Resending: OpenSSL in an embedded environment
I apoligize for sending this question again. The email account I was using has proved to be too unreliable, so I have switched to a different account. Has anyone had any experience with OpenSSL in an embedded environment? I'm trying to trim libcrypto.a and libssl.a down to a reasonable size for an embedded project. I've turned off all but the few ciphers that I need, and that only trimmed off about 200kB. (The ciphers that I kept are des, rsa, md5, and sha.) I'd like to get both of those libraries to be much smaller. Any suggestions? _ Get your FREE download of MSN Explorer at http://explorer.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
basic SSL
Hello all, I am relatively new to SSL and am cuurenntly researching it for my project. I am enquiring as to whether anyone would happen to know any useful links which contain a simple working example , or indeed, has a simple appliction of their own, just to get me started. If I could see an SSL apllication myself, I reckon the SSL documentation would be much easier to comprehend. Thanking you in advance for your replies. Aengus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
basic SSL
Hello all, Ps - I am using JSP's connecting to a database on Tomcat . Aengus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Getting messages twice?
It is not only you who is getting everything twice. I thought it was just me. I apoligize for sending this question again. The email account I was using has proved to be too unreliable, so I have switched to a different account. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Resending: OpenSSL in an embedded environment
No problem; Dr. Henson did attempt an answer to your question; see (http://www.mail-archive.com/openssl-users@openssl.org/msg18489.html) _ Greg Stark Ethentica, Inc. [EMAIL PROTECTED] _ - Original Message - From: Gregg Gibson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 30, 2001 8:59 AM Subject: Resending: OpenSSL in an embedded environment I apoligize for sending this question again. The email account I was using has proved to be too unreliable, so I have switched to a different account. Has anyone had any experience with OpenSSL in an embedded environment? I'm trying to trim libcrypto.a and libssl.a down to a reasonable size for an embedded project. I've turned off all but the few ciphers that I need, and that only trimmed off about 200kB. (The ciphers that I kept are des, rsa, md5, and sha.) I'd like to get both of those libraries to be much smaller. Any suggestions? _ Get your FREE download of MSN Explorer at http://explorer.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: non-blocking example for Net::SSLeay
[EMAIL PROTECTED] writes: I'm trying to write a tiny SSL webserver. It would really help to have an example of how to set up and use non-blocking SSL calls with a select statement or similar. The problem here is implementing CGI: the CGI script wants normal I/O through normal file descriptiors, and I see that it's my job to do SSL_read and copy the result into that file descriptor, and copy output from the CGI script into SSL_write. I need to select() on the CGI processes output pipe, and the SSL input pipe, and service requests as they come in. The sample code from my book on SSL includes a program that uses select() on the terminal and on the SSL input pipe, which is a pretty isomorphic problem. You can download it at: http://www.rtfm.com/sslbook/examples/ Does the underlying BIO interface mean if I do a fcntl O_NONBLOCK on the NS (network socket) that SSL will somehow figure that out? Yes. The errors bubble up the stack to the SSL library. Maybe a new call: SSL_select($ssl,$readfds,$writefds,$exceptfds,$timeout) what it might do internally is do a select on the ssl network socket read and the rest of the $readfs, but loop around and try again if the network socket read didn't complete a pending SSL_read? You could do this, but it would interfere with other pieces of software that want to run the event loop (X programs, for instance, often want to). Can SSL writes not be similarly monitored, they can just be set as nonblocking? The basic problem you're facing is that SSL reads and writes must happen at record boundaries, so, for instance, just because there's data on the pipe doesn't mean that an entire record is ready to read. Your program really has to be prepared to handle the situation where even though select() says things are ready, they're not. There's pretty extensive discussion of the details of using select() with OpenSSL in Chapter 8 of my book, which also (of course) includes extensive documentation of the aforementioned sample code. -Ekr [Eric Rescorla [EMAIL PROTECTED]] Author of SSL and TLS: Designing and Building Secure Systems http://www.rtfm.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Beginner Q: Did anyone try porting OpenSsl to Vxworks ?
Hello Group, Did anyone try porting OpenSsl to Vxworks platform ?. Any success :), jut to gain some confidence. Regards, Prashant. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Ocotillo PRNG
From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]] Sent: Friday, April 27, 2001 6:58 PM On Fri, Apr 27, 2001 at 11:33:25AM -0700, Crosland, Jerel (Contract) wrote: I'd like to use the Ocotillo PRNG with OpenSSL, but it is failing when I do the make test in the randtest module. Ocotillo creates a named pipe at /dev/urandom but if OpenSSL is treating it like a character device it may not work correctly. As far as I have seen from the open() man-page, using a named pipe for this purpose is not very robust (it will fail for non-blocking behaviour: you cannot open a pipe for writing without a reading process, HP-UX 10.20) and I am not sure how this setup should work with several processes trying to read entropy at the same time. For arrangements of this sort - a named pipe with a single long-running producer (the daemon) and multiple consumers opening and reading from the pipe unpredictably - the standard method is to have the producer open the pipe with O_RDWR (ie. for both reading and writing).[1] Though the producer never actually reads from the pipe, there is always at least one process (the producer itself) that has it open for reading. That lets the open succeed and also prevents the producer from receiving SIGPIPE or EPIPE (depending on the disposition of SIGPIPE) if all the consumers close while it's writing. Several processes trying to read from the pipe at the same time should work fine for this application. The reads will be interleaved unpredictably (from the users' points of view), but that won't hurt anything. If that biases the data stream from the generator, then it's broken anyway. That said, I can't think of anything to particularly recommend named pipes over Unix-domain sockets for this application, except the create-and-open race condition with SVR4 streams-based implementations of Unix-domain sockets (which I noted in a message to openssl-users on 5 February). Of course that condition is easily handled with a loop in the producer when the socket is being created. [1] Stevens _UNP_ 2nd ed. vol. 2 says to open the pipe twice with two separate open calls, once with O_RDONLY and once with O_WRONLY, on the grounds that since pipes are half-duplex they should only be opened in one direction on any given descriptor. I don't know if this actually makes a difference on any platform; it doesn't appear to on Solaris 2.6. The Unix Programming FAQ from comp.unix.programmer documents using O_RDWR with no special cautions. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
pb in compil
Hi, Under Solaris 2.6, with gcc 2.95, i have the following error during the compilation whith (./Configure os/compiler:gcc, and make) Could you help me? :-( #gcc -o openssl -DMONOLITH -I../include -DTHREADS openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -lcrypto Undefined first referenced symbol in file socket s_socket.o gethostbyname s_socket.o accept s_socket.o binds_socket.o setsockopt s_socket.o getservbyname s_socket.o gethostbyaddr s_socket.o getsockopt ../libcrypto.a(b_sock.o) shutdowns_server.o listen s_socket.o connect s_socket.o ld: fatal: Symbol referencing errors. No output written to openssl collect2: ld returned 1 exit status *** Error code 1 make: Fatal error: Command failed for target `openssl' Current working directory /user/tien/openssl-0.9.6/apps *** Error code 1 make: Fatal error: Command failed for target `all' Cdemo __ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: non-blocking example for Net::SSLeay
Hi M, Here's a test program which negotiates an SSL connection and sends data in a single process (no threads, all async IO). I've also included a patch for Net-SSLeay-1.06. I had to add a few macros to Net::SSLeay to support the async error returns. I also fixed the makefile to detect openssl.exe under Windows. Hope it helps. --Noel From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: non-blocking example for Net::SSLeay Date: Sun, 29 Apr 2001 17:59:46 -0700 (PDT) I'm trying to write a tiny SSL webserver. It would really help to have an example of how to set up and use non-blocking SSL calls with a select statement or similar. The problem here is implementing CGI: the CGI script wants normal I/O through normal file descriptiors, and I see that it's my job to do SSL_read and copy the result into that file descriptor, and copy output from the CGI script into SSL_write. I need to select() on the CGI processes output pipe, and the SSL input pipe, and service requests as they come in. I'm writing this in perl, using Net::SSLeay. I've patched the echo example code into my tiny webserver, so if I'm doing the SSL_reads and SSL_writes in the main process, it works, but of course, the cgi part fails miserably. Does the underlying BIO interface mean if I do a fcntl O_NONBLOCK on the NS (network socket) that SSL will somehow figure that out? I don't see a BIO_set sort of thing to set nonblocking behavior for the BIO or SSL. The docs are a bit sparse, here. Maybe a new call: SSL_select($ssl,$readfds,$writefds,$exceptfds,$timeout) what it might do internally is do a select on the ssl network socket read and the rest of the $readfs, but loop around and try again if the network socket read didn't complete a pending SSL_read? Can SSL writes not be similarly monitored, they can just be set as nonblocking? #! /usr/bin/perl -w use lib '../lib'; use Socket; use QV::OS; use Net::SSLeay qw(1.07 die_now die_if_ssl_error); Net::SSLeay::load_error_strings(); Net::SSLeay::SSLeay_add_ssl_algorithms(); Net::SSLeay::randomize(); use strict; sub ssl_ctx { my($io) = @_; my($ctx, $ssl); $ctx = Net::SSLeay::CTX_new() or die_now(Failed to create SSL_CTX $!); Net::SSLeay::CTX_set_options($ctx, Net::SSLeay::OP_ALL) and die_if_ssl_error(CTX_set_options); $ssl = Net::SSLeay::new($ctx) or die_now(Failed to create SSL $!); Net::SSLeay::set_fd($ssl, fileno($io)) and die_if_ssl_error(set_fd); return $ssl; } sub ssl_err_select { my($ret, $ssl, $io, $sel_read, $sel_write) = @_; my($i); my($fileno) = fileno($io); vec($$sel_read, $fileno, 1) = 0; vec($$sel_write, $fileno, 1) = 0; if( $ret 0 ) { $i = Net::SSLeay::get_error($ssl, $ret); if( $i == Net::SSLeay::ERROR_WANT_READ ) { # debug print(ERROR_WANT_READ: fileno= . fileno($io) . \n); vec($$sel_read, $fileno, 1) = 1; $ret = undef; } elsif( $i == Net::SSLeay::ERROR_WANT_WRITE ) { # debug print(ERROR_WANT_WRITE: fileno= . fileno($io) . \n); vec($$sel_write, $fileno, 1) = 1; $ret = undef; } } return $ret; } #- my($buf, $off); $off = 0; if( @ARGV || ! -t STDIN ) { local($/) = undef; $buf = ; } else { $buf = Hello from Alice; } my($ssl_A, $connect_A, $ssl_B, $accept_B, $rfds, $wfds, $sel_read, $sel_write, $s, $i, $x); ($a, $b) = QV::OS-socket_pair(); select($a); $|=1; select($b); $|=1; select(STDOUT); QV::OS-io_nonblock($a, 1); QV::OS-io_nonblock($b, 1); # debug print(fileno(A)=, fileno($a), \n); print(fileno(B)=, fileno($b), \n); $ssl_A = ssl_ctx($a); #Net::SSLeay::set_connect_state($ssl_A); Net::SSLeay::use_RSAPrivateKey_file($ssl_A, 'b-rsa.pem', Net::SSLeay::FILETYPE_PEM); die_if_ssl_error(private key); Net::SSLeay::use_certificate_file($ssl_A, 'b-cert.pem', Net::SSLeay::FILETYPE_PEM); die_if_ssl_error(certificate); $ssl_B = ssl_ctx($b); #Net::SSLeay::set_connect_state($ssl_B); Net::SSLeay::use_RSAPrivateKey_file($ssl_B, 'b-rsa.pem', Net::SSLeay::FILETYPE_PEM); die_if_ssl_error(private key); Net::SSLeay::use_certificate_file($ssl_B, 'b-cert.pem', Net::SSLeay::FILETYPE_PEM); die_if_ssl_error(certificate); $accept_B = $connect_A = undef; $rfds = $wfds = ''; vec($rfds, fileno($a), 1) = 1; vec($rfds, fileno($b), 1) = 1; $sel_read = $sel_write = ''; while(1) { if( vec($rfds, fileno($a), 1) || vec($wfds, fileno($a), 1) ) { if( !$connect_A ) { $i = Net::SSLeay::connect($ssl_A); $i = ssl_err_select($i, $ssl_A, $a, \$sel_read, \$sel_write); if( !defined($i) ) { # no error, just continue
RE: pb in compil
try adding -lnsl and -lsocket to your link line. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, April 30, 2001 9:22 AM To: [EMAIL PROTECTED] Subject: pb in compil Hi, Under Solaris 2.6, with gcc 2.95, i have the following error during the compilation whith (./Configure os/compiler:gcc, and make) Could you help me? :-( #gcc -o openssl -DMONOLITH -I../include -DTHREADS openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -lcrypto Undefined first referenced symbol in file socket s_socket.o gethostbyname s_socket.o accept s_socket.o binds_socket.o setsockopt s_socket.o getservbyname s_socket.o gethostbyaddr s_socket.o getsockopt ../libcrypto.a(b_sock.o) shutdowns_server.o listen s_socket.o connect s_socket.o ld: fatal: Symbol referencing errors. No output written to openssl collect2: ld returned 1 exit status *** Error code 1 make: Fatal error: Command failed for target `openssl' Current working directory /user/tien/openssl-0.9.6/apps *** Error code 1 make: Fatal error: Command failed for target `all' Cdemo __ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
BIO_set_callback
Is the callback function that I set with BIO_set_callback only called during the handshake? I would like to trace not only the verification but all SSL_read and SSL_write data that I send during a session. If the callback function is not called at these times how do you trace these calls? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Windows Open SSL
- Original Message - From: Andrew W. Gray [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 02, 2001 12:26 PM Subject: Re: Windows Open SSL ) The visual c++ way using the IDE. I have used this approach nd was able to build/test/debug the tools. Unfortunately, I can't emember where I got this project (named openssl.dsw and is in a folder amed msvc in the root openssl folder). I don't see it in the standard elease. I must have seen it referenced somewhere in the docs and chased t down. Can anyone else help here? It's right where I left it ;-) at http://www.iconsinc.com/~agray/ossldev/ I spoke with Ulf several monthes back and hopefully it will be integrated into 0.9.7 Andrew __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Where are the low-level crypto functions implemented?
Hi, Our purpose is to write an add-on to openSSL in order to interface it safely and comprehensively with a smartcard. My teammate and I have come a long way in understanding the high-level cryptography structure -- where the methods are found, how to use them, etc, but where we get stuck is the following: for example, in openssl-0.9.6a/crypto/rsa/rsa.h the following methods are mentioned: int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to, RSA *rsa,int padding); int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to, RSA *rsa,int padding); And they are again mentioned in rsa_lib.c where int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding) returns it, but that's all. Are we missing something? Where are all the low-level methods defined? Are they system-native or protected or have I overlooked something entirely? I appreciate your help immensely, (let alone how much I learn just from lurking on this list) Gila. (Monstre) --=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-- Gila Monstre [EMAIL PROTECTED] Fearless Geek(514)732-2459 Advanced Projects Group Gemplus Software If you can't beat your computer at chess, try kickboxing. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: basic SSL
There are code examples in the openssl installation under the apps directory. If you need a more detailed example, you can check out Eric Rescorla's book SSL and TLS. It has a complete chapter on coding and the code examples from the book are available at http://www.rtfm.com/sslbook/examples Ramdas -Original Message- From: Aengus McIntyre [mailto:[EMAIL PROTECTED]] Sent: Monday, April 30, 2001 6:11 AM To: [EMAIL PROTECTED] Subject: basic SSL Hello all, I am relatively new to SSL and am cuurenntly researching it for my project. I am enquiring as to whether anyone would happen to know any useful links which contain a simple working example , or indeed, has a simple appliction of their own, just to get me started. If I could see an SSL apllication myself, I reckon the SSL documentation would be much easier to comprehend. Thanking you in advance for your replies. Aengus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem compiling s_client and s_server
- Original Message - From: agray [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, April 16, 2001 4:01 PM Subject: Re: Problem compiling s_client and s_server Best bet: You are linking against the incorrect c-runtime - use /MD (multithreaded dll) Menu: Project...Settings...c/C++ tabCategory: Code GenerationUse Runtime Library --- Multi-Threaded DLL Didn't you have to build apps.c as well for a standalone s_client.exe? You can also grab the developer studio workspace and all of the project files off of my homepage - the s_client (and all of the standalone apps) project has all of the correct settings (from compiler options to library resolution) applied. http://www.iconsinc.com/~agray/ossldev/ Andrew Marcus Carey wrote: Lutz I am using MS VC++ 6.0 on Windows 2000 to build the examples. app_rand.c s_cb.c s_client.c s_socket.c ssleay32.lib libeay32.lib rsaglue.lib The program compiled after adding app_rand.c to the build but I am getting a s_client.exe - Application Error: Memory could not be written when I run the application. Marcus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Where are the low-level crypto functions implemented?
Date sent: Mon, 30 Apr 2001 18:01:22 -0400 From: Gila Sheftel [EMAIL PROTECTED] Organization: Gemplus Inc. To: [EMAIL PROTECTED] Subject:Where are the low-level crypto functions implemented? Send reply to: [EMAIL PROTECTED] Gila The rsa structure contains a pointer to the low level functions, and in fact one of the defaults is the one you show below. You can place your own function pointers in the rsa structure if you so desire. In fact that is what I do to interface to the GemPLUS Smart Card with our software. In our case, we have to be able to process both disk based as well as Smart Card based RSA keys, and this is where we do the intercept. I am sure there are other/better ways using engines and methods, etc. but this is a quick simple way to do it, and still use all the other SSL/crypto support without having to have multiple libraries. Ken Hi, Our purpose is to write an add-on to openSSL in order to interface it safely and comprehensively with a smartcard. My teammate and I have come a long way in understanding the high-level cryptography structure -- where the methods are found, how to use them, etc, but where we get stuck is the following: for example, in openssl-0.9.6a/crypto/rsa/rsa.h the following methods are mentioned: int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to, RSA *rsa,int padding); int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to, RSA *rsa,int padding); And they are again mentioned in rsa_lib.c where int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding) returns it, but that's all. Are we missing something? Where are all the low-level methods defined? Are they system-native or protected or have I overlooked something entirely? I appreciate your help immensely, (let alone how much I learn just from lurking on this list) Gila. (Monstre) --=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-- Gila Monstre [EMAIL PROTECTED] Fearless Geek(514)732-2459 Advanced Projects Group Gemplus Software If you can't beat your computer at chess, try kickboxing. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-560-9170 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Where are the low-level crypto functions implemented?
Gila Sheftel wrote: Hi, Our purpose is to write an add-on to openSSL in order to interface it safely and comprehensively with a smartcard. My teammate and I have come a long way in understanding the high-level cryptography structure -- where the methods are found, how to use them, etc, but where we get stuck is the following: for example, in openssl-0.9.6a/crypto/rsa/rsa.h the following methods are mentioned: int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to, RSA *rsa,int padding); int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to, RSA *rsa,int padding); And they are again mentioned in rsa_lib.c where int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding) returns it, but that's all. Are we missing something? Where are all the low-level methods defined? Are they system-native or protected or have I overlooked something entirely? Hello, My name is Stephen Henson, I'm one of the OpenSSL core developers who works for Celo and thus Gemplus. What kind of facilities does the smartcard provide? Does it do high level PKCS#1 operations or just the raw 'private key operation'. You can intercept both operations but how and where you do this depends on exactly what you want to do. Which particular Gemplus libraries are you using? I'm myself getting up to speed on the Gemplus smart card side of things so maybe we could help each other here. One possible project I'm considering for OpenSSL would be to provide support for smartcards (and thus Gemplus smartcards) in the core source code. The current ENGINE architecture for OpenSSL should help with this but I think it needs some additional support to make it as smart card friendly as possible. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Where are the low-level crypto functions implemented?
Oops, shouldn't have sent that to the list. Reply-To: claims another victim :-) Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
error generating private key
Hello, I'm trying to generate a private key for use with a thawte certificate (I just want to generate they keys, the actual certificate will be installed on another server to which I don't have telnet access) The random files I used are located here: /usr/local/etc/httpd/htdocs/fileskey I keep getting this error after I enter the pass phrase: OpenSSL genrsa -des3 -rand file1.txt:file2.txt:file3.txt -out www.vitadvice.com key 512260215 semi-random bytes loaded Generating RSA private key, 512 bit long modulus . ... e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: Verify failure 10575:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib ..c:114: 10575:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:pem_lib.c:366: error in genrsa --- I did everything as it says in the instructions. But I must be doing something wrong...help is appreciated! _ Get your FREE download of MSN Explorer at http://explorer.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: does s_server accept PUT command?
I developed a SSL client adapter program and need to get some tool to test it out. s_server is great as it supports HTTP GET but in order to complete my test, I need a tool to support PUT as well. I am thinking of doing a PUT (send a file to a server) and then a GET (retrieve the same file from the server). By comparing the file sent and the file received, I know the sending and receiving big chuck of data are working. I don't have much of choices right? It is either I modify s_server to support PUT or install mod_ssl. Anyone has other idea? Thanks Patrick - Original Message - From: Richard Levitte - VMS Whacker [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, April 29, 2001 11:52 PM Subject: Re: does s_server accept PUT command? From: Patrick Li [EMAIL PROTECTED] pcwli Does the s_server only supports the GET HTTP command when pcwli running with -WWW option? I tried with PUT HTTP command and it pcwli is not working. I check the source code in apps/s_server and pcwli it does not have code to handle any HTTP command except GET. s_server is just a test tool! If you want t full-blown HTTP server, use Apache with mod_ssl or something equally suitable. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Software Engineer, Celo Communications: http://www.celocom.com/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
generating csr using public key?
Can it be done? thanks __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
how to generate SSL keys??
HiI am trying to find out how to generate a pair of SSL private and publickeys.I have installed openssl-0.9.6aand have searched the www.openssl.org FAQ section but to no avail. Someplaces I have looked say that the documentation can be found in either the"apps" or the "man" or the "doc" directories. Well, I don't appear to havean "apps" or a "doc" directory, and my "man" directory contains verydifficult, i.e. just about impossible, content to understand.I would really appreciate it if someone could take the time time to give me*detailed* instructions on how to do this. All the content on this subjectI have found so far is way too vague for me to be able to comprehend. Sorryif this is a drag for some of you, but we're not all experts!regards,john.ps I am running RedHat Linux 6.2 with Apache 1.3.19