Seeding of PRNG on Windowsxx
Hi, I've been using OpenSSL for a while on Linux, and now ported some application to Windowsxx, where xx should indicate any of the MSWindows systems from 98 and newer. I've read the FAQ which indicates that I need to seed the PRNG on Windows systems (as opposed to Linux). On my Windows XP Pro, I *didn't* do any seeding, but still RAND_status() returned 1 This seems a little strange to me, as it indicates that it is already seeded with enough data/entropy. Are there any special treatment on Windows XP or would I get the same result on e.g. Windows98? (I don't have such a beast, so I can't just test it) And where do this seeding come from? I have to mention that I use the precompiled Win32 OpenSSL v0.9.7d from Shining Light Productions. Can someone enlighten me on this 'problem'. Best regards Egon Andersen __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Seeding of PRNG on Windowsxx
On Thu, Sep 16, 2004, Egon Andersen wrote: Hi, I've been using OpenSSL for a while on Linux, and now ported some application to Windowsxx, where xx should indicate any of the MSWindows systems from 98 and newer. I've read the FAQ which indicates that I need to seed the PRNG on Windows systems (as opposed to Linux). On my Windows XP Pro, I *didn't* do any seeding, but still RAND_status() returned 1 This seems a little strange to me, as it indicates that it is already seeded with enough data/entropy. Are there any special treatment on Windows XP or would I get the same result on e.g. Windows98? (I don't have such a beast, so I can't just test it) And where do this seeding come from? I have to mention that I use the precompiled Win32 OpenSSL v0.9.7d from Shining Light Productions. Can someone enlighten me on this 'problem'. OpenSSL seeds the PRNG from various sources of entropy on Windows automatically. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS7_add_attribute
On Thu, Sep 16, 2004, Antonio Ruiz MartÃnez wrote:
Hello!
Dr. Stephen Henson wrote:
My guess is that there's a problem with the generation of the encoding of
the
attribute: what code did you use for that?
oct=ASN1_STRING_new();
if (!ASN1_STRING_set(oct,p72,lenP72)) {
lReturn=-50;
goto err;
}
p7=PKCS7_new();
if (p7==NULL) {
lReturn=-20;
goto err;
}
//add certificate and keys...
...
//get the signer info...
PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(char *)oct);
//insert the date with PKCS7_dataInit and bio_write and PKCS7_dataFinal...
//ENCODE in DER ...
Any idea?
Its the bit *before* that which is needed: the part that produces p72 and
lenP72.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Regd ASN1_ITEM_rptr( )
On Thu, Sep 16, 2004, Sravan wrote: Dr. Stephen Henson wrote: But what if I *dont *wish to use the shared library(in which the functions that return pointers to structures are present)? In my case, I need to use say a function like X509_free( ) with out linking libeay32.lib(in case of windows). For that I use the macro IMPLEMENT_ASN1_FUNCTIONS(X509). But in that expansion, ASN1_ITEM_rptr(X509) will be used which is being replaced as X509_it( ) in my case. This is being reported as unresolved symbol by the linker. The macros don't define standalone functions. They make *heavy* use of various pieces of functionality in libeay32.lib. So if you use something like that you still need the support code in libeay32.lib. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Seeding of PRNG on Windowsxx
Dr. Stephen Henson wrote: On Thu, Sep 16, 2004, Egon Andersen wrote: Hi, I've been using OpenSSL for a while on Linux, and now ported some application to Windowsxx, where xx should indicate any of the MSWindows systems from 98 and newer. I've read the FAQ which indicates that I need to seed the PRNG on Windows systems (as opposed to Linux). On my Windows XP Pro, I *didn't* do any seeding, but still RAND_status() returned 1 This seems a little strange to me, as it indicates that it is already seeded with enough data/entropy. Are there any special treatment on Windows XP or would I get the same result on e.g. Windows98? (I don't have such a beast, so I can't just test it) And where do this seeding come from? I have to mention that I use the precompiled Win32 OpenSSL v0.9.7d from Shining Light Productions. Can someone enlighten me on this 'problem'. OpenSSL seeds the PRNG from various sources of entropy on Windows automatically. Steve. Thanks! I believe this means that I don't have to worry about seeding on any Windows systems. (I think the FAQ could need a little update on this.) Best regards Egon Andersen __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS7_add_attribute
Dr. Stephen Henson wrote:
On Thu, Sep 16, 2004, Antonio Ruiz Martnez wrote:
Hello!
Dr. Stephen Henson wrote:
My guess is that there's a problem with the generation of the encoding of
the
attribute: what code did you use for that?
oct=ASN1_STRING_new();
if (!ASN1_STRING_set(oct,p72,lenP72)) {
lReturn=-50;
goto err;
}
p7=PKCS7_new();
if (p7==NULL) {
lReturn=-20;
goto err;
}
//add certificate and keys...
...
//get the signer info...
PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(char *)oct);
//insert the date with PKCS7_dataInit and bio_write and PKCS7_dataFinal...
//ENCODE in DER ...
Any idea?
Its the bit *before* that which is needed: the part that produces p72 and
lenP72.
The p72 is a PKCS7 that I read from a file as an array of bytes coded
in DER. The PKCS7 is not generated in the same function, it is only
read from a file because I'm simulating that I receive an PKCS7 that I
want to insert in my PKCS7.
The steps followed to generate the p72 the same as the steps followed
to make this PKCS7 but without inserting any attribute and I got it
from the code of the directory crypto/p7. This PKCS7 I can verify it
without any problem.
The code I'm using folows the following steps...
p7_new=PKCS7_new();
PKCS7_set_type(p7_new,NID_pkcs7_signed);
PKCS7_content_new(p7_new,NID_pkcs7_data);
si=PKCS7_add_signature(p7_new,cert,privKey,EVP_md5());
PKCS7_add_certificate(p7_new,cert))
PKCS7_dataInit
BIO_write
BIO_flush
PKCS7_dataFinal
//Coding in der...
p72= ...
If you want I can send you the complete code.
I also tried to do the following
seq=d2i_PKCS7(NULL,p72,lenP72);
ldP7=i2d_PKCS7(seq,NULL);
dSP7=(unsigned char *)malloc((ldP7)*sizeof(unsigned char));
tmpderP7=dSP7;
ldP7=i2d_PKCS7(p72,tmpderP7);
oct=ASN1_STRING_new();
if (!ASN1_STRING_set(oct,dSP7,ldP7)) {
}
p7=PKCS7_new();
if (p7==NULL) {
lReturn=-20;
goto err;
}
//add certificate and keys...
...
//get the signer info...
PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(char *)oct);
//insert the date with PKCS7_dataInit and bio_write and PKCS7_dataFinal...
//ENCODE in DER ...
But this code doesn't work either.
Regards,
Antonio.
Re[2]: Extended key usage field
From RFC3280 section 4.2.1.13 Extended Key Usage If a certi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
