Re: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length
Yup, using the correct function helps :-) Thanks! - Reply message - From: Dr. Stephen Henson st...@openssl.org To: openssl-users@openssl.org Subject: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length Date: Wed, Aug 29, 2012 1:37 am On Tue, Aug 28, 2012, la...@angry-red-pla.net wrote: Hi all I created a shared key based on a DH exchange and want to use that key with a symmetric encryption algorithm. This key has a length of 16 Bytes (128 bit). Here is what I do to initialize AES: char *key,*iv; // DH exchange which ends with a 16B value in key RAND_pseudo_bytes(iv,16); EVP_EncryptInit(enc_ctx,EVP_aes_128_cbc(),NULL,NULL); EVP_CIPHER_CTX_set_key_length(enc_ctx,16); EVP_EncryptInit(enc_ctx,NULL,skey,iv); None of the functions seems to generate an error. I checked that by calling ERR_print_errors_fp. However when I check the key length printf(key len: %d\n,EVP_CIPHER_key_length(enc_ctx)); It returns 1. Shouldn't it return 16? I guess I make a mistake when setting the key, but where? The cipher EVP_aes_128_cbc() has a fixed key length so there is no need to set it, though it is harmless to do so. The function EVP_CIPHER_key_length works on an EVP_CIPHER structure not an EVP_CIPHER_CTX. You need to call EVP_CIPHER_CTX_key_length instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DH exchange socket BIOs
Yeah size is the same on both sides :( - Reply message - From: Michel msa...@paybox.com To: openssl-users@openssl.org Subject: DH exchange socket BIOs Date: Fri, Aug 24, 2012 5:47 pm Hi Carolin, It is just about half the length of the ... [very] Quick response : Hex value is twice the lengh of binary data : Have you checked the value of 'size' arg ? Not sure this helps ... Le 24/08/2012 16:38, Carolin Latze a écrit : (sorry if this mail arrives twice. I send it first without being subscribed to this list by accident) Hi all I try to implement a DH exchange using socket BIOs. Here is what I do: On the server - I initialize a DH structure with DH_new - I generate the parameters using DH_generate_parameters(prime_len,g,NULL,NULL) with prime_len=512 - I generate the keys using DH_generate_key(dh) Now I need to send p,g, and the server's public key to the client. In order to do that I convert each of those three values to hex. This is the example for p: int size = DH_size(dh); char* prime = (char*) malloc(size*sizeof(char)); memset(prime,0,size*sizeof(char)); prime = BN_bn2hex(dh-p); afterwards I open a socket BIO that allows a client to connect: bio = BIO_new_accept(port); Now, when a client connects, I write those three values to the BIO. Example for p: BIO_do_accept(bio); cbio = BIO_pop(bio); BIO_write(cbio,prime,size); Ok, lets move the client. The client connects successfully to the server and reads the three values from the BIO: prime = (char*)malloc(size*sizeof(char)); memset(prime,0,size*sizeof(char)); BIO_read(bio,prime,size); If I print out prime on the client using printf I see that this is exactly the stream of bytes that have been sent by the server. But if I write this value back into a DH structure it changes: DH *dh = DH_new(); BN_hex2bn((dh-p),prime); If I check the value now with BN_print, it is a shorter value! It is just about half the length of the original p and I have no idea why. What is it that I miss here? Any hints would be appreciated Regards Carolin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DH exchange socket BIOs
Uh maybe this is the point: how do you init the size of a dh struct correctly? I just set it like size=64 - Reply message - From: Michel msa...@paybox.com To: openssl-users@openssl.org Subject: DH exchange socket BIOs Date: Fri, Aug 24, 2012 5:47 pm Hi Carolin, It is just about half the length of the ... [very] Quick response : Hex value is twice the lengh of binary data : Have you checked the value of 'size' arg ? Not sure this helps ... Le 24/08/2012 16:38, Carolin Latze a écrit : (sorry if this mail arrives twice. I send it first without being subscribed to this list by accident) Hi all I try to implement a DH exchange using socket BIOs. Here is what I do: On the server - I initialize a DH structure with DH_new - I generate the parameters using DH_generate_parameters(prime_len,g,NULL,NULL) with prime_len=512 - I generate the keys using DH_generate_key(dh) Now I need to send p,g, and the server's public key to the client. In order to do that I convert each of those three values to hex. This is the example for p: int size = DH_size(dh); char* prime = (char*) malloc(size*sizeof(char)); memset(prime,0,size*sizeof(char)); prime = BN_bn2hex(dh-p); afterwards I open a socket BIO that allows a client to connect: bio = BIO_new_accept(port); Now, when a client connects, I write those three values to the BIO. Example for p: BIO_do_accept(bio); cbio = BIO_pop(bio); BIO_write(cbio,prime,size); Ok, lets move the client. The client connects successfully to the server and reads the three values from the BIO: prime = (char*)malloc(size*sizeof(char)); memset(prime,0,size*sizeof(char)); BIO_read(bio,prime,size); If I print out prime on the client using printf I see that this is exactly the stream of bytes that have been sent by the server. But if I write this value back into a DH structure it changes: DH *dh = DH_new(); BN_hex2bn((dh-p),prime); If I check the value now with BN_print, it is a shorter value! It is just about half the length of the original p and I have no idea why. What is it that I miss here? Any hints would be appreciated Regards Carolin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
make error message
I'm running Redhat 6.2 on an i486 as a NAT server. Due to the bug in SSL, I was trying to upgrade my ssl package. I run ./config (it is configured to run linux-elf) Then I run make this is the error: cryptlib.c:105: #error Inconsistency between crypto.h and cryptlib.c make[1]: *** [cryptlib.o] Error 1 make[1]: Leaving directory `/root/patches/openssl-0.9.6e/crypto' make: *** [sub_all] Error 1 I've combed google groups and have found a few errors like mine, most on bsd platforms I've checked openssl.org and haven't found anything I'm desperate! Any help? (I apologize if it is considered bad to email both of the addy's that I did. In the install file, it said to report bugs to the openssl-bugs one) Matt __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
To: Francesco Dal Bello Re: R: need help
thanks for help but nothing is still change now errors are: what can I do now? cl /Fotmp32\hw_aep.obj -Iinc32 -Itmp32 /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs 0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fdout32 -c .\crypto\engine\hw_aep.c hw_aep.c C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(691) : error C2220: warning treated a s error - no object file generated C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(691) : warning C4273: 'unlink' : inco nsistent dll linkage. dllexport assumed. C:\PROGRA~1\MICROS~4\VC98\INCLUDE\stdlib.h(353) : error C2375: '_exit' : redefin ition; different linkage C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(491) : see declaration of '_e xit' C:\PROGRA~1\MICROS~4\VC98\INCLUDE\stdlib.h(367) : warning C4028: formal paramete r 1 different from declaration C:\PROGRA~1\MICROS~4\VC98\INCLUDE\stdlib.h(385) : warning C4028: formal paramete r 1 different from declaration C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(175) : warning C4028: formal parameter 1 different from declaration C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(176) : warning C4028: formal parameter 1 different from declaration C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(176) : warning C4028: formal parameter 2 different from declaration C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(181) : warning C4028: formal parameter 1 different from declaration C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(225) : error C2375: 'access' : redefiniti on; different linkage C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(248) : see declaration of 'ac cess' C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(228) : error C2375: 'close' : redefinitio n; different linkage C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(296) : see declaration of 'cl ose' C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(230) : error C2375: 'dup' : redefinition; different linkage C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(437) : see declaration of 'du p' C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(231) : error C2375: 'dup2' : redefinition ; different linkage C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(440) : see declaration of 'du p2' C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(234) : error C2375: 'isatty' : redefiniti on; different linkage C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(668) : see declaration of 'is atty' C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(236) : error C2375: 'lseek' : redefinitio n; different linkage C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(279) : see declaration of 'ls eek' C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(239) : error C2375: 'read' : redefinition ; different linkage C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(301) : see declaration of 're ad' C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(244) : warning C4028: formal parameter 1 different from declaration C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(244) : warning C4273: 'unlink' : inconsis tent dll linkage. dllexport assumed. C:\PROGRA~1\MICROS~4\VC98\INCLUDE\io.h(245) : error C2375: 'write' : redefinitio n; different linkage C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(305) : see declaration of 'wr ite' inc32\openssl/e_os.h(198) : warning C4005: 'ssize_t' : macro redefinition C:\PROGRA~1\MICROS~4\VC98\INCLUDE\unistd.h(194) : see previous definitio n of 'ssize_t' .\crypto\engine\hw_aep.c(192) : error C2061: syntax error : identifier 'recorded _pid' .\crypto\engine\hw_aep.c(192) : error C2059: syntax error : ';' .\crypto\engine\hw_aep.c(192) : error C2513: '/*global*/ ' : no variable declare d before '=' .\crypto\engine\hw_aep.c(468) : warning C4018: '=' : signed/unsigned mismatch .\crypto\engine\hw_aep.c(623) : error C2065: 'pid_t' : undeclared identifier .\crypto\engine\hw_aep.c(623) : error C2146: syntax error : missing ';' before i dentifier 'curr_pid' .\crypto\engine\hw_aep.c(623) : error C2065: 'curr_pid' : undeclared identifier .\crypto\engine\hw_aep.c(631) : error C2065: 'recorded_pid' : undeclared identif ier NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. At 13.07 05/04/2002 +0200, you wrote: I have install activeperl with default setting. Try nmake -f ms\nt.mak -Messaggio originale- Da: Alberto T Isais [mailto:[EMAIL PROTECTED]] Inviato: sabato 6 aprile 2002 0.59 A: [EMAIL PROTECTED] Oggetto: need help Thank you Sir Francesco for helping me. i did that and now i have new errors. Can you still help me with this one? My system is windows 2000 OS SP1, Windows 2000 DDK, ActivePerl-5.6.1.631-MSWin32-x86, and MSVC++ 6. By the way, how did you install activepearl? C:\opensslnmake -f ms\ntdll.mak Microsoft (R) Program Maintenance Utility Version 6.00.8168.0 Copyright (C) Microsoft Corp 1988-1998. All rights reserved. Building OpenSSL copy nul+ .\crypto\buildinf.h tmp32dll\buildinf.h nul .\crypto\buildinf.h 1 file(s) copied. copy nul+ .\crypto\opensslconf.h inc32\openssl\opensslconf.h nul .\crypto\opensslconf.h 1 file(s) copied. cl
Please help on stupid compile on VC++
Hi, i try to link with nmake utility under prompt openssl with a mixture library that I took in part from Linux 2.4 because I hadn't them on my system and other library were standard of Visual C++ 6.0 like stdlib.h. At finish i take these errors. what do you suggest? I should try also with Linux stdlib.h? Best regards and thanks in advance Marco Puccio this is result: Microsoft (R) Program Maintenance Utility Version 6.00.8168.0 Copyright (C) Microsoft Corp 1988-1998. All rights reserved. Building OpenSSL cl /Fotmp32dll\hw_aep.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /O b2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fd out32dll /GD -D_WINDLL -D_DLL -c .\crypto\engine\hw_aep.c hw_aep.c .\crypto\engine\hw_aep.c(61) : error C2014: preprocessor command must start as f irst nonwhite space C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(100) : error C2059: s yntax error : 'type' C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(366) : error C2143: s yntax error : missing '{' before '__cdecl' C:\Programmi\Microsoft Visual Studio\VC98\include\stdlib.h(440) : error C2143: s yntax error : missing '{' before '__cdecl' .\crypto\engine\hw_aep.c(192) : error C2061: syntax error : identifier 'recorded _pid' .\crypto\engine\hw_aep.c(192) : error C2059: syntax error : ';' .\crypto\engine\hw_aep.c(192) : error C2513: '/*global*/ ' : no variable declare d before '=' .\crypto\engine\hw_aep.c(468) : warning C4018: '=' : signed/unsigned mismatch .\crypto\engine\hw_aep.c(623) : error C2065: 'pid_t' : undeclared identifier .\crypto\engine\hw_aep.c(623) : error C2146: syntax error : missing ';' before i dentifier 'curr_pid' .\crypto\engine\hw_aep.c(623) : error C2065: 'curr_pid' : undeclared identifier .\crypto\engine\hw_aep.c(627) : warning C4013: 'getpid' undefined; assuming exte rn returning int .\crypto\engine\hw_aep.c(631) : error C2065: 'recorded_pid' : undeclared identif ier NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
No Subject
I am very new to apache. With that said. I have set up a test key with Verisign and it works fine with all browsers except Internet Explorer 5 for Macintosh, with i.e for mac I get a Security Failure. Data Decryption error: any ideas Deke __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]