Error cross-compiling openssl 1.X on mingw-w64
Hello to all. I'm using mingw-w64 (targeting win32) to cross compile openssl. I'm using a current snapshot of mingw-w64 (gcc-4.7.0) and openssl-1.0.1 (but I had the same error with 1.0.0) and tried in two different machines, one with ubuntu 11.04 32-bit and another with kubuntu 11.10 64-bit. The error is the same. The Configure parameters I'm using is: --prefix=$BUILD_PATH no-shared threads mingw32:gcc --cross-compile-prefix=i686-w64-mingw32- I also tried to use mingw64:gcc but I had the same results. The error happens in ocsp.h:157 and I couldn't understand why it happens. Maybe some obscure #macro... The (tentative of) compilation output can be found in: http://pastebin.com/UVstPwQZ Thanks in advance -- Atenciosamente, Leandro __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Error cross-compiling openssl 1.X on mingw-w64
Hello to all. I'm using mingw-w64 (targeting win32) to cross compile openssl. I'm using a current snapshot of mingw-w64 (gcc-4.7.0) and openssl-1.0.1 (but I had the same error with 1.0.0) and tried in two different machines, one with ubuntu 11.04 32-bit and another with kubuntu 11.10 64-bit. The error is the same. The Configure parameters I'm using is: --prefix=$BUILD_PATH no-shared threads mingw32:gcc --cross-compile-prefix=i686-w64-mingw32- I also tried to use mingw64:gcc but I had the same results. The error happens in ocsp.h:157 and I couldn't understand why it happens. Maybe some obscure #macro... The (tentative of) compilation output can be found in: http://pastebin.com/UVstPwQZ Thanks in advance -- Atenciosamente, Leandro __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How can I load a PEM key stored in a string instead from a file?
Thanks to all. I've resolved my first problem, load the PEM from a string. I've used BIO_new_mem_buf() and PEM_read_bio_PrivateKey(). But now I've seen that it works well with PEM keys, and now I'm trying to use a DER key, again from a string. Is there something like DER_read_bio_PrivateKey()? 2010/10/27 Dr. Stephen Henson st...@openssl.org: On Wed, Oct 27, 2010, Leandro Santiago wrote: Ok. I've found the implementation of that function: EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) { BIO *b; EVP_PKEY *ret; if ((b=BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); ret=PEM_read_bio_PrivateKey(b,x,cb,u); BIO_free(b); return(ret); } So if I need to implement a function which opens a char string as a key I need to write something as the code above, but changing the functions BIO_s_file() and BIO_set_fp(b,fp,BIO_NOCLOSE) to something which load from that string instead from a FILE*? ps: yes, I'm very noob on openssl. OpenSSL is amazing, but it's very hard to beginners. thx As others have indicated you can use PEM_read_bio_PrivateKey() instead as this can be passed a BIO which is an OpenSSL I/O abstraction. You can create a BIO from a character string using BIO_new_mem_buf(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How can I load a PEM key stored in a string instead from a file?
Thank you very much! I've used d2i_PrivateKey_bio() with the BIO I get from the key buffer. 2010/10/29 Erik Tkal et...@juniper.net: How about using the d2i_ functions? Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Leandro Santiago Sent: Friday, October 29, 2010 7:26 AM To: openssl-users@openssl.org Subject: Re: How can I load a PEM key stored in a string instead from a file? Thanks to all. I've resolved my first problem, load the PEM from a string. I've used BIO_new_mem_buf() and PEM_read_bio_PrivateKey(). But now I've seen that it works well with PEM keys, and now I'm trying to use a DER key, again from a string. Is there something like DER_read_bio_PrivateKey()? 2010/10/27 Dr. Stephen Henson st...@openssl.org: On Wed, Oct 27, 2010, Leandro Santiago wrote: Ok. I've found the implementation of that function: EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) { BIO *b; EVP_PKEY *ret; if ((b=BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); ret=PEM_read_bio_PrivateKey(b,x,cb,u); BIO_free(b); return(ret); } So if I need to implement a function which opens a char string as a key I need to write something as the code above, but changing the functions BIO_s_file() and BIO_set_fp(b,fp,BIO_NOCLOSE) to something which load from that string instead from a FILE*? ps: yes, I'm very noob on openssl. OpenSSL is amazing, but it's very hard to beginners. thx As others have indicated you can use PEM_read_bio_PrivateKey() instead as this can be passed a BIO which is an OpenSSL I/O abstraction. You can create a BIO from a character string using BIO_new_mem_buf(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
How can I load a PEM key stored in a string instead from a file?
Hello to all. I'm using the openssl api in a C application. Currently to load a private key (generated by openssl command), I do: _privKeyFile = fopen(filename, rt); _privKey = PEM_read_PrivateKey(_privKeyFile, NULL, NULL, NULL); _rsa = EVP_PKEY_get1_RSA(_privKey); The _rsa is the object I need to decrypt my data. But now I need do keep the private key in a database, and not in files anymore. In database I store these keys in a common plain text format and I can't use the filesystem. So imagine I have key as char[]. How can I get a EVP_PKEY object from a key that is a string? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How can I load a PEM key stored in a string instead from a file?
Sorry. I don't understand everything. Do you have any code example? I've tried to read the source code of these functions, but PEM_read_PrivateKey is a macro (and I hate read big macros) :-( 2010/10/26 Wim Lewis w...@omnigroup.com: PEM_read_PrivateKey() is a wrapper around PEM_ASN1_read() (which reads an arbitrary ASN.1 object from a PEM-encoded blob) and d2i_PrivateKey() (which knows how to read a private key blob specifically). PEM_ASN1_read() simply creates a BIO from the FILE* that you give it, and calls PEM_ASN1_read_bio(). If you want, you can instead create a BIO from your string using something like BIO_new_mem_buf() and call PEM_ASN1_read_bio() yourself. (A BIO is an openssl object that's like a more general-purpose FILE*.) BTW, if your keys are stored in a database, there's probably no need for them to be PEM-encoded; you can save a bit of space and time by storing them in DER format and calling d2i_PrivateKey() directly. (PEM format is more or less just base64-encoded DER.) There's a FAQ entry on this: http://www.openssl.org/support/faq.html#PROG3 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
IRC channel to live conversations?
Hello to all. I'm new in the list, so I could see there isn't any irc channel where users can talk to. Are there any oficial or even extra-oficial irc channel to openssl users? regards. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Basics concepts about openssl+rsa
Hello again. I'm reading these documents and I've seen that the IO struct for these is the BIO struct. My idea is do something like following (I've generated rsa_public.key with genrsa): $ openssl rsautl -encrypt -in legible_file -pubin -inkey rsa_public.key -out encrypted_file But in my program legible_file and encrypted_file are char[] strings. I'm looking at the EVP_PKEY_encrypt, but the EVP_PKEY_CTX type seems don't exist (I'm using openssl 0.9.8). I'm seeing some tutorials about openssl, but they are quite old (ten years is much time :-)). Are there more updated tutorials in the Internet? I've really liked openssl, but I don't know where to start. Is there a irc channel where users can talk? Regards 2010/8/17 Leandro Santiago leandrosansi...@gmail.com: Thx. I'll read these documents. In my system the keys aren't generated in instalation-time, but I have both the keys, private and public pre-generated. Actually in my system the password based encrypt system works fine, and it's part of a larger subsystem. So the rsa idea has sounded good for me :-) Regards 2010/8/17 Wim Lewis w...@omnigroup.com: On Aug 17, 2010, at 3:19 PM, Wim Lewis wrote: But for any real-world application, you'll want to do the standard business of generating a session key, encrypting the message using conventional symmetric encryption, and encrypting the session key with the public key. Since that's a lot of hassle and it's very easy to write something that works but isn't secure, it's probably a good idea to just adopt one of the higher level cryptographic containers such as CMS: http://www.openssl.org/docs/crypto/CMS_encrypt.html even though this does mean you start having to deal with all the X.509 crud. Ah, I forgot about http://www.openssl.org/docs/crypto/EVP_SealInit.html and friends, maybe that would be an easier approach. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Basics concepts about openssl+rsa
Hello to all. I'm really new in openssl. In my application I will use openssl to encrpypt some password strings using rsa. I've generated the pair of keys with openssl command line and now I want to use this pair to crypt and encrypt these strings. It's really a basic doubt: How can I parse a file with the public key to a struct which I can use to encrypt the string. Maybe just a simple_example.c... :-) And also an example about decrypt using the private key, of course :-) I'm reading this page: http://www.openssl.org/docs/crypto/rsa.html but manuals aren't good to a beginner :-) Thx and sorry for my bad English :-) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Basics concepts about openssl+rsa
Thx. I'll read these documents. In my system the keys aren't generated in instalation-time, but I have both the keys, private and public pre-generated. Actually in my system the password based encrypt system works fine, and it's part of a larger subsystem. So the rsa idea has sounded good for me :-) Regards 2010/8/17 Wim Lewis w...@omnigroup.com: On Aug 17, 2010, at 3:19 PM, Wim Lewis wrote: But for any real-world application, you'll want to do the standard business of generating a session key, encrypting the message using conventional symmetric encryption, and encrypting the session key with the public key. Since that's a lot of hassle and it's very easy to write something that works but isn't secure, it's probably a good idea to just adopt one of the higher level cryptographic containers such as CMS: http://www.openssl.org/docs/crypto/CMS_encrypt.html even though this does mean you start having to deal with all the X.509 crud. Ah, I forgot about http://www.openssl.org/docs/crypto/EVP_SealInit.html and friends, maybe that would be an easier approach. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org