Re: Question about GOST engine in Openssl 1.0
On 2009.05.05 at 13:47:50 +0200, Dr. Stephen Henson wrote: Yes it's just a case of hacking util/mkmf.pl and/or some Makefiles. If OpenSSL is compiled without shared library engines (enable-static-engine) in the command line you *do* get the GOST engine under VC++. And I think that static compilation is only case where compiling OpenSSL with VC++ can be important. Mingw-compiled DLLs are compatible with VC++ compiled applications. But with static libraries situation is slightly different. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
BIO_new_file() Usage Doesn't Use BIO_METHOD's ctrl Function Pointer
Hi, Is there a reason why BIO_new_file() doesn't use the BIO_METHOD ctrl function pointer using BIO_C_SET_FILENAME to open a file? Many OpenSSL functions in the system call BIO_new_file() directly to create or open a file, there's no way for an application to hook into opening a file in all cases. This is important for Windows developers who support UNICODE. Since Windows doesn't support UTF-8 encoding, it's necessary for us to hook in. Functions such as SSL_CTX_load_verify_locations() cannot use UNICODE paths. On-the-other-hand functions such as SSL_CTX_use_PrivateKey_file() can support UNICODE paths because these functions use the BIO_METHOD ctrl function pointer to open the file. I'm by no means an expert with the inner workings of OpenSSL, it just seems somewhat inconsistent to me. I'm probably missing the actual reason. Perhaps, a future version could be changed to use the method structure instead? -- Mark -- View this message in context: http://www.nabble.com/BIO_new_file%28%29-Usage-Doesn%27t-Use-BIO_METHOD%27s-ctrl-Function-Pointer-tp23397474p23397474.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: I want you to do my homework for me.
Mods: Any way there can be some banning happening soon? On Tue, May 5, 2009 at 11:39 PM, Miguel Ghobangieno mikee...@yahoo.comwrote: Are damned bridges a reference to the punk/ska/hacker/liberal movie The Matrix (TM), where a liberal white male, along with women, minorities, and homosexuals (including butch lesbians) take down the system which includes only white men (non homosexual) as it's agents? I recall a scene in The Matrix (TM) where a damned bridge was involved, there was rain aswell. I recall further that the good guys who were freeing minds happily murdered about 10,000 people in cold blood. To themselves they though Phuck them, they are part of the system (being not a woman, not a phaug, not a minority, not a lesbian woman, etc) so it's OK to murder them en masse. I also remeber that SSH was hacked in one of The Matrix (TM) films, I believe it was due to a problem in openssl. I take it that you are either a liberal white male, a woman, a homosexual of some sort. You probably enjoy being an anonomyous gas-masque wearing super gay in the Merovingian's Club Hel. You also wish to be dominated by lesbians who don't need no man. Phuck - Cool new hacker spelling of openssl. libphuck Also, changing the spelling of some word (liberally, I might add), does not make you more polite: We still understand what idea you are presenting. --- On Mon, 5/4/09, Robert Butler lighth7...@tampabay.rr.com wrote: From: Robert Butler lighth7...@tampabay.rr.com Subject: Re: I want you to do my homework for me. To: openssl-users@openssl.org Date: Monday, May 4, 2009, 6:56 AM No. I was trying to be polite, asshole. Fuck you and your shitty fucking attitude. Are we satisfied now? Do you want a fucking cookie? Go back to scaring little kids from underneath your damned bridge. Got it? Robert On Sun, 2009-05-03 at 23:24 -0700, Miguel Ghobangieno wrote: Using Phuq for the word Fuck is a liberal invention. Are you a punk/ska/etc hacker? --- On Sun, 5/3/09, Robert Butler lighth7...@tampabay.rr.com wrote: From: Robert Butler lighth7...@tampabay.rr.com Subject: Re: I want you to do my homework for me. To: openssl-users@openssl.org Date: Sunday, May 3, 2009, 12:21 PM Haha. Phuq that, and phuq you. *middle finger* Go to hell, you smelly, stinky troll. Robert On Sun, 2009-05-03 at 00:14 -0700, Miguel Ghobangieno wrote: Libssl should be rewritten in java on ruby upon rails (the bottom rail, which is now on top). This is not a suggestion. It is a demand. You _MUST_ comply. --- On Sat, 5/2/09, Frans de Boer fr...@fransdb.nl wrote: From: Frans de Boer fr...@fransdb.nl Subject: Re: I want you to do my homework for me. To: openssl-users@openssl.org Date: Saturday, May 2, 2009, 9:43 PM On Sat, 2009-05-02 at 07:19 -0700, Miguel Ghobangieno wrote: I'd like to do some crypto homework. It entails rebuilding the openssl library on windows 8 (C###). I'd like you to deatail the _EXACT_ procedure for rebuilding/recoding/synergising the openssl library in windows 8's C###. You have to do this because I told you to, requested it of you, demanded it of you. Accusations such as think of the code or learn openssl by reading the code etc will be forwarded to the Equal Empolyment Oppourtunity Commission. Furthermore I am aware that you opensource coders are all a buch of mysoginist sexists; for the most part you are all _men_. The EEOC is going to hear of THAT aswell. Period. Slash Normally I do not react, but this message must be written by a child, looking by the many spelling errors. So who can take this person seriously? 'It' clearly has no clue about the real world. Or is it an attempt to gobble up bandwidth on the Internet? In which case it succeeded moderately. Frans. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager
RE: error while executing make command
Hey Guys Somebody help please Who can I turn off ANSI mode? Regards Neerav From: Neerav Singh Sent: Monday, May 04, 2009 9:52 AM To: 'openssl-users@openssl.org' Subject: RE: error while executing make command Does anyone have any idea on this? Please help! Regards Neerav From: Neerav Singh Sent: Thursday, April 30, 2009 10:18 AM To: 'openssl-users@openssl.org' Subject: RE: error while executing make command Hi guys I was able to solve the error with ar r by including ar location in the path variable for the user Now I am confronted with the below error make[2]: Entering directory `/bidev/bihome/webserver/ssl/openssl-0.9.6c/crypto/des' cc -I.. -I../../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -c -o set_key.o set_key.c /usr/include/sys/stdsyms.h, line 377: #error: Large File interfaces not supported in strict ANSI mode. cc: acomp failed for set_key.c make[2]: *** [set_key.o] Error 2 make[2]: Leaving directory `/bidev/bihome/webserver/ssl/openssl-0.9.6c/crypto/des' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/bidev/bihome/webserver/ssl/openssl-0.9.6c/crypto' make: *** [sub_all] Error 1 I don't know what to do, will turning ANSI help? Regards From: Neerav Singh Sent: Wednesday, April 29, 2009 11:33 AM To: 'openssl-users@openssl.org' Subject: RE: error while executing make command Hi Jeremy The libcrypto.a file is a system file should I give permission to replace it, as the ar r command is trying to replace the file. Would it cause any problems? Or is the problem here-ebcdic.c, line 217: warning: empty translation unit Please suggest Thanks Neerav From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeremy Farrell Sent: Sunday, April 26, 2009 5:57 AM To: openssl-users@openssl.org Subject: RE: error while executing make command The message says that you don't have permission to execute ar. There's nothing much anyone here can do to help. You need to get permission to execute ar. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Neerav Singh Sent: Saturday, April 25, 2009 10:10 AM To: openssl-users@openssl.org Subject: RE: error while executing make command Hi guys Please help in solving the error Regards Neerav Singh Tata Consultancy Services From: Neerav Singh Sent: Thursday, April 23, 2009 5:17 PM To: 'openssl-users@openssl.org' Subject: RE: error while executing make command Hi all Sorry! Please check the full error |/bidev/bihome/webserver/ssl/openssl-0.9.6cmake + rm -f libcrypto.so.0 + rm -f libcrypto.so + rm -f libcrypto.so.0.9.6 + rm -f libssl.so.0 + rm -f libssl.so + rm -f libssl.so.0.9.6 making all in crypto... make[1]: Entering directory `/bidev/bihome/webserver/ssl/openssl-0.9.6c/crypto' ( echo #ifndef MK1MF_BUILD; \ echo /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */; \ echo #define CFLAGS \cc -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W\; \ echo #define PLATFORM \solaris-sparcv7-cc\; \ echo #define DATE \`date`\; \ echo #endif ) buildinf.h cc -I. -I../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -c -o cryptlib.o cryptlib.c cc -I. -I../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -c -o mem.o mem.c cc -I. -I../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -c -o mem_dbg.o mem_dbg.c cc -I. -I../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -c -o cversion.o cversion.c cc -I. -I../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -c -o ex_data.o ex_data.c cc -I. -I../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -c -o tmdiff.o tmdiff.c cc -I. -I../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -c -o cpt_err.o cpt_err.c cc -I. -I../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xO5 -xstrconst
Re: I want you to do my homework for me.
David Loman wrote: Mods: Any way there can be some banning happening soon? Best way to end discussions like this one is to * step back * ignore what was written (annoying or offensive or not) * just do not write any more statements * enjoy doing something more useful Please understand that the original poster just achieved his/her goal by having other people react. Best regards, Lutz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
[OPENSSL In MAC OS]The SSL Format Issue
I port the supplicant with openssl 0.9.8k. It will show that SSL3:server alert:decode error after the supplicant send the client hello message to server. I change to port the supplicatn with openssl 0.9.8i, it can authentication success. I don't know what's happen. Could you help me resolve it? Thanks very much. BR Loubot -- View this message in context: http://www.nabble.com/-OPENSSL-In-MAC-OS-The-SSL-Format-Issue-tp23403438p23403438.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: I want you to do my homework for me.
* David Loman wrote on Wed, May 06, 2009 at 11:21 +0200: Mods: Any way there can be some banning happening soon? Don't feed the trolls. oki, Steffen ---[ end of message ]-8=== About Ingenico: Ingenico is the world’s leading provider of payment solutions, with over 15 million terminals deployed across the globe. Delivering the very latest secure electronic payment technologies, transaction management and the widest range of value added services, Ingenico is shaping the future direction of the payment solutions market. Leveraging on its global presence and local expertise, Ingenico is reinforcing its leadership by taking banks and businesses beyond payment through offering comprehensive solutions, a true source of differentiation and new revenues streams. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. P Please consider the environment before printing this e-mail __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Openssl Memory leak
Okey. Now i got no more memory leaks when I put the SSL code in main.
However, if i try to put the exact same code in a thread the memory leak is
back.
Here is the essential code I'm using;
void lcserver::start()
{
SSL_library_init();
SSL_load_error_strings();
method = SSLv23_server_method();
ctx = SSL_CTX_new(method);
Some windows socket code...
while(acceptsocket = accept(listensocket,(sockaddr*)sin,len))
{
struct clientinfo *client;
client = new struct
clientinfo(acceptsocket,sin.sin_addr.s_addr,clientid++,this,rooms[0]-getthis(),ctx);
client-M1();
}
}
void clientinfo::M1()
{
CreateThread(0,0,(LPTHREAD_START_ROUTINE)M2,(LPVOID)this,0,0);
}
void clientinfo::M2(LPVOID param)
{
clientinfo* Call = (clientinfo*)param;
Call-listenfor();
delete Call;
return;
}
void clientinfo::listenfor()
{
SSL_set_bio(ssl,bio,bio);
SSL_accept(ssl);
while(SSL_shutdown(ssl) == 0)
;
SSL_free(ssl);
ERR_remove_state(0);
}
Just running this code which shouldn't leave any allocated memory, about 12
kb ram is still allocated.
2009/5/5 Nikos Balkanas nbalka...@gmail.com
Hi,
Check the return value of SSL_shutdown(ssl). Sometimes it needs up to 4
iterations to complete due to internal state machine. It completes when
the value != 0. Hope it helps.
BR,
Nikos
- Original Message -
*From:* Fabian Bergmark fabian.bergm...@gmail.com
*To:* openssl-users@openssl.org
*Sent:* Tuesday, May 05, 2009 9:13 PM
*Subject:* Openssl Memory leak
Hi
I am currently writing a Chat application using the Openssl library for
encryption. It's a multi-thread application and every client is managed by a
different thread.
However, ever since I implemented Openssl there seams to be a memory leak
of around 10 kb.
My openssl-code code is looking like following:
SSL_set_bio(ssl,bio,bio);
SSL_accept(ssl);
SSL_shutdown(ssl);
SSL_free(ssl);
where bio and ssl is class objects where BIO is set like
bio = BIO_new_socket(s,BIO_NOCLOSE)
The increased memory does not occur before SSL_accept(ssl). The first time
a client connect about a 100 kb is allocated, which I suppose is due to some
initialising function. For each new client about 0-20 kb are still allocated
after
SSL_shutdown(ssl);
SSL_free(ssl);
is issued. Is there some cleanup functions im forgetting?
I am using windows btw.
Loading a public RSA key from a DER file
Dear all,
I am working on a project which has to encrypt datas thanks to an RSA
public key stored in DER format.
I tried to write a test program using the d2i_RSAPublicKey, but the
function returns NULL. However I'm pretty sure the file is correct,
since I could use openssl command-line to obtain a public key in PEM
format.
The code looks like this:
[...]
int main()
{
RSA *rsa = NULL;
int fd;
unsigned char buf[160];
const unsigned char *p = buf;
fd = open(pk.der, O_RDONLY);
if (fd0)
{
exit(1);
}
if (read(fd, buf, sizeof(buf)) != sizeof(buf))
{
close(fd);
exit(2);
}
close(fd);
rsa = d2i_RSAPublicKey(NULL, p, sizeof(buf));
if (rsa==NULL)
{
ERR_print_errors_fp(stderr);
return 1;
}
return 0;
}
Running the program gives back the following message:
23354:error:0D0680A8:lib(13):func(104):reason(168):tasn_dec.c:1306:
23354:error:0D06C03A:lib(13):func(108):reason(58):tasn_dec.c:830:
23354:error:0D08303A:lib(13):func(131):reason(58):tasn_dec.c:749:Field=n,
Type=RSA
Also, I noticed that if I replace
const unsigned char *p = buf;
by
const unsigned char *p = buf + 22;
Then the call to d2i_RSAPublicKey returns a non-NULL value.
I assume I am doing something the wrong way but can not figure out what.
Could someone please help ?
The complete code for the program I used is at
http://inova.snv.jussieu.fr/ssltest.c
and the DER file that produced the previously shown error messages is at
http://inova.snv.jussieu.fr/pk.der
In advance, many thanks for any help.
Sébastien.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: error while executing make command
On Wed, May 6, 2009 at 11:38 AM, Neerav Singh neerav.si...@tatatel.co.in wrote: Hey Guys Somebody help please Who can I turn off ANSI mode? Neerav, this issue is veering off OpenSSL and into the system internals arena. With this kind of thing (access rights for dev tools like 'ar', etc. and the following #error) it sounds a whole lot like sufficient knowledge about the platform you are working on is lacking locally. You'll need to find such help locally when you want to keep turn-around time down to a manageable level. Regarding the last #error report: the generic approach here (I don't know your system and I don't have to, because this is the common searchsolve path for that sort of thing anywhere; at least it's been my successful way for years) is to look at that header file where the #error line was reported and look for the conditional compilation structure in there. (A bit of 'cat' piped through 'more' or 'less' and maybe a bit of 'grep' and 'find' in sys include dirs) My hunch is there's probably some 'POSIX- or STRICT-something #ifdef conditional compilation code in there which causes the #error line to appear. Once you've found which preprocessor conditions trigger this issue, the next bit of your job is to search your systems (development) documentation to check whether those symbols are documented (and what purpose they have) and how the system guys advise/want you to turn this thing on or off (and the consequences of such actions!! ). Manpages are a start; googling a few system-related newsgroups might give a hint or two as well and otherwise it's down to the nitty gritty of printed manuals and/or -D defining the guestimated relevant preprocessor symbols to shut up your compiler (and linker!). (some '-D' command options added to your CFLAGS environment variable, for example) The whole thing is very system dependent so resolving this quickly means you are best served with a knowledgable person sitting right smack in front of that machine, i.e. one who's played this sort of game a few times before. The previous 'access denied' problem is a sure sign your best bet is to get your local sysadmin on the line as well to make sure he/they and you/your team have the development environment set up properly. This is not an OpenSSL specific thing; when not diagnosed and fixed *properly* _all_ your development work is going go be screwed. (And probably going overboard on dogmatic detail here, but what the hey anyway: 'access denied' failures on basic dev tools such as 'ar' are not something any 'config' script can or should 'fix' (paranoid config scripts, which are extremely rare, may detect and abort) as this is a sure sign the machine doesn't have a correctly set up development environment OR you are running development tasks while logged in as the wrong user (which is saying the same thing, but from the other perspective). All that is a system setup thing, not a package setup/build/use item. The hard part in this is that everyone 'just assumes' everybody else knows this and has their kit set up right. One of the unmentionable trade secrets of software developers, I guess.) -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web:http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Make test fails while building 64bit openssl 9.8f
Hi, I tried to build the 64 bit of openssl 9.8f. Make was successfully but when i done make test , it fails . Here is the failure message $sh testss make a certificate request using 'req' rsa Generating a 512 bit RSA private key . . writing new private key to 'keyCA.ss' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:AU Organization Name (eg, company) []:Dodgy Brothers Common Name (eg, YOUR name) []:Dodgy CA convert the certificate request into a self signed certificate using 'x509' Signature ok subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA Getting Private key convert a certificate into a certificate request using 'x509' Getting request Private Key Generating certificate request testss[58]: 675998 Memory fault(coredump) error using 'x509' convert a certificate to a certificate request This is the error message . Should this is critical error or it is known issue. Does this error means that my openssl is not build properly Note : I have build 32 bit of openssl9.8f but i cannot see any error in that Please Help Thanks Rajan -- View this message in context: http://www.nabble.com/Make-test-fails-while-building-64bit-openssl-9.8f-tp23406266p23406266.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Loading a public RSA key from a DER file
Hi,
Your file pk.der contains a public key encoded as a SubjectPublicKeyInfo
and NOT as a PKCS#1 encoding. So, you should use the function
d2i_RSA_PUBKEY instead of d2i_RSAPublicKey in order to read the public
key.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Dear all,
I am working on a project which has to encrypt datas thanks to an RSA
public key stored in DER format.
I tried to write a test program using the d2i_RSAPublicKey, but the
function returns NULL. However I'm pretty sure the file is correct,
since I could use openssl command-line to obtain a public key in PEM
format.
The code looks like this:
[...]
int main()
{
RSA *rsa = NULL;
int fd;
unsigned char buf[160];
const unsigned char *p = buf;
fd = open(pk.der, O_RDONLY);
if (fd0)
{
exit(1);
}
if (read(fd, buf, sizeof(buf)) != sizeof(buf))
{
close(fd);
exit(2);
}
close(fd);
rsa = d2i_RSAPublicKey(NULL, p, sizeof(buf));
if (rsa==NULL)
{
ERR_print_errors_fp(stderr);
return 1;
}
return 0;
}
Running the program gives back the following message:
23354:error:0D0680A8:lib(13):func(104):reason(168):tasn_dec.c:1306:
23354:error:0D06C03A:lib(13):func(108):reason(58):tasn_dec.c:830:
23354:error:0D08303A:lib(13):func(131):reason(58):tasn_dec.c:749:Field=n,
Type=RSA
Also, I noticed that if I replace
const unsigned char *p = buf;
by
const unsigned char *p = buf + 22;
Then the call to d2i_RSAPublicKey returns a non-NULL value.
I assume I am doing something the wrong way but can not figure out what.
Could someone please help ?
The complete code for the program I used is at
http://inova.snv.jussieu.fr/ssltest.c
and the DER file that produced the previously shown error messages is at
http://inova.snv.jussieu.fr/pk.der
In advance, many thanks for any help.
Sébastien.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Loading a public RSA key from a DER file
Hi Mounir, Your file pk.der contains a public key encoded as a SubjectPublicKeyInfo and NOT as a PKCS#1 encoding. So, you should use the function d2i_RSA_PUBKEY instead of d2i_RSAPublicKey in order to read the public key. Ah I thought I tried this one but apparently I did not. It works indeed, thanks !! Could someone please explain to me the difference between these two encodings ? I know almost nothing about these things. A pointer to a good documentatiion would be enough ! Cheers, and thanks for helping MOuunir, Sébastien. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
where i can see the code of BN_mod_exp?
Hi, I know the BN_mod_exp is optimized to compute the exponential and modular combinations (it's what i have read!) i'm interested to see the algorytm instead it: becouse i have to calculate a^b^c^d..%mod (or some thing like this), at the time i iterate BN_exp to calculate one single exponent end next i do BN_mod_exp(r,a,exp,mod), unluckly is too slow, so, I would see (please!) the code of BN_mod_exp to modify it for my own use, but i don't find it!! i've seached it in /usr/lib/openssl/* and in their #include lines but i did not found the file where these two functions are implemented! (there are only a lot of declaration) ps. or any idea to do my expression in one single (or few) line(s) ? :) thanks! Antonio __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: where i can see the code of BN_mod_exp?
On Wed May 6 2009, Antonio Ragagnin wrote: Hi, I know the BN_mod_exp is optimized to compute the exponential and modular combinations (it's what i have read!) i'm interested to see the algorytm instead it: becouse i have to calculate a^b^c^d..%mod (or some thing like this), at the time i iterate BN_exp to calculate one single exponent end next i do BN_mod_exp(r,a,exp,mod), unluckly is too slow, so, I would see (please!) the code of BN_mod_exp to modify it for my own use, but i don't find it!! That sounds like a general answer would be to Google Montgomery Multiplication It is also known as Montgomery reduction - You can also find it hardware engines, such as the VIA cpu's with padlock firmware. As to where to find it in openssl - try just preprocessing the source - (gcc -E) grep/search/read the result - that is the general way to find macro-ized routines. Mike i've seached it in /usr/lib/openssl/* and in their #include lines but i did not found the file where these two functions are implemented! (there are only a lot of declaration) ps. or any idea to do my expression in one single (or few) line(s) ? :) thanks! Antonio __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: where i can see the code of BN_mod_exp?
On Wed May 6 2009, Michael S. Zick wrote: On Wed May 6 2009, Antonio Ragagnin wrote: Hi, I know the BN_mod_exp is optimized to compute the exponential and modular combinations (it's what i have read!) i'm interested to see the algorytm instead it: becouse i have to calculate a^b^c^d..%mod (or some thing like this), at the time i iterate BN_exp to calculate one single exponent end next i do BN_mod_exp(r,a,exp,mod), unluckly is too slow, so, I would see (please!) the code of BN_mod_exp to modify it for my own use, but i don't find it!! Try this link: http://everything2.com/?node_id=1812987 Mike That sounds like a general answer would be to Google Montgomery Multiplication It is also known as Montgomery reduction - You can also find it hardware engines, such as the VIA cpu's with padlock firmware. As to where to find it in openssl - try just preprocessing the source - (gcc -E) grep/search/read the result - that is the general way to find macro-ized routines. Mike i've seached it in /usr/lib/openssl/* and in their #include lines but i did not found the file where these two functions are implemented! (there are only a lot of declaration) ps. or any idea to do my expression in one single (or few) line(s) ? :) thanks! Antonio __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
DTLS: openssl s_client broken in 1.0.0-beta2 due to lack of ECDHE support
I built a vanilla openssl-1.0.0-beta2 and tried to run ./openssl s_client -dtls1 against ./openssl s_server -dtls1 To my disappointment it did not work properly. The client reported 3084506760:error:14106044:SSL routines:DTLS1_SEND_CLIENT_KEY_EXCHANGE:internal error:d1_clnt.c:976: The output of the server was 3084805768:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake failure:d1_pkt.c:1043:SSL alert number 40 After hours of debugging I found a work around which is to use ./openssl s_server -dtls1 -no_ecdhe -timeout and ./openssl s_client -dtls1 -timeout It turned out that the DTLS implementation does not support ECDHE although it happily advertises the ECDHE cipher suites in the Client Hello message. The long if-else-if-else-if-chain in dtls1_send_client_key_exchange() simply does not account for ECDHE. So I think the corresponding ciphers should not be included in the list of supported ciphers in the first place. My opinion is that s_client and s_server should always work because they are kind of reference applications. There's little to no documentation on how to use DTLS with OpenSSL. Taking this into account a running example is the only basis you can build on if you're trying to use DTLS in your app. I hope that somebody can fix that problem or at least print out a log message saying No DTLS support for ECDHE Thanks Daniel Mentz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: where i can see the code of BN_mod_exp?
thanks a lot!! 2009/5/6, Michael S. Zick open...@morethan.org: On Wed May 6 2009, Michael S. Zick wrote: On Wed May 6 2009, Antonio Ragagnin wrote: Hi, I know the BN_mod_exp is optimized to compute the exponential and modular combinations (it's what i have read!) i'm interested to see the algorytm instead it: becouse i have to calculate a^b^c^d..%mod (or some thing like this), at the time i iterate BN_exp to calculate one single exponent end next i do BN_mod_exp(r,a,exp,mod), unluckly is too slow, so, I would see (please!) the code of BN_mod_exp to modify it for my own use, but i don't find it!! Try this link: http://everything2.com/?node_id=1812987 Mike That sounds like a general answer would be to Google Montgomery Multiplication It is also known as Montgomery reduction - You can also find it hardware engines, such as the VIA cpu's with padlock firmware. As to where to find it in openssl - try just preprocessing the source - (gcc -E) grep/search/read the result - that is the general way to find macro-ized routines. Mike i've seached it in /usr/lib/openssl/* and in their #include lines but i did not found the file where these two functions are implemented! (there are only a lot of declaration) ps. or any idea to do my expression in one single (or few) line(s) ? :) thanks! Antonio __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Does AES_cbc_encrypt remove PKCS5 padding
Hi, Does AES_cbc_encrypt add or remove the padding, if I provide an un-padded data in the multiples of 16 bytes? I wrote a piece code where I am manually adding the padding but when I decrypt using AES_cbc_encrypt the padding is automatically removed. -- _/\_ With Regards SB Angel Warrior
Re: Does AES_cbc_encrypt remove PKCS5 padding
On Wed, May 06, 2009, AngelWarrior wrote: Hi, Does AES_cbc_encrypt add or remove the padding, if I provide an un-padded data in the multiples of 16 bytes? I wrote a piece code where I am manually adding the padding but when I decrypt using AES_cbc_encrypt the padding is automatically removed. None of the low level cipher routines including AES_cbc_encrypt() add or remove padding. That is handled in the EVP layer. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Does AES_cbc_encrypt remove PKCS5 padding
But I am experimenting with the code which is actually removing the padding by calling AES_cbc_encrypt(unsigned char*)input, (unsigned char*)(output), (const unsigned long)(length), ks, (unsigned char*)ivec, AES_DECRYPT). What is EVP layer? On Wed, May 6, 2009 at 3:45 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Wed, May 06, 2009, AngelWarrior wrote: Hi, Does AES_cbc_encrypt add or remove the padding, if I provide an un-padded data in the multiples of 16 bytes? I wrote a piece code where I am manually adding the padding but when I decrypt using AES_cbc_encrypt the padding is automatically removed. None of the low level cipher routines including AES_cbc_encrypt() add or remove padding. That is handled in the EVP layer. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- _/\_ With Regards SB Angel Warrior
Re: DTLS: openssl s_client broken in 1.0.0-beta2 due to lack of ECDHE support
DTLS has always been one of the red-headed stepchildren of OpenSSL. It has never received the love that the rest of the codebase has, and it needs a real maintainer. I agree, s_client and s_server are reference apps. On the -users list, we even recommend that people use them when they're trying to diagnose problems with their server or client code, respectively. That said, I'm not surprised to hear of bugs related to DTLS in it. (I'm not surprised to hear of bugs related to DTLS in general.) I'd recommend that you re-send your initial message to r...@openssl.org, as it is a genuine bug that should be submitted to the request tracker. -Kyle H On Wed, May 6, 2009 at 1:51 PM, Daniel Mentz danie...@sent.com wrote: I built a vanilla openssl-1.0.0-beta2 and tried to run ./openssl s_client -dtls1 against ./openssl s_server -dtls1 To my disappointment it did not work properly. The client reported 3084506760:error:14106044:SSL routines:DTLS1_SEND_CLIENT_KEY_EXCHANGE:internal error:d1_clnt.c:976: The output of the server was 3084805768:error:14102410:SSL routines:DTLS1_READ_BYTES:sslv3 alert handshake failure:d1_pkt.c:1043:SSL alert number 40 After hours of debugging I found a work around which is to use ./openssl s_server -dtls1 -no_ecdhe -timeout and ./openssl s_client -dtls1 -timeout It turned out that the DTLS implementation does not support ECDHE although it happily advertises the ECDHE cipher suites in the Client Hello message. The long if-else-if-else-if-chain in dtls1_send_client_key_exchange() simply does not account for ECDHE. So I think the corresponding ciphers should not be included in the list of supported ciphers in the first place. My opinion is that s_client and s_server should always work because they are kind of reference applications. There's little to no documentation on how to use DTLS with OpenSSL. Taking this into account a running example is the only basis you can build on if you're trying to use DTLS in your app. I hope that somebody can fix that problem or at least print out a log message saying No DTLS support for ECDHE Thanks Daniel Mentz __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
would anyone be interested in the output from a
failed OpenSSH compile using the new beta2 version of openssl? I had to punt back to version *k David C. McCall/UNIX-Linux/SysAdmin SSU - NASA/EPO http://epo.sonoma.edu/group.php 707-540-1692 These words travel almost 50,000miles to reach you, sorry for the delay __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Question about GOST engine in Openssl 1.0
Thanks, static compilation works fine. And one remark. This file engines/ccgost/readme.gost has an example configuration for GOST engine [gost_section] engine_id = gost dynamic_path = /usr/lib/ssl/engines/libgost.so default_algorithms = ALL crypt_params = id-Gost28147-89-CryptoPro-A-ParamSet The last line doesn't work in Linux and Windows. It should read CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet Victor B. Wagner пишет: On 2009.05.05 at 13:47:50 +0200, Dr. Stephen Henson wrote: Yes it's just a case of hacking util/mkmf.pl and/or some Makefiles. If OpenSSL is compiled without shared library engines (enable-static-engine) in the command line you *do* get the GOST engine under VC++. And I think that static compilation is only case where compiling OpenSSL with VC++ can be important. Mingw-compiled DLLs are compatible with VC++ compiled applications. But with static libraries situation is slightly different. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- С уважением, Андрей Кольцов программист ОАО Киберплат __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
