0
   Main memory size: 768 Mbytes, 2-way interleaved
   Instruction cache size: 16 Kbytes
   Data cache size: 16 Kbytes
   Secondary unified instruction/data cache size: 4 Mbytes
   [...]

Thanks in advance...

   Vern
-- 
Vern Yoneyama   [EMAIL PROTECTED]
School of Veterinary Medicine
Information Systems Administrator
215.898.8871PGP Public Key available by request
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compilation Problem on True64 V4.0f(!)

2000-09-19 Thread Richard Levitte - VMS Whacker 

From: Achim Spangler <[EMAIL PROTECTED]>

spangler> The error message is as follows:
spangler> cc -I.. -I../../include -std1 -tune host -O4 -readonly_strings -c
spangler> bss_fd.c
spangler> cc: Error: /usr/include/sys/signal.h, line 486: In the declaration of
spangler> "__P_C", a function cannot return a function type. (badreturntype)
spangler> extern int __P_C(sigwait) __((const sigset_t *set, int *sig));
spangler> ---^
spangler> cc: Warning: /usr/include/sys/signal.h, line 486: In the declaration of
spangler> "__P_C", a function declarator has an identifier list but is not part of
spangler> a function definition.  Extraneous parameter names are ignored.
spangler> (funcidlis)
spangler> extern int __P_C(sigwait) __((const sigset_t *set, int *sig));
spangler> ---^
spangler> *** Exit 1

That looks very much like a Compaq poopoo...  I would guess that the
__P_C thingy is a macro that they didn't get quite right.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compilation Problem on True64 V4.0f(!)

2000-09-19 Thread Achim Spangler 

Richard Levitte - VMS Whacker schrieb:
> 
> From: Achim Spangler <[EMAIL PROTECTED]>
> 
> spangler> 
> spangler> #if defined(_POSIX_C_SOURCE) \
> spangler>   && (_POSIX_C_SOURCE >= 199506L) \
> spangler>   && !defined(_V40_OBJ_COMPAT)
> spangler> # ifdef __DECC
> spangler> #  pragma extern_prefix "_P"
> spangler> # else
> spangler> #  define sigwait(__a,__b) _Psigwait(__a,__b)
> spangler> # endif
> spangler> /* error in the following line */
> spangler> extern int __P_C(sigwait) __((const sigset_t *set, int *sig));
> spangler> # ifdef __DECC
> spangler> #  pragma extern_prefix ""
> spangler> # endif
> spangler> #else
> spangler> # ifdef _OSF_SOURCE
> spangler> extern int sigwait __((sigset_t *));
> spangler> # endif /* _OSF_SOURCE */
> spangler> #endif /* _POSIX_C_SOURCE >= 199506L */
> spangler> 
> spangler>
> spangler> Is this a bug in openssl, maybe a not compatible define in the source
> spangler> file crypto/bio/bss_fd.c, or a bug in signal.h??
> 
> Well, until you tell us what the error is (what the compiler said
> exactly), there's no way for us to tell...
> 
Thanks for your quick answer.
The error occurs both with
* cc == "DEC C V5.9-005 on Digital UNIX V4.0 (Rev. 1229)"
* and gcc == gcc 2.8.1

The error message is as follows:
cc -I.. -I../../include -std1 -tune host -O4 -readonly_strings -c
bss_fd.c
cc: Error: /usr/include/sys/signal.h, line 486: In the declaration of
"__P_C", a function cannot return a function type. (badreturntype)
extern int __P_C(sigwait) __((const sigset_t *set, int *sig));
---^
cc: Warning: /usr/include/sys/signal.h, line 486: In the declaration of
"__P_C", a function declarator has an identifier list but is not part of
a function definition.  Extraneous parameter names are ignored.
(funcidlis)
extern int __P_C(sigwait) __((const sigset_t *set, int *sig));
---^
*** Exit 1

This error isn't raised, if I change the mentioned part of signal.h 
to the version of V4.0e .

I use the standard config, which notices my system correctly, and
uses a set of standard settings.


Achim
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=IKB-Duernast-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Dipl.-Inform. Achim SpanglerTUM Freising-Weihenstephan
Tel.:  +49-8161-71 3565 Institut fuer Landtechnik
Fax.:  +49-8161-71 3895 Am Staudengarten 2
Email: [EMAIL PROTECTED]85350 Freising
URL:   http://ikb.weihenstephan.de/deu/members/persons/spangler.html
   http://ikb.weihenstephan.de/en/members/persons/spangler.html
=-=-=-=-=-=-=-=-=-=-=-Agricultural BUS System (LBS)-=-=-=-=-=-=-=-=-=-=-
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: ssl on palm

2000-09-19 Thread tomaz 

Laurence,
 
> A lot of people will tell you that RSA is too slow for the Palm. Don't 
> believe them! It's a little slow, but entirely viable especially with 
> session resumption.
> 
> Client-side SSL authentication IS however too slow without something like 
> ECC and/or proxy assists.
 
Do you have (or anybody else) any experience about how slow is SSL 
authentication on PDAs without a proxy? Are there any other 
implementations of OpenSSL or SSLeay for PDAs besides Ian Goldberg's port 
of SSLeay-0.8.1?

Regards,

Tomaz
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Compilation Problem on True64 V4.0f(!)

2000-09-19 Thread Richard Levitte - VMS Whacker 

From: Achim Spangler <[EMAIL PROTECTED]>

spangler> 
spangler> #if defined(_POSIX_C_SOURCE) \
spangler>   && (_POSIX_C_SOURCE >= 199506L) \
spangler>   && !defined(_V40_OBJ_COMPAT)
spangler> # ifdef __DECC
spangler> #  pragma extern_prefix "_P"
spangler> # else
spangler> #  define sigwait(__a,__b) _Psigwait(__a,__b)
spangler> # endif
spangler> /* error in the following line */
spangler> extern int __P_C(sigwait) __((const sigset_t *set, int *sig));
spangler> # ifdef __DECC
spangler> #  pragma extern_prefix ""
spangler> # endif
spangler> #else
spangler> # ifdef _OSF_SOURCE
spangler> extern int sigwait __((sigset_t *));
spangler> # endif /* _OSF_SOURCE */
spangler> #endif /* _POSIX_C_SOURCE >= 199506L */
spangler> 
spangler> 
spangler> Is this a bug in openssl, maybe a not compatible define in the source
spangler> file crypto/bio/bss_fd.c, or a bug in signal.h??

Well, until you tell us what the error is (what the compiler said
exactly), there's no way for us to tell...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \  SWEDEN   \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Compilation Problem on True64 V4.0f(!)

2000-09-19 Thread Achim Spangler 

Hi,
compiling openssl 0.9.6 or 0.9.5a on a True64 V4.0f (f is important)
DEC Alpha 3000/300 fails, because of some problems with signal.h .
The compiler complains during compilation of crypto/bio/bss_fd.c 
about line 486 in /usr/include/sys/signal.h

If I use signal.h of version V4.0e, everything is compiled correctly.
The changed part, which causes the error is as follows:

#if defined(_POSIX_C_SOURCE) \
&& (_POSIX_C_SOURCE >= 199506L) \
&& !defined(_V40_OBJ_COMPAT)
# ifdef __DECC
#  pragma extern_prefix "_P"
# else
#  define sigwait(__a,__b) _Psigwait(__a,__b)
# endif
/* error in the following line */
extern int __P_C(sigwait) __((const sigset_t *set, int *sig));
# ifdef __DECC
#  pragma extern_prefix ""
# endif
#else
# ifdef _OSF_SOURCE
extern int sigwait __((sigset_t *));
# endif /* _OSF_SOURCE */
#endif /* _POSIX_C_SOURCE >= 199506L */


Is this a bug in openssl, maybe a not compatible define in the source
file crypto/bio/bss_fd.c, or a bug in signal.h??


Please send answers with CC: to [EMAIL PROTECTED] , as I'm not 
subscribed on this list.


Kind Regards,
Achim Spangler
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=IKB-Duernast-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Dipl.-Inform. Achim SpanglerTUM Freising-Weihenstephan
Tel.:  +49-8161-71 3565 Institut fuer Landtechnik
Fax.:  +49-8161-71 3895 Am Staudengarten 2
Email: [EMAIL PROTECTED]85350 Freising
URL:   http://ikb.weihenstephan.de/deu/members/persons/spangler.html
   http://ikb.weihenstephan.de/en/members/persons/spangler.html
=-=-=-=-=-=-=-=-=-=-=-Agricultural BUS System (LBS)-=-=-=-=-=-=-=-=-=-=-
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How is Authority Key Identifier generated with openssl?

2000-09-19 Thread Dr S N Henson 



Sebastiano Di Paola wrote:
> 
> Dr S N Henson wrote:
> 
> > Sebastiano Di Paola wrote:
> > >
> > > Hi all,
> > > well this could seem a stupid question,
> > > I would like to know if there is a function provided with openssl to
> > > generate the x.509v3 extension
> > > Authority Key Identifier.
> > > I read rfc2459 to know how to calculate it:
> > > it says:
> > >
> > > 1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
> > >   value of the BIT STRING subjectPublicKey (excluding the tag,
> > >   length, and number of unused bits).
> > >
> > > Or
> > >
> > > (2) The keyIdentifier is composed of a four bit type field with
> > >   the value 0100 followed by the least significant 60 bits of the
> > >   SHA-1 hash of the value of the BIT STRING subjectPublicKey.
> > >
> >
> > I think that quote refers to subject key identifier.
> >
> 
> [..]
> 
> Well, I re-read rfc2459. The quotes is written in the paragraph related to
> 
> Subject key Identifier ,but refers alsto to Authority Key Identifier.
> Besides this issue
> 
> If Openssl copy Authority key info from subject key info of the issuer's
> certificate How does openssl generate Subject Key Identifier for the new
> certificate signed?
> 
> I would like to know if there is some high level function which can
> generate the
> Subject Key Identifier from a public key (as X509_digest for the whole
> certificate)
> If yes what is it?
> if no how to generate by hand the Subject key id?
> I have a PKCS12 bag with private key and certificate.
> 1) Extract certficate from pkcs12 with PKCS12_parse
> 2) Extract Public Key with X509_get_pubKey
> 3) Extract DER encoding of Pub Pkey with i2d_PublicKey
> 4) Create a sha1 digest of the buffer filled with i2d_PublicKey.
> 
> Is there something wrong because the value calculated in tha way differs
> from the
> value of the Subject Key Identifier already present in the certificate!!
> 

OK let me explain a bit about what subject key id is for. Its
basically a way of identifying the public key in a certificate using
a unique set of bytes. RFC2459 makes recommendations but many ignore
them
and use their own techniques based on hashes of various things as well
as the public key.

Now authority key identifier is used as a way to recognise the issuing
authority of a certificate. As such its key identifier (if present)
*must* 
match the value in the subject key identifier field of the issuing
authorities certificate. If it doesn't then the issuer wont be
recognised
and certificate chains wont verify with certain software. OpenSSL 0.9.6
for
example will use these fields for chain verification but earlier
versions
didn't.

Finally how to calculate it. Well there is a way using the extension
code
to automatically calculate it. Check out the documentation in
doc/openssl.txt
for details. These however take a certificate not a public key.

If your code is correct then i2d_PublicKey() should work and should
agree
with the values calculated by OpenSSL. You can use the function
ASN1_digest()
to automatically do the calculation. If you check what X509_digest()
does:

#define X509_digest(data,type,md,len) \
ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)

Something like:

#define PublicKey_digest(pkey,type,md,len) \
ASN1_digest((int (*)())i2d_PublicKey,type,(char *)pkey,md,len)

then calling:

PublicKey_digest(pkey, EVP_sha1(), ...);

might work.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: converting raw signature to PKCS#7 format

2000-09-19 Thread Dr S N Henson 

Marco Donati wrote:
> 
> > The usual way to do this kind of thing is to write your own RSA_METHOD
> > to hand over the signing operation (which will probably be
> > RSA_private_encrypt() ) to the smart card, then place the result in an
> > EVP_PKEY structure.
> > What this ultimately does it calls application supplied functions when
> > the particular key is used. Then you just sign as normal but pass it
> > your smart card EVP_PKEY structure for the private key.
> 
> Excuse me, probably I didn't understand well what you said.
> I have a similar problem.
> 
> Some smartcards receive the data and put them in a PKCS#1 structure before
> signing them (but they put the Sha1 Identifier in the
> DigestAlgorithmIdentifier field)
> This signatures are well verified by Open SSL if I put them into a signed
> PKCS#7 and push a Sha1 algorithm identifier into the algorithms stack.
> 
> Some others smartcards simply encrypt with the private key what you thell
> them to sign.
> I can't verify these signatures with Open-SSL.
> 
> I can't fetch from smartcard the whole private key because the key are
> onboard generated and only the modulus and public exponent (that is, the
> public key) are extractable (so how can i put my smartcard private key into
> an EVP_PKEY?)
> 
> How can put these raw raw signatures in a PKCS#7?
> 
> How can i verify smartcard signatures with algorithms other than Sha1?
> 

Ah let me explain a bit further. This is a rather complex topic but what
you are asking can and has been done using OpenSSL.

If you start with the RSA structure:

struct rsa_st
{
/* The first parameter is used to pickup errors where
 * this is passed instead of aEVP_PKEY, it is set to 0 */
int pad;
int version;
RSA_METHOD *meth;
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
BIGNUM *p;
BIGNUM *q;
BIGNUM *dmp1;
BIGNUM *dmq1;
BIGNUM *iqmp;
/* be careful using this if the RSA structure is shared */
CRYPTO_EX_DATA ex_data;
int references;
int flags;

/* Used to cache montgomery values */
BN_MONT_CTX *_method_mod_n;
BN_MONT_CTX *_method_mod_p;
BN_MONT_CTX *_method_mod_q;

/* all BIGNUM values are actually in the following data, if it is not
 * NULL */
char *bignum_data;
BN_BLINDING *blinding;
};

Now with a normal RSA key n,e,d,p,q,dmp1,dmq1 and iqmp will all be
filled in. If you use the standard OpenSSL RSA routines then you have to
fill in some private key components because OpenSSL does the necessary
calculations itself.

If however the key is not extractable from some hardware (for example
a smart card) then this is not possible. 

Thats where the RSA_METHOD comes in:

typedef struct rsa_meth_st
{
const char *name;
int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to,
   RSA *rsa,int padding);
int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to,
   RSA *rsa,int padding);
int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to,
RSA *rsa,int padding);
int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to,
RSA *rsa,int padding);
int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */
int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
  const BIGNUM *m, BN_CTX *ctx,
  BN_MONT_CTX *m_ctx); /* Can be null */
int (*init)(RSA *rsa);  /* called at new */
int (*finish)(RSA *rsa);/* called at free */
int flags;  /* RSA_METHOD_FLAG_* things */
char *app_data; /* may be needed! */
/* New sign and verify functions: some libraries don't allow arbitrary
data
 * to be signed/verified: this allows them to be used. Note: for this to
work
 * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be
used
 * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
 * compatibility this functionality is only enabled if the
RSA_FLAG_SIGN_VER
 * option is set in 'flags'.
 */
int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
 unsigned char *sigret, unsigned int *siglen, RSA *rsa);
int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len,
 unsigned char *sigbuf, unsigned int siglen, RSA *rsa);

} RSA_METHOD;

These are a bunch of callback which are used to do the actual RSA
operations. By default these are set to perform the low level
calculations on the key components. 

However you can create your own RSA_METHOD and supply some (or all)
of the low level functionality and change your keys RSA_METHOD.

Now for smart cards you typically just perform private key operations
on the card and have OpenSSL han

Re: howto: set extensions for root certificate

2000-09-19 Thread Dr S N Henson 

Markus Wagner wrote:
> 
> Hi,
> 
> when signing new certificates with openssl ca one can use the -config
> option to specify which CA and options to use.
> 
> But when creating a self signed root certificate there is no such
> option.

There is an equivalent option. The normal way to create a self signed
root certificate is with:

openssl req -x509

this automatically uses the openssl.cnf config file and the relevant
extensions. Read the manual for more info.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: bandwidth requirements of SSL

2000-09-19 Thread Lutz Jaenicke 

On Tue, Sep 19, 2000 at 03:00:28AM -0700, David Schwartz wrote:
>   While I do agree that any encryption algorithm worth using should be able
> to withstand a known plaintext, I disagree that randomizing the plaintext is
> not valuable. For one thing, it's nobody's business exactly how many bytes
> your HTTP request is. I also think encryption is valuable for other reasons,
> like saving bandwidth.
> 
>   As for the compression header, this can easily be fixed. Begin with 8
> random bytes of data, then put the header. This is useful anyway because
> most protocols you would layer over SSL tend to have stereotyped headers
> too. I get laughed at for this though. If I had a dime for every time I was
> told to either trust an algorithm or not use it at all, ...
> 
>   Basically, if you don't care about known plaintext, you shouldn't care
> about the compression header. If you do care about known plaintext, you
> should be advocating compression.
> 
>   I'm not so concerned about HTTPS. But I'm concerned that lots of people
> will layer all sorts of other protocols over SSL. These protocols (like
> SMTP, for example) could benefit from compression.

I think that you overestimate the value of compression a bit.
Talking about SMTP over TLS, the most significant overhead is the TLS
handshake, which may take more than 3-4kbytes depending on the length
of your certificate chain and whether there is a client certificate or not.
Then you perform the MAIL FROM:/RCPT TO: handshake, which is only several
bytes and won't lead to any significant reduction by compression.
The only thing that would have any gain would be the actual message transfer.
Most emails we have are in the range of 2-4kbyes, which is the size of the
TLS handshake bytes. Summarizing, I don't think that compression would buy
us a lot.
We could gain a lot with .doc attachments people tend to send. More sensible
persons use .zip, or .gz to send data, so compression would buy us nothing.
The same applies for http, from my experience. HTML documents tend to be
reasonable sized, the really large items are .jpeg .gif or similar types,
which are already compressed and won't gain further by applying an additional
compression layer.
>From my experience, this even holds for my ISDN at home, not to speak from
the more or less speedy Internet connection of the university.

The realy ugly thing is the overhead for very small messages (I am typing
these words via ssh), were every keystroke requires some handshake, but
compression won't help here.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

openssl for NT

2000-09-19 Thread Elisee NGAN TAMBA 


Hi,

Please where can i find openssl for Windows NT. I only have Linux version.

Thanks in advance.

Elisee.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: bandwidth requirements of SSL

2000-09-19 Thread Eric Rescorla 

"David Schwartz" <[EMAIL PROTECTED]> writes:
> to withstand a known plaintext, I disagree that randomizing the plaintext is
> not valuable. For one thing, it's nobody's business exactly how many bytes
> your HTTP request is.
This is why SSL allows variable length padding, up to 255 bytes.

> I also think encryption is valuable for other reasons,
> like saving bandwidth.
>
>   As for the compression header, this can easily be fixed. Begin with 8
> random bytes of data, then put the header. This is useful anyway because
> most protocols you would layer over SSL tend to have stereotyped headers
> too.
This adds no value whatsoever. It's trivial for an attacker to
throw away the first cipher block and attack the second. Remember,
the IV for the second cipher block is the previous block of
cipher text. Similar comments apply to stream ciphers. Known plaintext
at any fixed position in the cipher stream allows keysearch attacks.

> I get laughed at for this though. If I had a dime for every time I was
> told to either trust an algorithm or not use it at all, ...
If you don't trust your encryption algorithms against known plaintext,
you've got problems compression is not going to solve.

>   Basically, if you don't care about known plaintext, you shouldn't care
> about the compression header. If you do care about known plaintext, you
> should be advocating compression.
See above.

>   I'm not so concerned about HTTPS. But I'm concerned that lots of people
> will layer all sorts of other protocols over SSL. These protocols (like
> SMTP, for example) could benefit from compression.
I'm perfectly willing to grant you that compression would provide
non-security benefits. I just don't buy the security argument.

As I said previously, the reason compression isn't in SSL isn't that
it wasn't a good idea. It was that there were IP concerns.

-Ekr
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Open-SSL and PKCS11

2000-09-19 Thread Marco Donati 

> Some smartcards receive the data and put them in
> a PKCS#1 structure before signing them (but they
> put the Sha1 Identifier in the
> DigestAlgorithmIdentifier field).
> This signatures are well verified by Open-SSL
> if I put them into a signed PKCS#7 and push a
> Sha1 algorithm identifier into the algorithms
> stack.
> Some others smartcards simply encrypt with the private key 
> what you thell them to sign.
> I can't verify these signatures with Open-SSL.

I've done a little routine that builds up the PKCS#1 signature and converts
it to der, then pass this data to the PKCS11 C_Sign function.
Open-SSL verify is ok.

But the only way I have to distinguish between Smartcards that build a PKCS1
structure before signing it is the PKCS11 dll name i don't ike it too
much.
Other ideas?

Now the main problem is:
 
> How can i verify smartcard signatures with algorithms other than Sha1?

(for smartcards that build themself the PKCS1 signature structure, off
course)

???
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: bandwidth requirements of SSL

2000-09-19 Thread David Schwartz 


> "David Schwartz" <[EMAIL PROTECTED]> writes:
> > Speaking of which, does anyone know why SSL doesn't support any
> > compression? Not only would it save bandwidth, but it seems to
> > me that it
> > would improve the strength of the encryption by randomizing the
> > 'plaintext'.
> It does support compression. It just doesn't define any algorithms.

> There were intellectual property concerns. Basically, Netscape
> and later the TLS Working Group couldn't agree on an algorithm
> that everyone was convinced was unencumbered.

That's sad.

> That said I don't buy the 'randomizing the plaintext' argument.
> Any encryption algorithm worth having doesn't need this randomizing.
> Moreover, compression algorithms often have a stereotyped header
> that gives you known plaintext.

While I do agree that any encryption algorithm worth using should be able
to withstand a known plaintext, I disagree that randomizing the plaintext is
not valuable. For one thing, it's nobody's business exactly how many bytes
your HTTP request is. I also think encryption is valuable for other reasons,
like saving bandwidth.

As for the compression header, this can easily be fixed. Begin with 8
random bytes of data, then put the header. This is useful anyway because
most protocols you would layer over SSL tend to have stereotyped headers
too. I get laughed at for this though. If I had a dime for every time I was
told to either trust an algorithm or not use it at all, ...

Basically, if you don't care about known plaintext, you shouldn't care
about the compression header. If you do care about known plaintext, you
should be advocating compression.

I'm not so concerned about HTTPS. But I'm concerned that lots of people
will layer all sorts of other protocols over SSL. These protocols (like
SMTP, for example) could benefit from compression.

DS

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Creating IIS 4.0 .key files with OpenSSL

2000-09-19 Thread Thomas Christmann 

I'll make it short:

Can I create the IIS 4.0 .key backup files from a certificate and a corresponding 
private key with OpenSSL?
If it it's possible, how can it be done? Does anybody know how this .key file is 
encoded (PKCS #x, something else)?

Thank you,

Thomas Christmann
NT-Systemprogrammierer

mailto:[EMAIL PROTECTED]

Schlund + Partner AG
Erbprinzenstrasse 4-12
D-76133 Karlsruhe
http://www.schlund.de

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

howto: set extensions for root certificate

2000-09-19 Thread Markus Wagner 

Hi,

when signing new certificates with openssl ca one can use the -config
option to specify which CA and options to use.

But when creating a self signed root certificate there is no such
option.
So how can I specify the attributes of the self signed root certificate.

Especially: Howto generate a self signed root certificate which is
capable of object signing?

Thanks,

Markus

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: WAP compatible cert HOWTO?

2000-09-19 Thread Yuriy Stul 

Hi Erik,
I am sorry, I don't know answer on your question but this problem is very
interesting to me too.

Please, if you will get reply on the question, let me know.

Regards
Yuriy Stul, Tashilon Ltd., Core Technology Division Manager
 

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Erik Petersen
> Sent: Monday, September 18, 2000 11:17 PM
> To: Openssl-Users
> Subject: WAP compatible cert HOWTO?

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl engine version beta2 compilation problems

2000-09-19 Thread David Maurus 

I've had the same problem and discovered the following patch:

http://marc.theaimsgroup.com/?l=openssl-dev&m=96923042325868&w=2

The functions are loaded dynamically, so it is necessary to check whether they
loaded or not (or your executable will crash on all machines which don't provide
the NetStatisticsGet-Function). The patch above includes theses tests which are
missing in the plain beta2-tree.

Additionally, I couldn't compile with VC60 because LMSTR was an unknown type. I
had to replace these definitions by LPWSTR:

typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
(LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);

Regards,
David Maurus

Lin Geng wrote:

> However, the file rand_win.c compiles if you make the following changes:
>
> 1. comment out the two typedefs
>
> typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
> (LMSTR, LMSTR, DWORD, DWORD, LPBYTE*);
> typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
>
> 2. add two defines
>
> #define NETSTATGET FARPROC
> #define NETFREE FARPROC
>
> The build should go through.
>

David Maurus

__
equinux Aktiengesellschaft
Informationstechnologien
Gabelsbergerstr. 30
80333 München - Germany
Tel. 089/520465-0
Fax. 089/520465-299
mailto:[EMAIL PROTECTED]
http://www.equinux.de

MyJack - Das innovative Messagingsystem der equinux AG
http://www.myjack.de


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Generating Certs on the fly

2000-09-19 Thread Juan M. Casillas 



Hi !

   Im writting a client/server application, using C++, the 
   server follows a multithread model, and I want to generate
   new certificates for each new client that connects with my
   server.
   
   The client runs perfect, but I have problems with my 
   server. I want to create the certificates on-the-fly
   when new client arrives, use this cert for this
   connection, and when the conn closes, I freeup the
   cert, So I don't need to store / load them from a 
   file.

   I don't know how to archieve that. I built a cert,
   but when I connect the client, I have lots of 
   errors due the ASN codification. 

   Please, can anybody help me to create a new 
   cert on-the-fly ? here is my code:

   Thanks in advance


-server-code--

X509 *generate_new_cert(int days=30, int length=1024, int exp=3) {

  //  X509V3_CTX ext_ctx;
  // static LHASH *req_conf=NULL;

  const EVP_MD *digest=EVP_md5();

  SSL_CTX* ctx;
  SSL_METHOD *meth;
  EVP_PKEY *pkey=NULL;

  RSA *rsakey;

  X509 *x509ss=NULL;
  X509_REQ *req=NULL;

  EVP_PKEY *tmppkey;

  SSL_load_error_strings();
  SSLeay_add_ssl_algorithms();
  meth = SSLv23_server_method();

  ctx = SSL_CTX_new(meth);   // generate a new context

  if (!ctx) {
ERR_print_errors_fp(stderr);
exit(2);
  }

  /* 
   *  here, we want to create a private key,
   *  and with this, create a new certificate
   */

  // pkey = EVP_PKEY_new();

  //
  // generating a new RSAKEY
  //

  rsakey = RSA_generate_key(length,exp,NULL,NULL);
  if (rsakey==NULL) {
cout << "Arrggg can't generate the RSA key" << endl;
exit(-1);
  }
  
  //
  // generating a new PRIVATE KEY
  //
  
  pkey=EVP_PKEY_new();
  if (!EVP_PKEY_assign_RSA(pkey, rsakey)) {
  cout << "Malo Malo" << endl;
  exit(-1);
  }

  //
  // generating a new req X509 cert
  //

  req=X509_REQ_new();
  if (!X509_REQ_set_version(req,0L)) return(0);


  X509_REQ_set_pubkey(req,pkey);

  
  if ((x509ss=X509_new()) == NULL) {
  cout << "can't create" << endl;
  }

  if(!X509_set_version(x509ss, 2)) {
  cout << "can't set version" << endl;
  }
  ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
  X509_set_issuer_name(x509ss,X509_REQ_get_subject_name(req));
  X509_gmtime_adj(X509_get_notBefore(x509ss),0);
  X509_gmtime_adj(X509_get_notAfter(x509ss),(long)60*60*24*days);
  X509_set_subject_name(x509ss,X509_REQ_get_subject_name(req));

  tmppkey = X509_REQ_get_pubkey(req);
  X509_set_pubkey(x509ss,tmppkey);
  EVP_PKEY_free(tmppkey);

  //X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
  //X509V3_set_conf_lhash(&ext_ctx, req_conf);

  if (!X509_sign(x509ss,pkey,digest)) {
  cout << "Can't sign it" << endl;
  }

  if (x509ss == NULL) cout << ">Bad cert" << endl;

  RSA_free(rsakey);
  //  EVP_PKEY_free(pkey); // this give me a coredump ... anybody
   // knows why ?



  return(x509ss);

}


int main ()
{

  X509 *cert;

  srand(time(0)); 
  cert=generate_new_cert();

  [...] more code here to do the connection

}
end-of-code

Kind regards
  

-- 
==
Juan M. Casillas Perez[EMAIL PROTECTED]
IT ManagerDemasiado Corp.
Orense 28 1-B  28020  Madrid, Spain
Tlf: 915567357Fax: 915971484
==

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How is Authority Key Identifier generated with openssl?

2000-09-19 Thread Sebastiano Di Paola 

Dr S N Henson wrote:

> Sebastiano Di Paola wrote:
> >
> > Hi all,
> > well this could seem a stupid question,
> > I would like to know if there is a function provided with openssl to
> > generate the x.509v3 extension
> > Authority Key Identifier.
> > I read rfc2459 to know how to calculate it:
> > it says:
> >
> > 1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
> >   value of the BIT STRING subjectPublicKey (excluding the tag,
> >   length, and number of unused bits).
> >
> > Or
> >
> > (2) The keyIdentifier is composed of a four bit type field with
> >   the value 0100 followed by the least significant 60 bits of the
> >   SHA-1 hash of the value of the BIT STRING subjectPublicKey.
> >
>
> I think that quote refers to subject key identifier.
>

[..]

Well, I re-read rfc2459. The quotes is written in the paragraph related to

Subject key Identifier ,but refers alsto to Authority Key Identifier.
Besides this issue

If Openssl copy Authority key info from subject key info of the issuer's
certificate How does openssl generate Subject Key Identifier for the new
certificate signed?

I would like to know if there is some high level function which can
generate the
Subject Key Identifier from a public key (as X509_digest for the whole
certificate)
If yes what is it?
if no how to generate by hand the Subject key id?
I have a PKCS12 bag with private key and certificate.
1) Extract certficate from pkcs12 with PKCS12_parse
2) Extract Public Key with X509_get_pubKey
3) Extract DER encoding of Pub Pkey with i2d_PublicKey
4) Create a sha1 digest of the buffer filled with i2d_PublicKey.

Is there something wrong because the value calculated in tha way differs
from the
value of the Subject Key Identifier already present in the certificate!!

Does the buffer filled with i2d_PublicKey contains tag,length,unused bits
or not ?
if the value of my buffer is:
3048024100BB9D0D9DBBCC80EA16F64206797A6137C93B1CE2840D1324AD6CCF5F34C8F3E1A0FE871321619AB77ADB3B668C2ABC5A5651F45E6BCB3CAED79CA29A4247B2410203010001

and the public key modulus starts with 00:BB:9D:0D  ... and ends with
42:47:B2:41
and Pub key exponent is 0x10001
What are the bytes on whic hash sha1 must be calculated??
I hope you can really help me!

Kind Regards
Sebastiano Di Paola

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: converting raw signature to PKCS#7 format

2000-09-19 Thread Marco Donati 

> The usual way to do this kind of thing is to write your own RSA_METHOD
> to hand over the signing operation (which will probably be
> RSA_private_encrypt() ) to the smart card, then place the result in an
> EVP_PKEY structure.
> What this ultimately does it calls application supplied functions when
> the particular key is used. Then you just sign as normal but pass it
> your smart card EVP_PKEY structure for the private key.

Excuse me, probably I didn't understand well what you said.
I have a similar problem.

Some smartcards receive the data and put them in a PKCS#1 structure before
signing them (but they put the Sha1 Identifier in the
DigestAlgorithmIdentifier field)
This signatures are well verified by Open SSL if I put them into a signed
PKCS#7 and push a Sha1 algorithm identifier into the algorithms stack.

Some others smartcards simply encrypt with the private key what you thell
them to sign.
I can't verify these signatures with Open-SSL.

I can't fetch from smartcard the whole private key because the key are
onboard generated and only the modulus and public exponent (that is, the
public key) are extractable (so how can i put my smartcard private key into
an EVP_PKEY?)

How can put these raw raw signatures in a PKCS#7?

How can i verify smartcard signatures with algorithms other than Sha1?


Thanks in advance

--
Marco Donati
Context Security -  Software
P.zza Liberazione, 25 - 20013 Magenta (MI)
Phone: ++39-02-97291291, Fax: ++39-02-97298225
E-Mail: [EMAIL PROTECTED],   Web site:http://www.csg.it
--

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]