How-to use a custom elliptic curve in crypto/ec?
Does anyone know of any documentation or examples on how to use a custom elliptic curve with ECDSA and ECDH of openssl's crypto library? It doesn't look like support of custom curves is built-in. So, I have tried to duplicate what was done with built-in curves in "crypto/ec/ec_curve.c" to setup a custom curve in my own code, but it is not working. Thanks, -Mark Hansen __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Hash input and output
Hi Marek, > m1 has binary data, not string. > This data may have embeded 0x00 (look at your output above) and strcat > can not copy data in good place (to bytes before end instead of end of md1). > Use memcpy, does not relay of strlen() on such data too. I check for the output and the inner hash works correctly. I also used the memcpy instead of strcat but the problem still there. I don't know from where the problem comes, however, I tried the following and still doesn't work. static char *login="login"; static char *password="password"; static char *label="label"; SHA_CTX inner, outer; char block[20]; char blockin[strlen(label)]; usigned char innerhash[20]; //inner hash SHA_Init(&inner); SHA1_Update(&inner, login, strlen(login)); SHA1_Update(&inner, password, strlen(password)); SHA1_Final(innerhash, &inner); //outer hash memcpy(block, innerhash, sizeof(innerhash)); memcpy(blockin, label, strlen(label)); SHA_Init(&outer); SHA1_Update(&outer, block, 20); SHA1_Update(&inner, blockin, sizeof(blockin)); SHA1_Final(innerhash, &outer); Best regards, Badra __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Hash input and output
Hi Marek, I arrived to do inner/outer hash with success. Next step: store binary result into char static :) Best regards On Mon, Apr 14, 2008 at 5:42 PM, Badra <[EMAIL PROTECTED]> wrote: > Hi Marek, > > > > > m1 has binary data, not string. > > This data may have embeded 0x00 (look at your output above) and strcat > > can not copy data in good place (to bytes before end instead of end of md1). > > Use memcpy, does not relay of strlen() on such data too. > > I check for the output and the inner hash works correctly. > I also used the memcpy instead of strcat but the problem still there. > > I don't know from where the problem comes, however, I tried the > following and still doesn't work. > > static char *login="login"; > static char *password="password"; > static char *label="label"; > > SHA_CTX inner, outer; > char block[20]; > char blockin[strlen(label)]; > > usigned char innerhash[20]; > > //inner hash > SHA_Init(&inner); > SHA1_Update(&inner, login, strlen(login)); > SHA1_Update(&inner, password, strlen(password)); > SHA1_Final(innerhash, &inner); > > > //outer hash > > memcpy(block, innerhash, sizeof(innerhash)); > memcpy(blockin, label, strlen(label)); > > SHA_Init(&outer); > SHA1_Update(&outer, block, 20); > SHA1_Update(&inner, blockin, sizeof(blockin)); > SHA1_Final(innerhash, &outer); > > Best regards, > Badra > -- Badra __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Max size support of PKCS7 Api's
Hi , can any one knows what Max size of data or file can be signed or encrypted using PKCS7_sign() and PKCS_encrypt funtions. If my file is a size of one GB (or 100 gb)can this funtions work properly with out any errors , or do I need to use low level funtions. -- --Best Regards Shankar
Re: openssl-fips-1.1.2 "make install" fails in fips-1.0/Makefile for hpux64-ia64-cc HP-UX 11
Welling, Conrad Gerhart wrote: #12#3#4#5#6#7#8 Problem description: openssl-fips-1.1.2 "make install" fails in fips-1.0/Makefile for hpux64-ia64-cc, HP-UX 11. #12#3#4#5#6#7#8 #12#3#4#5#6#7#8 Problem analysis: 1. Problem is resolved using "make -i install" (no other errors occur). Appears that if last invocation of "ar d ../libcrypto.a " - in this case, "ar d ../libcrypto.a ia64-cpp.o" - returns non-zero, the return value is "visible" to make, and make, of course, exits. Appears that return code of "ar d ../libcrypto.a $exdel" should be explicitly disregarded. #12#3#4#5#6#7#8 ... Thanks for the report. Unfortunately we can't fix the already validated product. I tried this just now on a HP-UX 11.11 (PA-RISC) system, no problem. Could you also try v1.2 (ftp://ftp.openssl.org/source/openssl-fips-1.1.2.tar.gz)? We won't be able to fix it their either, but at least we'll know for the next time. -Steve M. -- Steve Marquess Open Source Software Institute [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL overhead
OK, I think I'll implement my own BIO. My C is good, although not
brilliant, but I can do it. What stopped me from trying that approach
in the first place was that the BIO* functions are so many and
that I don't know which ones do I actually *need* to reimplement (that
is, which ones is the engine going to use), but I'll dig into it.
Thanks
--
|_|0|_|
|_|_|0|
|0|0|0|
(\__/)
(='.'=)This is Bunny. Copy and paste bunny
(")_(") to help him gain world domination.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: SSL overhead
Is there any reference of what do the different members of the BIO
objects mean? method, ptr, next_bio and prev_bio are pretty obvious,
but the rest, I don't know, and I haven't been able to find any
details out there.. I'll keep googling, but if anyone knows of a good
detail out there, please point me
Thanks
Tomas
struct bio_st
{
BIO_METHOD *method;
/* bio, mode, argp, argi, argl, ret */
long (*callback)(struct bio_st *,int,const char *,int, long,long);
char *cb_arg; /* first argument for the callback */
int init;
int shutdown;
int flags; /* extra storage */
int retry_reason;
int num;
void *ptr;
struct bio_st *next_bio;/* used by filter BIOs */
struct bio_st *prev_bio;/* used by filter BIOs */
int references;
unsigned long num_read;
unsigned long num_write;
CRYPTO_EX_DATA ex_data;
};
--
|_|0|_|
|_|_|0|
|0|0|0|
(\__/)
(='.'=)This is Bunny. Copy and paste bunny
(")_(") to help him gain world domination.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: SSL overhead
On Tue, Apr 15, 2008, Tomas Neme wrote: > Is there any reference of what do the different members of the BIO > objects mean? method, ptr, next_bio and prev_bio are pretty obvious, > but the rest, I don't know, and I haven't been able to find any > details out there.. I'll keep googling, but if anyone knows of a good > detail out there, please point me > Most of them you don't need to worry about. I'd suggest looking at the fd BIO and copy some of the functionality from that. If you need non blocking I/O I'd suggest getting blocking going first which is just a case of supplying custom read/write routines in the BIO_METHOD. Once that is working you can get sort out the retry mechanism. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL overhead
> Most of them you don't need to worry about. I'd suggest looking at the fd BIO
> and copy some of the functionality from that.
OK, I will. I just wondered because mem_new (the new method of
BIO_s_mem) sets shutdown = 1 ; init = 1; num = -1 and rtcp does init =
1 ; num = 0 ; flags = 0 ; so I'd like to know what's the difference,
and what do I set to what to achieve which effect.
> If you need non blocking I/O I'd suggest getting blocking going first which
> is
> just a case of supplying custom read/write routines in the BIO_METHOD. Once
> that is working you can get sort out the retry mechanism.
I'll think about it. In our library most blocking methods are just
calls to the non-blocking inside a while-loop, but that's my partner's
style.
Thanks a lot
Tomás
--
|_|0|_|
|_|_|0|
|0|0|0|
(\__/)
(='.'=)This is Bunny. Copy and paste bunny
(")_(") to help him gain world domination.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: SSL overhead
Stephen:
> > Most of them you don't need to worry about. I'd suggest looking at the fd
> > BIO
> > and copy some of the functionality from that.
I also need to know which of the BIO_CTRL_* params do I have to
implement in my _ctrl function. Is there a reason why you said to look
at the fd BIO instead of the conn BIO or socket BIO?
It would seem that the socket BIO handles the socket abstraction, but
it does not handle calls to BIO_S_CONNECT. Actually, a grep for
BIO_S_CONNECT returns only bss_conn.. why is this? shouldn't sockets
have a call to connect too?
Tomás
--
|_|0|_|
|_|_|0|
|0|0|0|
(\__/)
(='.'=)This is Bunny. Copy and paste bunny
(")_(") to help him gain world domination.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: SSL overhead
On Tue, Apr 15, 2008 at 04:22:03PM -0300, Tomas Neme wrote: > Stephen: > > > > Most of them you don't need to worry about. I'd suggest looking at the > > > fd BIO > > > and copy some of the functionality from that. > > I also need to know which of the BIO_CTRL_* params do I have to > implement in my _ctrl function. Is there a reason why you said to look > at the fd BIO instead of the conn BIO or socket BIO? > If you use the biopair approach, you don't need any of this, you just handle requests to read/write data (with a bit of care to always flush the write buffers before attempting to read). -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL overhead
> It would seem that the socket BIO handles the socket abstraction, but
> it does not handle calls to BIO_S_CONNECT. Actually, a grep for
> BIO_S_CONNECT returns only bss_conn.. why is this? shouldn't sockets
> have a call to connect too?
sorry, I forgot that you create the BIO_socket with the socket already connected
T
--
|_|0|_|
|_|_|0|
|0|0|0|
(\__/)
(='.'=)This is Bunny. Copy and paste bunny
(")_(") to help him gain world domination.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
RE: openssl-fips-1.1.2 "make install" fails in fips-1.0/Makefile for hpux64-ia64-cc HP-UX 11
Well, Steve, if you had no problem, I'm inclined to believe that I am in error and that I didn't review the occurrence properly before reporting it. I'll report back when I've reviewed the issue again by confirming it's occurrence (start-from-scratch) and I'll try v1.2. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steve Marquess Sent: Tuesday, April 15, 2008 6:10 AM To: openssl-users@openssl.org Subject: Re: openssl-fips-1.1.2 "make install" fails in fips-1.0/Makefile for hpux64-ia64-cc HP-UX 11 Welling, Conrad Gerhart wrote: > > #12#3#4#5#6#7#8 > > Problem description: openssl-fips-1.1.2 "make install" fails in > fips-1.0/Makefile for hpux64-ia64-cc, HP-UX 11. > #12#3#4#5#6#7#8 > > #12#3#4#5#6#7#8 > > Problem analysis: 1. Problem is resolved using "make -i install" (no > other errors occur). Appears that if last invocation of "ar d > ../libcrypto.a " - in this case, "ar d ../libcrypto.a > ia64-cpp.o" - returns non-zero, the return value is "visible" to > make, and make, of course, exits. Appears that return code of "ar d > ../libcrypto.a $exdel" should be explicitly disregarded. > #12#3#4#5#6#7#8 > > ... Thanks for the report. Unfortunately we can't fix the already validated product. I tried this just now on a HP-UX 11.11 (PA-RISC) system, no problem. Could you also try v1.2 (ftp://ftp.openssl.org/source/openssl-fips-1.1.2.tar.gz)? We won't be able to fix it their either, but at least we'll know for the next time. -Steve M. -- Steve Marquess Open Source Software Institute [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl-fips-1.1.2 "make install" fails in fips-1.0/Makefile for hpux64-ia64-cc HP-UX 11
Welling, Conrad Gerhart wrote: Well, Steve, if you had no problem, I'm inclined to believe that I am in error and that I didn't review the occurrence properly before reporting it. I'll report back when I've reviewed the issue again by confirming it's occurrence (start-from-scratch) and I'll try v1.2. Thanks. Well, you're on an Itanium box and mine was PA-RISC, and gcc not the HP compiler. That could well make a difference. Unfortunately I only have access to PA-RISC. -Steve M. -- Steve Marquess Open Source Software institute [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
which Asymetic algorithem that pkcs7_sign and pkcs_encrypt
Hi , Do any one have an idea of which algorithems that pkcs7_sign and pkcs_encrypt Api's will use internally. I wanted to use only Rsa Algorithems for signing and encryption. but not sure about how to set those Rsa algorithem before calling sign and encrypt functions. -- --Best Regards Shankar
