about function SSL_CTX_use_PrivateKey_file(...)!
hello I meet a problem when I develop program with openssl. I was doing server program, and when I come to the function SSL_CTX_use_PrivateKey_file(...),the program consumed 100% cpu ,and this state remains for almost 7 minutes and seems to be no end. I just closed it! I do not know it is normal, or it is a error. I wonder if it is just dencrypting (I use a 1024 bit rsa key encrypted with DES-EDE3-CBC) Thank you very much! [EMAIL PROTECTED] _ ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.microsoft.com/cn __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
3DES decrytpion
hi, I'm trying to use the crypto library to decrypt a file which has been encrypted using triple-DES. I have the following declarations: char *temp; char **elines; des_cblock *input; I have a function which parses the file and grabs the encrypted strings temp = parse_file(mapped_file); I then set elines[i] = temp; However I can't pass elines[i] to des_ecb3_encrypt() as it is not declared as des_cblock. Is there any way of casting it, passing it, some way of passing the data returned by the parse_file() function to des_ecb3_encrypt()? Also, am I right in thinking that des_cblock being defined the way it is , that you can only decrypt in batches of 8 characters?? Thanks! Stella __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL on BeOS^H^H^H^Hnon-Windows non-Linux OSes
--- GOLDING,CHARLTON (Non-HP-Corvallis,ex1) [EMAIL PROTECTED] wrote: Hi, yeah true, having been burned by Be when working on their OS I wish the OS would go away, but not really. I'm glad to hear it might have been purchased by 3Com (is that true?) Somewhat; Be's assets (most of the engineers, BeOS and BeIA) were purchased by Palm (which is a subsidiary of 3Com), but it's very unlikely that the latest internal versions of BeOS will ever legally see the light of day. (There were some leaks in November.) If the OS doesn't have good TCP/IP stack support such as a lack of getsockopt() it sounds like the OS needs fixed. I think from what Yeah, it was fixed in an networking system rewrite that went as far as closed/private beta tests (and it rocked) but it was never formally released; even as an open beta. I remember of the little I ever knew of this, to call getsockopt() from some stacks you have to be root (a scary concept to me), so perhaps if that's the case in BeOS your app isn't running as root or doesn't have security privilege? Scary thought but not the problem. Everything in BeOS runs as root, because the multiuser support was never fully implemented. Everyone always has full access to BeOS's resources. If you feel up to it you might write (ugly proposal sorry) your own glue to fix the hole in the BeOS networking stack. shiver :) I never dealt with this side of BeOS so can't comment on how hard that might be, my interest was mostly in video drivers. This was back when Be had it's own box, and the code ports related to PowerPC. (Yeah, some time ago sorry.) Thanks for the response and thoughts! -Original Message- From: Zero One [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 30, 2002 4:59 PM To: [EMAIL PROTECTED] Subject: Re: OpenSSL on BeOS^H^H^H^Hnon-Windows non-Linux OSes Ok, let me amend and repeat this request since there wasn't even so much as a No! BeOS is stupid! Go away! response to my original message. (Yes, sometimes a flame is better than utter silence ;) ) The biggest problem that I seem to be running into in getting OpenSSL to compile and generate shared libraries is that the net_server version of BeOS does not apparently have getsockopt() in it's networking libraries. At least not in the standard ones that I have. So, my question is now how would one get around this lack of functionality on any operating system? The reason this is important is because one of the required files (crypto/bio/b_sock.c) in OpenSSL uses this function, precisely once (line 224). I've tried working around it by supplying the value of errno if there is an error, and I've tried following a 1998 era suggestion on it, though neither method worked. So, does anyone have suggestions based on lack of a particular function as opposed to OS wonkiness? Thanks. --- Zero One wrote: Has anyone out there had any luck getting OpenSSL compiled and running properly under BeOS R5.0.x, in particular with the net_server rather than BONE?If so, please drop me an email telling me precisely how you managed this feat, and whether you compiled the shared libraries or not.Thank you. - Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more _ Do You Yahoo!? Yahoo! Health http://rd.yahoo.com/welcome/*http:/health.yahoo.com - your guide to health and wellness __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: 3DES decrytpion
Do you have any reason to do not use EVP_Cipher*() functions instead of low-level des_ecb3_encrypt()? EVP functions provide very good abstraction layer and hide many algorithm specific details. Aleksey Sanin. Stella Power wrote: hi, I'm trying to use the crypto library to decrypt a file which has been encrypted using triple-DES. I have the following declarations: char *temp; char **elines; des_cblock *input; I have a function which parses the file and grabs the encrypted strings temp = parse_file(mapped_file); I then set elines[i] = temp; However I can't pass elines[i] to des_ecb3_encrypt() as it is not declared as des_cblock. Is there any way of casting it, passing it, some way of passing the data returned by the parse_file() function to des_ecb3_encrypt()? Also, am I right in thinking that des_cblock being defined the way it is , that you can only decrypt in batches of 8 characters?? Thanks! Stella __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: 3DES decrytpion
I'm afraid that I couldn't find any examples on how to use the EVP functions, and still do not know how I would go about implementing it. The only restriction I have on my code is that the encrypted input file is 3DES ECB encrypted. Stella On Wed, May 01, 2002 at 09:03:42AM -0700, Aleksey Sanin wrote: Do you have any reason to do not use EVP_Cipher*() functions instead of low-level des_ecb3_encrypt()? EVP functions provide very good abstraction layer and hide many algorithm specific details. Aleksey Sanin. Stella Power wrote: hi, I'm trying to use the crypto library to decrypt a file which has been encrypted using triple-DES. I have the following declarations: char *temp; char **elines; des_cblock *input; I have a function which parses the file and grabs the encrypted strings temp = parse_file(mapped_file); I then set elines[i] = temp; However I can't pass elines[i] to des_ecb3_encrypt() as it is not declared as des_cblock. Is there any way of casting it, passing it, some way of passing the data returned by the parse_file() function to des_ecb3_encrypt()? Also, am I right in thinking that des_cblock being defined the way it is , that you can only decrypt in batches of 8 characters?? Thanks! Stella __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Stuck with base64 bio
I'm really stuck trying to base64 decode a string with bios. Any help on what I''m doing wrong or how to work out what the problem is would be very much appreciated. My code is: int i = 0, j = 0; BIO *bio, *b64; b64 = BIO_new(BIO_f_base64()); bio = BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(bio, 0); // no error checking but allocations seem OK in debug i = BIO_write(bio, SGVsbG8gd29ybGRcIQo=,20); //simple example Hello World\! bio = BIO_push(b64, bio); // if I take this out I get the still encoded string back j = BIO_ctrl_pending(bio); // = 20, i.e. length of encoded srting i = BIO_read(bio, sbuf2, j); // always return 0, sbuf2 is unchanged i = BIO_eof(bio); // = 1, i.e. EOF i = BIO_ctrl_pending(bio); // = 0, i.e. now empty BIO_free_all(bio); This is driving me nuts (no-one can help me with that!) Thanks John Jarvie __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: accept of SSLeay hangs up.
on 4/30/02 10:33 PM, [EMAIL PROTECTED] purportedly said: Hi, if anybody know this problem, please give me some advice. I made a simple web server with SSLeay in perl, but sometime it hangs up. It hangs up in accept(). accept() calls read() system call and the read() system call is always waiting for coming data when it hangs up. I read a manual of SSLeay and I found Net::SSLeay::slowly. I set 1 on it. It looks slowdown, but hanging up doesn't happen so far. Did I choose a right solution? Thank you, Atsushi I haven't done this, but it doesn't sound like this is the best solution. You may want to review the section on timing out slow operations as well as blocking/non-blocking I/O in the Programming Perl book. IIRC, this behavior with read() is not uncommon. Keary Suska Esoteritech, Inc. Leveraging Open Source for a better Internet __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: 3DES decrytpion
Well, using EVP functions is not too difficult (http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#): 1) init context EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(ctx); 2) init cipher EVP_CipherInit(ctx, EVP_des_ede3_cbc(), key, iv, encrypt); 3) encrypt/decrypt data while available EVP_CipherUpdate(ctx, out, outLen, in, inLen); 4) encrypt/decrypt the last block EVP_CipherFinal(ctx, out, outLen); 5) cleanup context EVP_CIPHER_CTX_cleanup(ctx); You can also take a look at test/evp_test.c file in OpenSSL package. Aleksey Sanin. Stella Power wrote: I'm afraid that I couldn't find any examples on how to use the EVP functions, and still do not know how I would go about implementing it. The only restriction I have on my code is that the encrypted input file is 3DES ECB encrypted. Stella On Wed, May 01, 2002 at 09:03:42AM -0700, Aleksey Sanin wrote: Do you have any reason to do not use EVP_Cipher*() functions instead of low-level des_ecb3_encrypt()? EVP functions provide very good abstraction layer and hide many algorithm specific details. Aleksey Sanin. Stella Power wrote: hi, I'm trying to use the crypto library to decrypt a file which has been encrypted using triple-DES. I have the following declarations: char *temp; char **elines; des_cblock *input; I have a function which parses the file and grabs the encrypted strings temp = parse_file(mapped_file); I then set elines[i] = temp; However I can't pass elines[i] to des_ecb3_encrypt() as it is not declared as des_cblock. Is there any way of casting it, passing it, some way of passing the data returned by the parse_file() function to des_ecb3_encrypt()? Also, am I right in thinking that des_cblock being defined the way it is , that you can only decrypt in batches of 8 characters?? Thanks! Stella __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problem linking on Linux
I have been running for months on AIX with OpenSSl. I am porting my software to Linux and I am having trouble linking my application. I have included the make report results as well as my link errors. I suspect I am missing a link option. Any help would be greatly appreciated. OpenSSL self-test report: OpenSSL version: 0.9.6c Last change: Fix BN_rand_range bug pointed out by Dominikus Scherkl... Options: no-asm no-shared OS (uname): Linux picture 2.4.7-10smp #1 SMP Thu Sep 6 17:09:31 EDT 2001 i686 unknown OS (config): i686-whatever-linux2 Target (default): linux-elf Target: linux-elf Compiler: gcc version 2.96 2731 (Red Hat Linux 7.1 2.96-98) Test skipped. Test report in file testlog /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(t1_enc.o): In function `tls1_P_hash': t1_enc.o(.text+0x35): undefined reference to `HMAC_Init' t1_enc.o(.text+0x46): undefined reference to `HMAC_Update' t1_enc.o(.text+0x63): undefined reference to `HMAC_Final' t1_enc.o(.text+0x78): undefined reference to `HMAC_Init' t1_enc.o(.text+0x9b): undefined reference to `HMAC_Update' t1_enc.o(.text+0xc0): undefined reference to `HMAC_Update' t1_enc.o(.text+0xe6): undefined reference to `HMAC_Final' t1_enc.o(.text+0x137): undefined reference to `HMAC_Final' t1_enc.o(.text+0x15c): undefined reference to `HMAC_cleanup' t1_enc.o(.text+0x16a): undefined reference to `HMAC_cleanup' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(t1_enc.o): In function `tls1_change_cipher_state': t1_enc.o(.text+0x23e): undefined reference to `COMP_CTX_free' t1_enc.o(.text+0x25f): undefined reference to `COMP_CTX_new' t1_enc.o(.text+0x369): undefined reference to `COMP_CTX_free' t1_enc.o(.text+0x389): undefined reference to `COMP_CTX_new' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(t1_enc.o): In function `tls1_mac': t1_enc.o(.text+0x10a7): undefined reference to `HMAC_Init' t1_enc.o(.text+0x10b3): undefined reference to `HMAC_Update' t1_enc.o(.text+0x10c3): undefined reference to `HMAC_Update' t1_enc.o(.text+0x10d4): undefined reference to `HMAC_Update' t1_enc.o(.text+0x10ea): undefined reference to `HMAC_Final' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_lib.o): In function `SSL_CTX_new': ssl_lib.o(.text+0xac0): undefined reference to `X509_STORE_new' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_lib.o): In function `SSL_CTX_free': ssl_lib.o(.text+0xcb5): undefined reference to `X509_STORE_free' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_lib.o): In function `ssl_init_wbio_buffer': ssl_lib.o(.text+0x16ee): undefined reference to `BIO_f_buffer' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_lib.o): In function `SSL_CTX_set_cert_store': ssl_lib.o(.text+0x18df): undefined reference to `X509_STORE_free' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_lib.o): In function `SSL_CTX_set_trust': ssl_lib.o(.text+0x22f8): undefined reference to `X509_TRUST_get_by_id' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_lib.o): In function `SSL_set_trust': ssl_lib.o(.text+0x2368): undefined reference to `X509_TRUST_get_by_id' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_lib.o): In function `SSL_CTX_set_default_verify_paths': ssl_lib.o(.text+0x2d6c): undefined reference to `X509_STORE_set_default_paths' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_lib.o): In function `SSL_CTX_load_verify_locations': ssl_lib.o(.text+0x2da4): undefined reference to `X509_STORE_load_locations' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_lib.o): In function `ssl_clear_cipher_ctx': ssl_lib.o(.text+0x3097): undefined reference to `COMP_CTX_free' ssl_lib.o(.text+0x30b4): undefined reference to `COMP_CTX_free' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_err2.o): In function `SSL_load_error_strings': ssl_err2.o(.text+0x11): undefined reference to `ERR_load_crypto_strings' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_cert.o): In function `ssl_verify_cert_chain': ssl_cert.o(.text+0x40d): undefined reference to `X509_STORE_CTX_init' ssl_cert.o(.text+0x450): undefined reference to `X509_STORE_CTX_get_ex_new_index' ssl_cert.o(.text+0x460): undefined reference to `X509_STORE_CTX_set_ex_data' ssl_cert.o(.text+0x47f): undefined reference to `X509_STORE_CTX_purpose_inherit' ssl_cert.o(.text+0x496): undefined reference to `X509_STORE_CTX_set_verify_cb' ssl_cert.o(.text+0x4c5): undefined reference to `X509_verify_cert' ssl_cert.o(.text+0x4e1): undefined reference to `X509_STORE_CTX_cleanup' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_cert.o): In function `SSL_get_ex_data_X509_STORE_CTX_idx': ssl_cert.o(.text+0xccd): undefined reference to `X509_STORE_CTX_get_ex_new_index' /build/cas/src/contrib/openssl-0.9.6c/dist/lib/libssl.a(ssl_ciph.o): In function `ssl_cipher_get_evp': ssl_ciph.o(.text+0x126): undefined reference to `EVP_enc_null'
Error when using Netscape to access a https site
I am trying to access a secure site from my machine with Netscape 4* thru 6.2 and IE. When access the site with IE I get to it fine. When using Netscape, I get the following error. The certificate is not approved for the following application. I do not get an error that says I do not have a certificate to access the site. The server cert was generated with the following command. Openssl ca -policy policy_anything -out demo.cer -config /usr/local/ssl/openssl.cnf -infiles certreq.txt Everything looks like it comes across fine. I edited the demo.cer file and took out the excess jibberish that MS does not like and installed it as a server cert. Am I missing something? Has anyone seen the error on the 3rd line? Thanks.. Brandon Amundson BBN Technologies LAB: 703 284 8189 [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: accept of SSLeay hangs up.
Thank you for giving me advice. I will check timing out slow operations out. Thank you, Atsushi hierophant You may want to review the section on timing out slow operations as well hierophant as blocking/non-blocking I/O in the Programming Perl book. IIRC, this hierophant behavior with read() is not uncommon. hierophant hierophant Keary Suska hierophant Esoteritech, Inc. hierophant Leveraging Open Source for a better Internet ### Atsushi Ikeda Elegant Solutions Consulting Inc. TEL:604-709-0712 FAX:604-709-0733 Email: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Creating password-protected certs.
In message [EMAIL PROTECTED] on Tue, 30 Apr 2002 06:30:34 -0700 (PDT), Tim Jones [EMAIL PROTECTED] said: t0psecret Thanks for the help... I'm pretty new at this stuff. t0psecret So, the private key is protected with the export t0psecret password, but this is a one-time password that is only t0psecret used when importing? From my standpoint it would t0psecret really be nice to have a permanent password on the t0psecret private key... Is this something that is common with t0psecret SSL? If not, I'm wondering how Windows would react to t0psecret such a thing. It *is* a permanent password. The private key is simply encrypting with that password as a master key. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]