Re: OpenSSL reduced size
Martin Witzel wrote: My objective was twofold: I wanted to keep the external lib API intact so that the many applications which are based on the OpenSSL libraries could still be linked against it. Do you return an ENOSYS for the unimplemented functions? How are unimplemented procedures handled ((void f())? There's been a need for this for a long time... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL reduced size
>..but still the i could not achive the size i wanted. Well, I do not know the restrictions you have and whether you are mainly interested to reduce the library siszes or the total size of the libraries plus the openssl executable. >I was wondering if there was a way to get away some of >the stuff like engine,cast,Pkcs12.etc under >openssl-0.9.7/crypto/. >Most of these are the supporting files for "openssl" >utility (meaning "openssl -list" command). My objective was twofold: I wanted to keep the external lib API intact so that the many applications which are based on the OpenSSL libraries could still be linked against it. This did not mean that all API calls have functional code behind them. I made use of all the conditional compilation directives I could and suppressed the code generation for all text messages. Second, I have taken out non-essential code to reduce the openssl executable. The only command line parameters which I have have left functional are genrsa, req, s_client, s_server and version. This way I have a bare bones openssl executable for those clients which want to create their key pair and certificate request themselves. I also built shared libraries and dynamically linked the openssl executable to them dynamically. The OpenSSL team has come to the same conclusion starting with version 0.9.7, as I see :-) Regards, Martin __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Reading certificate from structure using d2i_X509??
On Tue, Mar 11, 2003 at 01:54:55PM -0800, rajagopalan ramanujam wrote:
>
> hi,
>
> I am having a problem when reading a certificate and
> private key from a memory buffer instead of a file.
> i am using d2i_X509(NULL,&cert,strlen(cert)) to read
> the certificate string which was defined in one of
> .pem
> file. Should i use SSL_CTX_use_certificate_ASN1
> instead??? Please help me.
>
> copied from server.pem file
> unsigned char * cert
> ="MIIDDzCCAs2gAwIBAgICAQw==";
> unsigned char * key =
> "y5qH6Q0Nvb5SUcJEYY...p6==";
Incorrect. This is PEM format, d2i_* expected DER/binary input
use:
% openssl x509 -in server.pem -noout -C > server_cert.c
will produce some like this:
[cut]
unsigned char XXX_certificate[1592]={
0x30,0x82,0x06,0x34,0x30,0x82,0x05,0x1C,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x0D,
[cut]
>
> here is my sample server code :
>
> void ssl_server ()
> {
>
>SSL_CTX* ctx;
> SSL* ssl;
> X509*client_cert,*x509_cert,*x509_key;
> char*str;
> SSL_METHOD *meth;
> int theFd;
> fd_set theFdSet;
>
> /* SSL preliminaries. We keep the certificate and
> key with the context. */
>
> SSL_load_error_strings();
> SSLeay_add_ssl_algorithms();
> meth = SSLv23_server_method();
> ctx = SSL_CTX_new (meth);
>
> x509_cert = d2i_X509(NULL,&cert,strlen(cert));
>
> if (SSL_CTX_use_certificate(ctx,x509_cert) <= 0) {
> return;
> }
>
> x509_key = d2i_X509(NULL,&key,sizeof(key));
>
> if (SSL_CTX_use_PrivateKey(ctx,x509_key) <= 0) {
> return;
> }
>
> if (!SSL_CTX_check_private_key(ctx)) {
> printf("Private key does not match the certificate
> public key\n");
> return;
> }
>
> .
> .
> }
>
> when d2i_X509 its failing for the following reason.
> IMPLEMENT_ASN1_FUNCTIONS(X509)
> ASN1_VALUE *ASN1_item_d2i(..)
> asn1_check_tlen(..)
> ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
> return 0;
here is sample code:
X509 *
get_cert( void)
{
unsigned char *der = XXX_certificate;
X509*crt = NULL;
if ( NULL == ( crt = X509_new())) {
/* Ops, out-of-memory? */
return NULL;
}
return d2i_X509( &crt, &der, sizeof( XXX_certificate));
}
>
>
> __
> Do you Yahoo!?
> Yahoo! Web Hosting - establish your business online
> http://webhosting.yahoo.com
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
regards
Valentin Zahariev
CTO
E-CARD Ltd.
http://www.e-card.bg
PGP keyID: 0xC005C5CA
Key fingerprint = F3 46 26 21 8F F0 5E 19 5B B3 34 08 24 9E 71 13 C0 05 C5 CA
http://certs.e-card.bg:11371/pks/lookup?op=get&search=0xC005C5CA
pgp0.pgp
Description: PGP signature
RSA padding scheme, plz help!
Hi all, Could someone tell me what kind of padding does OpenSSL's crypto library use when implementing RSA asymmetric keys operations? I'm learning to write a smart card application and I want to use openssl's crypto library to do the off-card part of the application. I need to use the exact same padding scheme for operations on the card and off the card. On the card, the supported padding schemes are RSA_ISO14888, RSA_ISO9796, RSA_PKCS1, and RSA_NO_PAD. I was told that RSA_ISO9796 and RSA_PKCS1 are suitable for data of limited length (k/2 and k-11 max, respectively, where k is the RSA key size in bytes). Some of my data will be a lot more than that, so I guess I can't use those two? But which of these are supported by openssl? I'm new to cryptography, so any advises and help would be greatly appreciated. Thanks a lot! Michelle __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
