PKCS#1 v2.1 support
Hello! I would like to know if openssl is fully compliant with PKCS#1 v2.1 or if it is planned to support it in short. Could you help me, please? Regards, Antonio. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PKCS#1 v2.1 support
Dr. Stephen Henson wrote: On Wed, Nov 09, 2005, Antonio Ruiz Martnez wrote: Hello! I would like to know if openssl is fully compliant with PKCS#1 v2.1 or if it is planned to support it in short. Could you help me, please? Depends on what you mean by "fully compliant"... I would like to know if it supports the signature functions: RSASP1, RSAVP1, RSASSA-PSS and RSASSA-PKCS1-V1_5. I know that openssl supports rsassa-pkcs1-v1_5 but I don't know if the other ones are supported. The question is that I have received a PKCS#1 that claims to be compliant with PKCS#1 v2.1. With the openssl, with rsautl, I'm getting an error telling me that the object is too long Then I have decrypted the information received and I have seen that its length it is 20 bytes, that is, a sha-1 digest. In PKCS#1 v1.5, it is not possible because we have to used the DigestInfo structure and that it is the reason because I'm getting the error with rsautl. Then, I have been reading the PKCS#1 v2.1 standard and the funtions RSASSA-PSS and RSASSA-PKCS1-V1_5 have and encoding function but RSASP1, RSAVP1 not. After reading it I'm not sure it is possible to put directly the hash and openssl is not fully compliant or I don't understand very well the standard. Regards, Antonio.
Re: [openssl-users] OCSP structure compliance RFC2560
Hello!
Erwann ABALEA wrote:
Bonsoir,
Hodie III Kal. Mai. MMV est, Antonio Ruiz Martnez scripsit:
I'm seeing the structure generated by OpenSSL in a OCSPRequest. However, from
my point of view it doesn't accomplish with the standar because there is not
any number of the version. Is it correct?
[...]
TBSRequest ::= SEQUENCE
{
version[0] EXPLICIT INTEGER { v1(0) } DEFAULT v1,
Here, the version is told to be OPTIONAL. As per the ASN.1 standard,
DEFAULT implies OPTIONAL.
Thanks for your answer,
Antonio.
OCSP structure compliance RFC2560
Hello!
I'm seeing the structure generated by OpenSSL in a OCSPRequest. However, from
my point of view it doesn't accomplish with the standar because there is not
any number of the version. Is it correct?
Here I attach the result of the structure genereated:
0 SEQUENCE[C] = 2 elements
0 0 SEQUENCE[C] = 1 elements
0 0 0 SEQUENCE[C] = 1 elements
0 0 0 0 SEQUENCE[C] = 4 elements
0 0 0 0 0 SEQUENCE[C] = 2 elements
0 0 0 0 0 0 OBJECT ID = SHA
0 0 0 0 0 1 NULL = null
0 0 0 0 1 OCTET STRING = 20 bytes: DB:57:F4:F8:D2...
0 0 0 0 2 OCTET STRING = 20 bytes: D4:0B:E4:59:AC...
0 0 0 0 3 INTEGER = 16
0 1 CONTEXTSPECIFIC[C] = [2] EXPLICIT
0 1 0 SEQUENCE[C] = 1 elements
0 1 0 0 SEQUENCE[C] = 2 elements
0 1 0 0 0 OBJECT ID = 1.3.6.1.5.5.7.48.1.2 = OID del OCSP nonce
0 1 0 0 1 OCTET STRING = 18 bytes: 04:10:8B:91:A2...
In the RFC tells
OCSPRequest ::= SEQUENCE
{
tbsRequest TBSRequest,
optionalSignature [0] EXPLICIT Signature OPTIONAL
}
TBSRequest ::= SEQUENCE
{
version[0] EXPLICIT INTEGER { v1(0) } DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestListSEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL
}
However, the structure of the TBSRequest generated by Openssl do not carry
any number of version.
Could someone explain me the reason, please?
Is there another different RFC about OCSP?
Regards,
Antonio.
--
Antonio Ruiz Martínez
e-mail: [EMAIL PROTECTED] or arm [at] dif [dot] um [dot] es
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
RAND_Bytes in Windows CE (Pocket PC or smartphone)
Hello! I'm writing you because when I call to the function to make a pkcs#7 enveloped data, I get the following error: 1673169562:error:2406064:random number generator:SSLEAY_RAND_BYTES_PRNG not seeded:.\crypto\rand\md_rand.c:503:You need to read the OpenSSL FAQ. I read it but the problems are related to Unix System, but what about Windows CE? Could you help me to solve it, please? Thanks in advance, Regards, Antonio. -- -- Antonio Ruiz Martínez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain e-mail: [EMAIL PROTECTED] or arm [at] dif [dot] um [dot] es -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Is it possible to set IV length in EVP_Cipher?
Hola! Dr. Stephen Henson wrote: On Tue, Mar 08, 2005, Antonio Ruiz Martnez wrote: Hello! I have been looking at how I can set the length of the iv parameters in a cipher algorithm. I saw that we can put the IV with EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_decrypt); However this length, in RC2_CBC, is 8 bytes I don't know if it is possible to use another different length. I think that it is possible because Mozilla uses it, but I'm not sure if a mistake of its implementation. I would like to use 12 bytes like mozilla. How could I set the iv length in Openssl for any algorithm? The obvious question is why? I'm not sure what you mean about Mozilla. Thanks for your answer. Mozilla is using a IV of 12 bytes length. I don't know why. That is the reason because I asked if it was possible to use another differente length in the IV. Regards, Antonio. For the cipher modes that use an IV the IV length is equal to the block length of the cipher. That's fixed by standards and there's no way to change it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- -- Antonio Ruiz Martnez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain e-mail: [EMAIL PROTECTED] or arm [at] dif [dot] um [dot] es --
Is it possible to set IV length in EVP_Cipher?
Hello! I have been looking at how I can set the length of the iv parameters in a cipher algorithm. I saw that we can put the IV with EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_decrypt); However this length, in RC2_CBC, is 8 bytes I don't know if it is possible to use another different length. I think that it is possible because Mozilla uses it, but I'm not sure if a mistake of its implementation. I would like to use 12 bytes like mozilla. How could I set the iv length in Openssl for any algorithm? Could you help me, please? Regards, Antonio. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Command-line RSA-signature form a hash
Hello! I would like to use the command-line to create a signature (and verify it) from a digest. Due to some reasons I don't want to use the original text to create a hash and next the signature. For this reason, the use of openssl dgst -sha1 is not valid for me In order to get the hash I'm using openssl sha1 --binary After, I would like to get a signature using this hash. I have tested to use rsautl this way: openssl rsautl -sign -in hash.sha1 -inkey kt.pem -out signature.sha1 and to verify it I'm using openssl rsautl -verify. Then I have to compare the hash values and this way works! However I would like to know if there is other command-line tool that makes this process. That is, the signature and the verification from a hash, not from a file. And if not, is there any way to sign with the hash in a PKCS#1 format? because the way I'm using is not PKCS#1 compliant. I'm signing the hash however it should be an ASN.1 structure telling the hash OID and the hash value. Could you help me to solve my problem, please? Regards, Antonio. -- -- Antonio Ruiz Martínez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain e-mail: [EMAIL PROTECTED] or arm [at] dif [dot] um [dot] es -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL and Symbian
Hello! I'm writing you because I would like to know if anyone has compiled OpenSSL for Symbian and, in that case, how I could do it. Regards, Antonio. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS7_add_attribute
Dr. Stephen Henson wrote: On Thu, Sep 16, 2004, Antonio Ruiz Martnez wrote: I tried to put the sequence in an octet_string and with that way there is no problem but I would like to use the SEQUENCE directley if it is possible. I tried that test file and it chokes several asn1 parsing tools. It looks like the attribute is added OK and then things go badly amiss after it. This would be the case if you'd added the PKCS#7 structure along with some trailing data, for example if the length was wrong you passed to ASN1_STRING_set(). Could you send or post the octet string version: it is much easier to confirm that's the case with that. Thanks for your comments, here you're the octet string version.The content inside de octet string is the same the length of the file. This file is generated with the same code that use to the previous files the only difference is that for this version I'm using PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_OCTET_STRING,(void *)oct) instead of using PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)oct). Regards, Antonio. SignedP7TSP.p7 Description: Binary data
Problem decoding a PKCS7 structure
Hello! I have a PKCS#7 that I can't parse with Openssl, I've tried to parse it with other libraries such as IAIK and CAPICOM and it works, but with Openssl after executing d2i_PKCS7, when I am doing PKCS7_dataInit, it crashes. I don't know if there is a bug or the PKCS#7 created the other library is not correct. I have checked the structure with openssl asn1parse and it parses it correctly but it doesn't work with openssl pkcs7. Could you guide me, please? Thanks in advance, Regards, Antonio. p7Unautenticated.der Description: application/x509-ca-cert
Re: Problem decoding a PKCS7 structure
Hello! Dr. Stephen Henson wrote: On Sat, Sep 18, 2004, Antonio Ruiz Martnez wrote: Hello! I have a PKCS#7 that I can't parse with Openssl, I've tried to parse it with other libraries such as IAIK and CAPICOM and it works, but with Openssl after executing d2i_PKCS7, when I am doing PKCS7_dataInit, it crashes. I don't know if there is a bug or the PKCS#7 created the other library is not correct. I have checked the structure with openssl asn1parse and it parses it correctly but it doesn't work with openssl pkcs7. Presumably d2i_PKCS7() returns NULL indicating a parsing error and you didn't check for that? I'll check it, it may be The structure from the other library is malformed: it contains an illegal garbage EOC tagged onto the end, and you can't jut delete it because the lengths wouldn't match. Thanks for your explanation of this question, I can understand that the asn.1 structure is bad built in spite of not knowing what the garbage EOC tagged is, but this is not important, I'll see in an asn.1 manual ;) Regards, Antonio.
Re: PKCS7_add_attribute
Dr. Stephen Henson wrote:
On Thu, Sep 16, 2004, Antonio Ruiz Martnez wrote:
Hello!
Dr. Stephen Henson wrote:
My guess is that there's a problem with the generation of the encoding of
the
attribute: what code did you use for that?
oct=ASN1_STRING_new();
if (!ASN1_STRING_set(oct,p72,lenP72)) {
lReturn=-50;
goto err;
}
p7=PKCS7_new();
if (p7==NULL) {
lReturn=-20;
goto err;
}
//add certificate and keys...
...
//get the signer info...
PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(char *)oct);
//insert the date with PKCS7_dataInit and bio_write and PKCS7_dataFinal...
//ENCODE in DER ...
Any idea?
Its the bit *before* that which is needed: the part that produces p72 and
lenP72.
The p72 is a PKCS7 that I read from a file as an array of bytes coded
in DER. The PKCS7 is not generated in the same function, it is only
read from a file because I'm simulating that I receive an PKCS7 that I
want to insert in my PKCS7.
The steps followed to generate the p72 the same as the steps followed
to make this PKCS7 but without inserting any attribute and I got it
from the code of the directory crypto/p7. This PKCS7 I can verify it
without any problem.
The code I'm using folows the following steps...
p7_new=PKCS7_new();
PKCS7_set_type(p7_new,NID_pkcs7_signed);
PKCS7_content_new(p7_new,NID_pkcs7_data);
si=PKCS7_add_signature(p7_new,cert,privKey,EVP_md5());
PKCS7_add_certificate(p7_new,cert))
PKCS7_dataInit
BIO_write
BIO_flush
PKCS7_dataFinal
//Coding in der...
p72= ...
If you want I can send you the complete code.
I also tried to do the following
seq=d2i_PKCS7(NULL,p72,lenP72);
ldP7=i2d_PKCS7(seq,NULL);
dSP7=(unsigned char *)malloc((ldP7)*sizeof(unsigned char));
tmpderP7=dSP7;
ldP7=i2d_PKCS7(p72,tmpderP7);
oct=ASN1_STRING_new();
if (!ASN1_STRING_set(oct,dSP7,ldP7)) {
}
p7=PKCS7_new();
if (p7==NULL) {
lReturn=-20;
goto err;
}
//add certificate and keys...
...
//get the signer info...
PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(char *)oct);
//insert the date with PKCS7_dataInit and bio_write and PKCS7_dataFinal...
//ENCODE in DER ...
But this code doesn't work either.
Regards,
Antonio.
PKCS7_add_attribute
Hello! I've looking at the PKCS7_add_attribute function and I would like to insert a signed PKCS7 as an attribute. The header of the function is: PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,void *value); I suppose that nid should be the NID_pkcs7_signed but I don't know which values should be in atrtype (may it be V_ASN1_SEQUENCE ?) and in value (der coding of the PKCS7? or the SEQUENCE of the PKCS7, in this case, how can I get the sequence from the PKCS7?). Could you help me, please? Regards, Antonio. -- -- Antonio Ruiz Martínez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain e-mail: [EMAIL PROTECTED] or arm [at] dif [dot] um [dot] es -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PKCS7_add_attribute
Hello! Dr. Stephen Henson wrote: On Wed, Sep 15, 2004, Antonio Ruiz Martnez wrote: Hello! I've looking at the PKCS7_add_attribute function and I would like to insert a signed PKCS7 as an attribute. The header of the function is: PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,void *value); I suppose that nid should be the NID_pkcs7_signed but I don't know which values should be in atrtype (may it be V_ASN1_SEQUENCE ?) and in value (der coding of the PKCS7? or the SEQUENCE of the PKCS7, in this case, how can I get the sequence from the PKCS7?). Could you help me, please? Regards, Antonio. The NID is whatever OID is defined by whatever standard defines the syntax. If there isn't a standard you might want to create a private OID and document its meaning somewhere. The meaning of atrtype and value are based on the ASN1_TYPE structure. For a sequence atrtype is indeed V_ASN1_SEQUENCE and value is an ASN1_STRING structure containing the encoding of the SEQUENCE. Thanks for your answer, it has been very useful when I use an octect string but not when but I have got a problem when I'm using a sequence. I think I am not doing something properly because I don't get the desired result. I've tried the following options: 1) ASN1_OCTET_STRING *oct=NULL; oct=ASN1_STRING_new(); ASN1_STRING_set(oct,p7_2,lenp7_2) where p7_2 - coding in DER of a signed PKCS#7 PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)oct); i2d_PKC7 . This way when I try to decode the result of the coding I get an error, It seems the structure is not correct. However, if I try with PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_OCTET_STRING,(void *)oct) it works but I've an attribute which is an octet string that contains a DER coded PKCS7 but I would like that the attribute was directly the PKCS7 2) p7_2=d2i_PKCS7(NULL,tsp,lenTSP); PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)p7_2); i2d_PKC7 . This way I can decode the encoded PKCS7 but the PKCS7 is not inserted properly as an attribute. How can I solve the problem? Could you help me another time, please? Thanks in advance, Regards, Antonio.
Re: PKCS7_add_attribute
Dr. Stephen Henson wrote:
On Wed, Sep 15, 2004, Antonio Ruiz Martnez wrote:
Thanks for your answer, it has been very useful when I use an octect
string but not when but I have got a problem when I'm using a sequence.
I think I am not doing something properly because I don't get the
desired result.
I've tried the following options:
1)
ASN1_OCTET_STRING *oct=NULL;
oct=ASN1_STRING_new();
ASN1_STRING_set(oct,p7_2,lenp7_2)
where p7_2 - coding in DER of a signed PKCS#7
PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)oct);
i2d_PKC7 .
This way when I try to decode the result of the coding I get an error,
It seems the structure is not correct.
However, if I try with PKCS7_add_attribute(si, NID_pkcs7_signed,
V_ASN1_OCTET_STRING,(void *)oct) it works but I've an attribute which is
an octet string that contains a DER coded PKCS7 but I would like that
the attribute was directly the PKCS7
2)
p7_2=d2i_PKCS7(NULL,tsp,lenTSP);
PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)p7_2);
i2d_PKC7 .
This way I can decode the encoded PKCS7 but the PKCS7 is not inserted
properly as an attribute.
How can I solve the problem?
Could you help me another time, please?
What errors are you getting and what makes you think it isn't inserted
properly as an attribute?
Thanks for your comments!!!
I'm using the first solution 1), as you told me, that is...
oct=ASN1_STRING_new();
if (!ASN1_STRING_set(oct,pkcs7inDER,lenPKCS7inDER)) {
lReturn=-50;
goto err;
}
p7=PKCS7_new();
if (p7==NULL) {
lReturn=-20;
goto err;
}
..
si=sk_PKCS7_SIGNER_INFO_value(p7-d.sign-signer_info,0);
if (si==NULL) {
lReturn=-4;
goto err;
}
PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(char
*)oct);
And I'm getting a file that attach you. This file I can't decode it.
How are you trying to decode it.
d2i_PKCS7...
The technique I described is precisely that used to encode and decode the
S/MIME capabilities attribute. See crypto/pkcs7/pk7_attr.c which I also wrote
BTW :-)
I've been looking at that code... And I'm doing the same, I think...
Have you got any idea?
Regards,
Antonio.
test.der
Description: application/x509-ca-cert
Re: PKCS7_add_attribute
Hello!
Peter Sylvester wrote:
You may try a routine like the following by replacing all occurences of
ESS_SIGNING_CERTIFICATE by PKCS7
and change the nid to the PKCS9 V2 defined one.
Or to consider to (mis)use
id-aa-timeStampToken OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) aa(2) 14 }
Ok you're right, I thought to use that identifier when I have the
timeStampToken but at this moment I only want to make some test so as to
know if it is possible to use it.
The difference I see is that the i2d is done before setting the attribute.
Ok I agree with you, that is the only difference with my code and it is
the only thing that I can see different.
Thanks for your help.
Regards,
Antonio.
int ESS_add_attrib_signcert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERTIFICATE *sc) {
ASN1_STRING *seq;
unsigned char *p, *pp ;
int len;
len = i2d_ESS_SIGNING_CERTIFICATE(sc, NULL);
if (!(pp = (unsigned char *) OPENSSL_malloc(len)))
{
ESSerr(ESS_F_ADD_ATTRIB_SIGNCERT,ERR_R_MALLOC_FAILURE);
return 0;
}
p = pp;
i2d_ESS_SIGNING_CERTIFICATE(sc, p);
if(!(seq = ASN1_STRING_new())) {
OPENSSL_free(pp);
ESSerr(ESS_F_ADD_ATTRIB_SIGNCERT,ERR_R_MALLOC_FAILURE);
return 0;
}
if(!ASN1_STRING_set (seq, pp, len)) {
ASN1_STRING_free(seq);
OPENSSL_free(pp);
ESSerr(ESS_F_ADD_ATTRIB_SIGNCERT,ERR_R_MALLOC_FAILURE);
return 0;
}
OPENSSL_free(pp);
return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate, V_ASN1_SEQUENCE, seq);
}
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
--
Antonio Ruiz Martínez
Faculty of Computer Science-University of Murcia
30071 Murcia - Spain
e-mail: [EMAIL PROTECTED] or arm [at] dif [dot] um [dot] es
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
OpenSSL and CMS
Hello! I'm writing you because I would like to know if Opessl is planning to support the Cryptographic Message Syntax (CMS) for the PKCS#7, and in that case, when it could be possible to be available. Thanks for your answers, Regards, Antonio. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Unsigned attributes to PKCS#7
Hello! I would like to add a TimeStamping to a signed PKCS#7 and I have got some questions: - Is it the TimeStamping structure in asn.1 defined in openssl (or planned)? - Is there some attribute defined in Openssl to add the time stamping structure to a PKCS#7 as an unsigned attribute (is the PKCS7_add_attribute the proper function?) ? Could you help me, please? Thanks in advance, Regards, Antonio. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Add a new signer to a PKCS#7
Hello! Dr. Stephen Henson wrote: On Fri, Apr 23, 2004, Antonio Ruiz Martínez wrote: Hello! I'm trying to add a new signer to a PKCS#7 that I receive from another person. In first term, I'm decoding the PKCS#7 and then I'm trying to using my private key and my cert to sign the content of this PKCS#7 and insert my signature in this PKCS#7 in order to get the PKCS#7 with the two signatures. The problem is that, when I'm verifying the PKCS#7 obtained, with this code, the first signature is invalid and the second one is valid (the first signature's signer). I have parsed the result and I think the problem is the length of the signature is 0. There isn't any way to do this cleanly with the current API. Ideally adding a new signer should take the digest from the existing signer and add it to the new signer data however this isn't supported at present. The best you can do is to create a new PKCS#7 structure by signing the same content then merge the two manually by modifying the PKCS7 structure internals. Ok. That's works. Thanks a lot. Regards, Antonio. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problems compiling 0.9.7d for WCE
Hello! I'm compiling OpenSSL 0.9.7d for WCE but when I execute: nmake -f ms\ce.mak I'm getting the next error: clarm.exe /Fotmp32_ARM\apps.obj -DMONOLITH -Iinc32 -Itmp32_ARM /W3 /WX / Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWCEPLATFORM=MS_POCKET_PC_2002 -DARM -D_ARM_ - DUNDER_CE=300 -D_WIN32_CE=300 -DUNICODE -D_UNICODE -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -IC:\Programacion\wcecompat/include /Fdout32_ ARM -DOPENSSL_NO_KRB5 -c .\apps\apps.c apps.c .\apps\apps.c(1621) : error C2143: syntax error : missing ')' before 'goto' .\apps\apps.c(1896) : error C2143: syntax error : missing ')' before 'goto' .\apps\apps.c(1932) : error C2143: syntax error : missing ')' before 'goto' NMAKE : fatal error U1077: 'clarm.exe' : return code '0x2' Stop. Could you be so kind to help me, please? Regards, Antonio. -- -- Antonio Ruiz Martínez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain Telf: +34968364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems compiling 0.9.7d for WCE
Hello! Steven Reddie wrote: Hi Antonio, A patch for this has been submitted and I'll work it into a larger set of changes for supporting newer WCE SDKs. To fix the problem that you're having right now take a look at the source code at the locations listed below and make sure that the closing ')' is included. You'll see that an #ifdef causes the ')' to be dropped, so just add it to the line above/below. Ok. That's right, Thanks a lot, Antonio. Regards, Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Antonio Ruiz Martínez Sent: Friday, 23 April 2004 8:19 PM To: [EMAIL PROTECTED] Subject: Problems compiling 0.9.7d for WCE Hello! I'm compiling OpenSSL 0.9.7d for WCE but when I execute: nmake -f ms\ce.mak I'm getting the next error: clarm.exe /Fotmp32_ARM\apps.obj -DMONOLITH -Iinc32 -Itmp32_ARM /W3 /WX / Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWCEPLATFORM=MS_POCKET_PC_2002 -DARM -D_ARM_ - DUNDER_CE=300 -D_WIN32_CE=300 -DUNICODE -D_UNICODE -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -IC:\Programacion\wcecompat/include /Fdout32_ ARM -DOPENSSL_NO_KRB5 -c .\apps\apps.c apps.c .\apps\apps.c(1621) : error C2143: syntax error : missing ')' before 'goto' .\apps\apps.c(1896) : error C2143: syntax error : missing ')' before 'goto' .\apps\apps.c(1932) : error C2143: syntax error : missing ')' before 'goto' NMAKE : fatal error U1077: 'clarm.exe' : return code '0x2' Stop. Could you be so kind to help me, please? Regards, Antonio. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Add a new signer to a PKCS#7
Hello!
I'm trying to add a new signer to a PKCS#7 that I receive from
another person. In first term, I'm decoding the PKCS#7 and then I'm
trying to using my private key and my cert to sign the content of this
PKCS#7 and insert my signature in this PKCS#7 in order to get the PKCS#7
with the two signatures. The problem is that, when I'm verifying the
PKCS#7 obtained, with this code, the first signature is invalid and the
second one is valid (the first signature's signer).
I have parsed the result and I think the problem is the length of the
signature is 0.
Do you have any idea?
Could you help me, please?
Regards,
Antonio.
PKCS7 *p7_Co=B64_read_PKCS7(in);
if (p7_Co==NULL) {
printf(Error\n);
}
BIO_free(in);
PKCS7_SIGNER_INFO
*si=PKCS7_add_signature(p7_Co,certCo,privKeyCo,EVP_md5());
PKCS7_add_certificate(p7_Co,certCo);
if ((p7bio=PKCS7_dataInit(p7_Co,NULL))==NULL) {
return -1;
}
BIO_write(p7bio,ASN1_STRING_data(p7_Co-d.data),ASN1_STRING_length(p7_Co-d.data));
BIO_flush(p7bio);
if (!PKCS7_dataFinal(p7_Co,p7bio)) {
return -2;
}
BIO_free(p7bio);
int lenDerP7Co=i2d_PKCS7(p7_Co,NULL);
unsigned char *derSignedP7Co=(unsigned char
*)malloc((lenDerP7Co)*sizeof(unsigned char));
if ((derSignedP7Co)==NULL) {
return -3;
}
unsigned char *tmpderP7Co=derSignedP7Co;
lenDerP7Co=i2d_PKCS7(p7_Co,tmpderP7Co);
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Compiling an project with OpenSSL and PocketPC2002 ActiveX
Hello! I'm trying to compile an ATL ActiveX for PocketPC2002. This activeX compile properly. However, when I've included some code from Openssl when compile using the static version of the library I'm getting the followings errors: C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(5190) : error C2065: '_MAX_PATH' : undeclared identifier C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(5190) : error C2057: expected constant expression C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(5190) : error C2466: cannot allocate an array of constant size 0 C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(5190) : error C2133: 'szModule' : unknown size C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(6088) : error C2057: expected constant expression C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(6088) : error C2466: cannot allocate an array of constant size 0 C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(6088) : error C2133: 'szModule' : unknown size C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(6153) : error C2057: expected constant expression C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(6153) : error C2466: cannot allocate an array of constant size 0 C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(6153) : error C2133: 'szModule' : unknown size C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(6213) : error C2057: expected constant expression C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(6213) : error C2466: cannot allocate an array of constant size 0 C:\Archivos de programa\Windows CE Toolsrama\wce300\Pocket PC 2002\atl\include\atlbase.h(6213) : error C2133: 'szDir' : unknown size Could you be so kind of telling me what the problem is, please? Regards, Antonio. -- -- Antonio Ruiz Martínez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain Telf: +34968364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
BUF_MEM...
Hello! I've got a question about buf_mem The BIO_get_mem_ptr, Does it make a copy of the bytes in the byte array where is used? That is, Is there any function to free a BUF_MEM ? This is my source code BIO *bio=BIO_new(BIO_s_mem()); BUF_MEM *buf_mem=NULL; BIO_get_mem_ptr(bio,buf_mem); unsigned char *bytes=buf_mem-data; int length=buf_mem-length Must I to free the BUF_MEM or only the BIO? Thanks in advance for your answer, Regards, Antonio. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Base64
Hello!
I've got a function to decode a byte array in base64 and the
function is the next...
ungined char *bytes= - File (his size is 7Mb).
int length= 7Mb;
BIO *bio2=BIO_new(BIO_s_mem());
BIO_write(bio2,bytes,length);
BIO *b64_2;
if(!(b64_2 = BIO_new(BIO_f_base64( {
return NULL;
}
bio2 = BIO_push(b64_2, bio2);
char buf[4096];
BIO *dataEnSign=BIO_new(BIO_s_mem());
for (;;) {
int i=BIO_read(bio2,buf,sizeof(buf));
if (i=0) break;
BIO_write(dataEnSign,buf,i);
}
BIO_flush(bio2);
bio2 = BIO_pop(bio2);
BIO_free(b64_2);
BIO_free_all(bio2);
BUF_MEM *buf_mem3=NULL;
BIO_get_mem_ptr(dataEnSign,buf_mem3);
unsigned char *bytes2=buf_mem3-data;
int length2=buf_mem3-length
My questions are the next...
Is there another way of decode the byte array without using less memory?
the bio creates a copy of my array and it works with this copy...
How I can free the memory of the buf_mem3?
Thanks in advace,
regards,
Antonio.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Problem with the last Snapshot
Hello! I'm trying to compile the snapshot 20010506 but i get the next error: cl /Fotmp32\rsa_asn1.obj -Iinc32 -Itmp32 /MD /W3 /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_W IN32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32 -DOPENSSL_NO_KRB5 -c . \crypto\rsa\rsa_asn1.c rsa_asn1.c .\crypto\rsa\rsa_asn1.c(92) : error C2099: initializer is not a constant .\crypto\rsa\rsa_asn1.c(93) : error C2099: initializer is not a constant .\crypto\rsa\rsa_asn1.c(94) : error C2099: initializer is not a constant .\crypto\rsa\rsa_asn1.c(95) : error C2099: initializer is not a constant .\crypto\rsa\rsa_asn1.c(96) : error C2099: initializer is not a constant .\crypto\rsa\rsa_asn1.c(97) : error C2099: initializer is not a constant .\crypto\rsa\rsa_asn1.c(98) : error C2099: initializer is not a constant .\crypto\rsa\rsa_asn1.c(99) : error C2099: initializer is not a constant .\crypto\rsa\rsa_asn1.c(100) : error C2099: initializer is not a constant .\crypto\rsa\rsa_asn1.c(101) : warning C4273: 'RSAPrivateKey_it' : inconsistent dll linkage. dllexport assumed. .\crypto\rsa\rsa_asn1.c(105) : error C2099: initializer is not a constant .\crypto\rsa\rsa_asn1.c(106) : error C2099: initializer is not a constant .\crypto\rsa\rsa_asn1.c(107) : warning C4273: 'RSAPublicKey_it' : inconsistent d ll linkage. dllexport assumed. NMAKE : fatal error U1077: 'cl' : return code '0x2' How I can fix it? Thanks in advance, Regards, Antonio. -- -- Antonio Ruiz Martínez Facultad de Informática-Universidad de Murcia 30001 Murcia - España (Spain) Telf: +34-968-364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problems whit the last Snapshot(2)
Hello! I've solved the problem of my last message with /MT and revome /WX. But now I get the next problem cl /Fotmp32\hmactest.obj -Iinc32 -Itmp32 /MT /W3 /G5 /Ox /O2 /Ob2 /Gs0 / GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WI N32 -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32 -DOPENSSL_NO_KRB5 -c .\ crypto\hmac\hmactest.c hmactest.c link /nologo /subsystem:console /machine:I386 /opt:ref /out:out32\hmacte st.exe @C:\DOCUME~1\arm\CONFIG~1\Temp\nmi01344. MSVCRT.lib(MSVCRT.dll) : error LNK2005: _fprintf already defined in LIBCMT.lib(f printf.obj) MSVCRT.lib(MSVCRT.dll) : error LNK2005: _sprintf already defined in LIBCMT.lib(s printf.obj) LINK : warning LNK4098: defaultlib MSVCRT conflicts with use of other libs; us e /NODEFAULTLIB:library out32\hmactest.exe : fatal error LNK1169: one or more multiply defined symbols f ound NMAKE : fatal error U1077: 'link' : return code '0x491' Stop. How I can fix? Thanks in advance, Regards, Antonio. -- -- Antonio Ruiz Martínez Facultad de Informática-Universidad de Murcia 30001 Murcia - España (Spain) Telf: +34-968-364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problems whit the last Snapshot(2)
Hello! Marc Sherman wrote: Your project is trying to link with multiple versions of the c runtime library. As the compiler is suggesting, try using the /NODEFAULTLIB:library in your linker options. I believe LIBCMT.lib is the multi-threaded static verison of the c runtime, so try /NODEFAULTLIB:MSVCRT.lib. (I think MSVCRT.lib the single-threaded dynamic version of the c library which you don't want). See the MSDN for the above link option to get all the details. I've set the /Nodefaultlib but I get the next error: link /nologo /subsystem:console /machine:I386 /opt:ref /NODEFAULTLIB:MSV CRT.lib /out:out32\ssltest.exe @C:\DOCUME~1\arm\CONFIG~1\Temp\nmz01708. libeay32.lib(evp_key.obj) : error LNK2001: unresolved external symbol _UI_free libeay32.lib(evp_key.obj) : error LNK2001: unresolved external symbol _UI_proces s libeay32.lib(evp_key.obj) : error LNK2001: unresolved external symbol _UI_add_ve rify_string libeay32.lib(evp_key.obj) : error LNK2001: unresolved external symbol _UI_add_in put_string libeay32.lib(evp_key.obj) : error LNK2001: unresolved external symbol _UI_new out32\ssltest.exe : fatal error LNK1120: 5 unresolved externals NMAKE : fatal error U1077: 'link' : return code '0x460' Stop. How can i fix it? Thanks in advance, Regards, Antonio. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
How I can create a Cert STORE
Hello! Like I say in the subject How I can create a Cert Store? Thanks in advance, Regards, Antonio. -- -- Antonio Ruiz Martínez Facultad de Informática-Universidad de Murcia 30001 Murcia - España (Spain) Telf: +34-968-364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How I can create a Cert STORE
Rabellino Sergio wrote: Antonio Ruiz Martínez wrote: Hello! Like I say in the subject How I can create a Cert Store? Thanks in advance, Regards, Antonio. Are you thinking about the Java Keystore (and certs... also)? No, I'm thinking about the X509_STORE_CTX of OpenSSL -- Dott. Sergio Rabellino Technical Staff Department of Computer Science University of Torino (Italy) Member of the Internet Society http://www.di.unito.it/~rabser Tel. +39-0116706701 Fax. +39-011751603 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- -- Antonio Ruiz Martínez Facultad de Informática-Universidad de Murcia 30001 Murcia - España (Spain) Telf: +34-968-364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Verify Callback
Hello! I'm some questions 1) int verify_callback(int ok, X509_STORE_CTX *ctx); Does this function make the verification of the certificate received with the certificate of the his CA? 2) How I can generate a store of certificates? Thanks in advance, Regards, Antonio. -- -- Antonio Ruiz Martínez Facultad de Informática-Universidad de Murcia 30001 Murcia - España (Spain) Telf: +34-968-364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Certificate from PKCS#7
Hello! I've got (received) a PKCS#7 signed and enveloped How I can get the certificate from the signer? Thanks in advance, Antonio. -- -- Antonio Ruiz Martínez Facultad de Informática-Universidad de Murcia 30001 Murcia - España (Spain) Telf: +34-968-364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Get Public Key in byte array
Hello! How I can get the public key (from a certificate) in an array of bytes? Thanks in advance, Regards, Antonio. -- -- Antonio Ruiz Martínez Facultad de Informática-Universidad de Murcia 30001 Murcia - España (Spain) Telf: +34-968-364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
x509 and x509 Store
Hello! How I can to create a certificate from the command line? I want create a certificate, sign it and finally, I want to create an x509 store, how i can do it? Thanks in advance, Antonio. -- -- Antonio Ruiz Martnez Facultad de Informtica-Universidad de Murcia 30001 Murcia - Espaa (Spain) Telf: +34-968-364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
BIO and byte array
Hello! I'm a question about BIO. How I build a BIO from an byte array? For example, byte [] array=... BIO *pp= funcion( array); How I get an array of byte from a BIO ? byte [] array = function ( BIO ); Thanks in advance, Regards, Antonio. -- -- Antonio Ruiz Martnez Facultad de Informtica-Universidad de Murcia 30001 Murcia - Espaa (Spain) Telf: +34-968-364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ASN.1 TYPE
Hello!
I've got the next code like the x_val.c, and but
when I introduce the sequence in the asn.1 type I get an error.
What's the problem?
Thanks in advance,
Regards,
Antonio.
#include stdio.h>
#include openssl/rsa.h>
#include openssl/evp.h>
#include openssl/objects.h>
#include openssl/err.h>
#include openssl/ssl.h>
#include openssl/rand.h>
#include openssl/asn1.h>
#include openssl/asn1_mac.h>
#include "cryptlib.h"
//SEQUENCE
typedef struct X_val_st
{
ASN1_INTEGER *notBefore;
ASN1_INTEGER *notAfter;
} X_VAL;
X_VAL *X_VAL_new(void);
void X_VAL_free(X_VAL *a);
int i2d_X_VAL(X_VAL *a, unsigned char **pp)
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->notBefore,i2d_ASN1_INTEGER);
M_ASN1_I2D_len(a->notAfter,i2d_ASN1_INTEGER);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->notBefore,i2d_ASN1_INTEGER);
M_ASN1_I2D_put(a->notAfter,i2d_ASN1_INTEGER);
M_ASN1_I2D_finish();
}
X_VAL *d2i_X_VAL(X_VAL **a, unsigned char **pp, long length)
{
M_ASN1_D2I_vars(a,X_VAL *,X_VAL_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_INTEGER);
M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_INTEGER);
M_ASN1_D2I_Finish(a,X_VAL_free,333);
}
X_VAL *X_VAL_new(void)
{
X_VAL *ret=NULL;
ASN1_CTX c;
M_ASN1_New_Malloc(ret,X_VAL);
M_ASN1_New(ret->notBefore,M_ASN1_INTEGER_new);
M_ASN1_New(ret->notAfter,M_ASN1_INTEGER_new);
return(ret);
M_ASN1_New_Error(333);
}
void X_VAL_free(X_VAL *a)
{
if (a == NULL) return;
M_ASN1_TIME_free(a->notBefore);
M_ASN1_TIME_free(a->notAfter);
OPENSSL_free(a);
}
int main()
{
//
// ASN.1 type y SEQUENCE
//
printf("ASN.1 type and SEQUECE\n");
ASN1_TYPE *atS=NULL;
unsigned char *der31=NULL;
ASN1_INTEGER *not11,*not22;
not11=ASN1_INTEGER_new();
not22=ASN1_INTEGER_new();
ASN1_INTEGER_set(not11,1243);
ASN1_INTEGER_set(not22,1555);
long px1=ASN1_INTEGER_get(not11);
printf("Integer: %d\n",px1);
X_VAL *xVal1=X_VAL_new();
xVal->notAfter=not11;
xVal->notBefore=not22;
atS=ASN1_TYPE_new();
ASN1_TYPE_set(atS,V_ASN1_SEQUENCE,(char *)xVal1);
int londer1=i2d_ASN1_TYPE(atS,NULL);
der31=(unsigned char *)OPENSSL_malloc(londer1);
unsigned char* tmpder31 = der31;
londer1= i2d_ASN1_TYPE(atS,tmpder31);
ASN1_TYPE *atype21=NULL;
atype21=d2i_ASN1_TYPE(NULL,der31,londer1);
if ((atype21->type)==V_ASN1_SEQUENCE)
printf("OK\n");
return 0;
}
--
--
Antonio Ruiz Martnez
Facultad de Informtica-Universidad de Murcia
30001 Murcia - Espaa (Spain)
Telf: +34-968-364644 e-mail: [EMAIL PROTECTED]
--
Question about ASN.1
Hello! I'm confused, when must I use the structure ASN1_TYPE and when must I use the structure ASN1_OBJECT? Thanks for yours answers, regards, Antonio. -- -- Antonio Ruiz Martnez Facultad de Informtica-Universidad de Murcia 30001 Murcia - Espaa (Spain) Telf: +34-968-364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SEQUENCE
Hello!
I want to do this code, but I want to do it with the openSSL 0.9.6
because with the
latest snapshot I can't do it. I can't get the static version of the
library for windows.
typedef struct some_struct_st
{
ASN1_PRINTABLESTRING * a;
ASN1_PRINTABLESTRING * b;
} SOME_STRUCT;
ASN1_SEQUENCE(SOME_STRUCT) = {
ASN1_SIMPLE(SOME_STRUCT, a, ASN1_PRINTABLESTRING),
ASN1_SIMPLE(SOME_STRUCT, b, ASN1_PRINTABLESTRING)
} ASN1_SEQUENCE_END(SOME_STRUCT);
IMPLEMENT_ASN1_FUNCTIONS(SOME_STRUCT)
Thanks a lot,
Regards
Antonio.
--
--
Antonio Ruiz Martnez
Facultad de Informtica-Universidad de Murcia
30001 Murcia - Espaa (Spain)
Telf: +34-968-364644 e-mail: [EMAIL PROTECTED]
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Install the latest snapshot
Hello! I have got a problem when I'm trying to install the latest snapshot. The error says that it can't find the "unistd.h". I'm using windows. What is the problem? -- -- Antonio Ruiz Martnez Facultad de Informtica-Universidad de Murcia 30001 Murcia - Espaa (Spain) Telf: +34-968-364644 e-mail: [EMAIL PROTECTED] -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ASN.1 INTEGER
Hello!
I'm a problem with ASN.1. Can anybody help me?
I've got a code that it creates an integer encoded
in DER but I can't decode well the object.
Where's the problem?
My code is:
ASN1_INTEGER *version=NULL;
unsigned char *der=NULL;
version=ASN1_INTEGER_new();
ASN1_INTEGER_set(version,1243);
long pp=ASN1_INTEGER_get(version);
printf("Integer: %d\n",pp);
int londer=i2d_ASN1_INTEGER(version,NULL);
der=(unsigned char *)OPENSSL_malloc(londer);
londer= i2d_ASN1_INTEGER(version,der);
ASN1_INTEGER *version2=NULL;
version2=d2i_ASN1_INTEGER(NULL,der,londer);
pp=ASN1_INTEGER_get(version2);
printf("Integer: %d\n",pp);
This last printf says that the Integer is 0 but the
integer is 1234.
Why?
--
-
Antonio Ruiz Martnez
Facultad de Informtica-Universidad de Murcia
30001 Murcia - Espaa (Spain)
Telf: +34-968-364644
-
ASN.1 example
Hi all!
I'm novice with OpenSSL and I want make a ASN.1 structure, for
example:
SEQUENCE {
a PrintableString,
b PrintableString,
};
After, I want to get the DER encoding of this sequence
Has anybody any example, please?
I need an example for see how do it.
Thanks in advance.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
