Seeding of PRNG on Windowsxx
Hi, I've been using OpenSSL for a while on Linux, and now ported some application to Windowsxx, where xx should indicate any of the MSWindows systems from 98 and newer. I've read the FAQ which indicates that I need to seed the PRNG on Windows systems (as opposed to Linux). On my Windows XP Pro, I *didn't* do any seeding, but still RAND_status() returned 1 This seems a little strange to me, as it indicates that it is already seeded with enough data/entropy. Are there any special treatment on Windows XP or would I get the same result on e.g. Windows98? (I don't have such a beast, so I can't just test it) And where do this seeding come from? I have to mention that I use the precompiled Win32 OpenSSL v0.9.7d from Shining Light Productions. Can someone enlighten me on this 'problem'. Best regards Egon Andersen __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Seeding of PRNG on Windowsxx
On Thu, Sep 16, 2004, Egon Andersen wrote: Hi, I've been using OpenSSL for a while on Linux, and now ported some application to Windowsxx, where xx should indicate any of the MSWindows systems from 98 and newer. I've read the FAQ which indicates that I need to seed the PRNG on Windows systems (as opposed to Linux). On my Windows XP Pro, I *didn't* do any seeding, but still RAND_status() returned 1 This seems a little strange to me, as it indicates that it is already seeded with enough data/entropy. Are there any special treatment on Windows XP or would I get the same result on e.g. Windows98? (I don't have such a beast, so I can't just test it) And where do this seeding come from? I have to mention that I use the precompiled Win32 OpenSSL v0.9.7d from Shining Light Productions. Can someone enlighten me on this 'problem'. OpenSSL seeds the PRNG from various sources of entropy on Windows automatically. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS7_add_attribute
On Thu, Sep 16, 2004, Antonio Ruiz MartÃnez wrote: Hello! Dr. Stephen Henson wrote: My guess is that there's a problem with the generation of the encoding of the attribute: what code did you use for that? oct=ASN1_STRING_new(); if (!ASN1_STRING_set(oct,p72,lenP72)) { lReturn=-50; goto err; } p7=PKCS7_new(); if (p7==NULL) { lReturn=-20; goto err; } //add certificate and keys... ... //get the signer info... PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(char *)oct); //insert the date with PKCS7_dataInit and bio_write and PKCS7_dataFinal... //ENCODE in DER ... Any idea? Its the bit *before* that which is needed: the part that produces p72 and lenP72. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Regd ASN1_ITEM_rptr( )
On Thu, Sep 16, 2004, Sravan wrote: Dr. Stephen Henson wrote: But what if I *dont *wish to use the shared library(in which the functions that return pointers to structures are present)? In my case, I need to use say a function like X509_free( ) with out linking libeay32.lib(in case of windows). For that I use the macro IMPLEMENT_ASN1_FUNCTIONS(X509). But in that expansion, ASN1_ITEM_rptr(X509) will be used which is being replaced as X509_it( ) in my case. This is being reported as unresolved symbol by the linker. The macros don't define standalone functions. They make *heavy* use of various pieces of functionality in libeay32.lib. So if you use something like that you still need the support code in libeay32.lib. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Seeding of PRNG on Windowsxx
Dr. Stephen Henson wrote: On Thu, Sep 16, 2004, Egon Andersen wrote: Hi, I've been using OpenSSL for a while on Linux, and now ported some application to Windowsxx, where xx should indicate any of the MSWindows systems from 98 and newer. I've read the FAQ which indicates that I need to seed the PRNG on Windows systems (as opposed to Linux). On my Windows XP Pro, I *didn't* do any seeding, but still RAND_status() returned 1 This seems a little strange to me, as it indicates that it is already seeded with enough data/entropy. Are there any special treatment on Windows XP or would I get the same result on e.g. Windows98? (I don't have such a beast, so I can't just test it) And where do this seeding come from? I have to mention that I use the precompiled Win32 OpenSSL v0.9.7d from Shining Light Productions. Can someone enlighten me on this 'problem'. OpenSSL seeds the PRNG from various sources of entropy on Windows automatically. Steve. Thanks! I believe this means that I don't have to worry about seeding on any Windows systems. (I think the FAQ could need a little update on this.) Best regards Egon Andersen __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS7_add_attribute
Dr. Stephen Henson wrote: On Thu, Sep 16, 2004, Antonio Ruiz Martnez wrote: Hello! Dr. Stephen Henson wrote: My guess is that there's a problem with the generation of the encoding of the attribute: what code did you use for that? oct=ASN1_STRING_new(); if (!ASN1_STRING_set(oct,p72,lenP72)) { lReturn=-50; goto err; } p7=PKCS7_new(); if (p7==NULL) { lReturn=-20; goto err; } //add certificate and keys... ... //get the signer info... PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(char *)oct); //insert the date with PKCS7_dataInit and bio_write and PKCS7_dataFinal... //ENCODE in DER ... Any idea? Its the bit *before* that which is needed: the part that produces p72 and lenP72. The p72 is a PKCS7 that I read from a file as an array of bytes coded in DER. The PKCS7 is not generated in the same function, it is only read from a file because I'm simulating that I receive an PKCS7 that I want to insert in my PKCS7. The steps followed to generate the p72 the same as the steps followed to make this PKCS7 but without inserting any attribute and I got it from the code of the directory crypto/p7. This PKCS7 I can verify it without any problem. The code I'm using folows the following steps... p7_new=PKCS7_new(); PKCS7_set_type(p7_new,NID_pkcs7_signed); PKCS7_content_new(p7_new,NID_pkcs7_data); si=PKCS7_add_signature(p7_new,cert,privKey,EVP_md5()); PKCS7_add_certificate(p7_new,cert)) PKCS7_dataInit BIO_write BIO_flush PKCS7_dataFinal //Coding in der... p72= ... If you want I can send you the complete code. I also tried to do the following seq=d2i_PKCS7(NULL,p72,lenP72); ldP7=i2d_PKCS7(seq,NULL); dSP7=(unsigned char *)malloc((ldP7)*sizeof(unsigned char)); tmpderP7=dSP7; ldP7=i2d_PKCS7(p72,tmpderP7); oct=ASN1_STRING_new(); if (!ASN1_STRING_set(oct,dSP7,ldP7)) { } p7=PKCS7_new(); if (p7==NULL) { lReturn=-20; goto err; } //add certificate and keys... ... //get the signer info... PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(char *)oct); //insert the date with PKCS7_dataInit and bio_write and PKCS7_dataFinal... //ENCODE in DER ... But this code doesn't work either. Regards, Antonio.
Re[2]: Extended key usage field
From RFC3280 section 4.2.1.13 Extended Key Usage If a certi __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]