Openssl Libraries ssleay32.lib and libeay32.lib for Microsoft code signing.
Hi, I am working with an application that uses OpenSSL version 1.0.2h, Where application need to be certified and code signing by Microsoft Secure boot compatibility(UEFI). These openssl libraries ssleay32.lib and libeay32.lib also need to be certified. Can we send these openssl libraries for certification to Microsoft directly? or Do we have any Openssl binaries which are certified and code signed by Microsoft?. Thanks Suresh kotte -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Re: Core occurred while executing SSL_library_init() and call back method locking_function()
Gayathri the core and the binary file are attached with the message.
Please let me know if you get any idea.
If you aware how the call back mechanism works. Please share the same.
Thanks in advance.
Gayathri Sundar-3 wrote:
Can u share the parsed core file?
On Wednesday, May 11, 2011, Mani Suresh suresh84...@gmail.com wrote:
While executing the below code its coring randomly in two cases,
1) While executing the method SSL_library_init() in the constructor.
2) Coring while executing the call back method locking_function().
We are not sure, now the call back method is calling after it is set to
NULL
Ex : CRYPTO_set_locking_callback(NULL)
Here, after we set to NULL its calling the call back method.
We want to make sure it should not be called after setting to NULL.
It will be great if someone explain me in detail, how the call back
mechanism works internally.
Code:
-
pthread_mutex_t *SslBIO::_lnSslBioMutex=NULL;
void SslBIO::locking_function(int mode, int type, const char * file, int
line)
{
int rstat;
if (mode CRYPTO_LOCK)
{
fprintf(stderr, \nDEBUG: Locking the Mutex _lnSslBioMutex[%d] Mode =
%d
File :%s Line No : %d\n,type,mode,file,line);
rstat = pthread_mutex_lock((SslBIO::_lnSslBioMutex[type]));
lnChkMutex(rstat, FL);
}
else
{
fprintf(stderr, \nDEBUG: UnLocking the Mutex _lnSslBioMutex[%d] Mode
=
%d File :%s Line No : %d\n,type,mode,file,line);
rstat = pthread_mutex_unlock((SslBIO::_lnSslBioMutex[type]));
lnChkMutex(rstat, FL);
}
}
unsigned long SslBIO::id_function()
{
unsigned long ulThreadId = (unsigned long)pthread_self();
fprintf(stderr, \nDEBUG: Thread ID = %d\n,ulThreadId);
return (ulThreadId);
}
int SslBIO::init(const char * initarg)
{
int i;
_lnSslBioMutex = (pthread_mutex_t *)
OPENSSL_malloc(CRYPTO_num_locks() *
sizeof(pthread_mutex_t));
if (!_lnSslBioMutex)
return 0;
fprintf(stderr, \nDEBUG: Number of Locks(CRYPTO_NUM_LOCKS) = %d
\n,CRYPTO_num_locks());
for(i=0;iCRYPTO_num_locks();i++)
{
fprintf(stderr, \nDEBUG: Initialize the Mutex
_lnSslBioMutex[%d]\n,i);
int rstat = pthread_mutex_init((_lnSslBioMutex[i]),
pthread_mutexattr_default);
lnChkMutex(rstat, FL);
}
CRYPTO_set_id_callback(SslBIO::id_function);
CRYPTO_set_locking_callback(SslBIO::locking_function);
return 0;
}
int SslBIO::terminate()
{
int i = 0;
int rstat;
if (!_lnSslBioMutex)
{
return 0;
}
CRYPTO_set_id_callback(NULL);
CRYPTO_set_locking_callback(NULL);
for(i=0;iCRYPTO_num_locks();i++)
{
fprintf(stderr, \nDEBUG: Cleanup the Mutex _lnSslBioMutex[%d]\n,i);
rstat = pthread_mutex_destroy((_lnSslBioMutex[i]));
lnChkMutex(rstat, FL);
}
OPENSSL_free(_lnSslBioMutex);
_lnSslBioMutex = NULL;
}
SslBIO::SslBIO(const char *host,
const int port, const int timeout,
int retCode, int blockingConnect)
{
_debug = 0;
_lnreqctx = 0;
_type = SslBIO::CALLER;
_totSent = 0;
_totReceived = 0;
_errBuf[0] = '\0';
if(host!=NULL)
strcpy(_hostName,(char *)host);
_portNum = port;
retCode = FAIL;
/* Set up the library */
SSL_library_init();
ERR_load_BIO_strings();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
_sslctx = SSL_CTX_new(SSLv23_client_method());
if(_sslctx == 0)
{
fprintf(stderr, failed SslBIO::SslBIO. SslBIO not initialized.
_sslctx=0\n);
return;
}
_bio = BIO_new_ssl_connect(_sslctx);
BIO_get_ssl(_bio, _ssl);
SSL_set_mode(_ssl, SSL_MODE_AUTO_RETRY);
/* Create and setup the connection */
BIO_set_conn_hostname(_bio, _hostName); //
cdc13-www.lexisnexis.com:https);
BIO_set_conn_int_port(_bio, _portNum); // 443);
if(BIO_do_connect(_bio) = 0)
{
fprintf(stderr, Error attempting to connect
[%s[%d]]\n,_hostName,_portNum);
ERR_print_errors_fp(stderr);
BIO_free_all(_bio);
_bio = NULL; //Nullify the _bio member object after deallocating
return;
}
else
{
fprintf(stderr, SslBIO: connected[%s[%d]]\n,_hostName,_portNum);
}
/* Check the certificate */
if(SSL_get_verify_result(_ssl) != X509_V_OK)
{
fprintf(stderr, Certificate verification error: %i\n,
SSL_get_verify_result(_ssl));
}
_timeout = timeout;
retCode = OK;
}
SslBIO::~SslBIO() {
/* Close the connection and free the context */
if (_bio != 0)
{
BIO_free_all(_bio);
_bio=NULL; // bulletproof for webstar 3019980
}
if (_sslctx != 0)
{
fprintf(stderr, Freeing SslBIO::_sslctx\n);
SSL_CTX_free(_sslctx);
_sslctx=NULL; // bulletproof for webstar 3019980
}
}
int SslBIO::read(char *buf, int len, int currRead)
{
int retCode;
if (buf == LN_NULL)
{
return(FAIL);
}
printf(DEBUG: Before Read \n);
currRead = BIO_read(_bio, buf, len);
printf(DEBUG
Core occurred while executing SSL_library_init() and call back method locking_function()
While executing the below code its coring randomly in two cases,
1) While executing the method SSL_library_init() in the constructor.
2) Coring while executing the call back method locking_function().
We are not sure, now the call back method is calling after it is set to NULL
Ex : CRYPTO_set_locking_callback(NULL)
Here, after we set to NULL its calling the call back method.
We want to make sure it should not be called after setting to NULL.
It will be great if someone explain me in detail, how the call back
mechanism works internally.
Code:
-
pthread_mutex_t *SslBIO::_lnSslBioMutex=NULL;
void SslBIO::locking_function(int mode, int type, const char * file, int
line)
{
int rstat;
if (mode CRYPTO_LOCK)
{
fprintf(stderr, \nDEBUG: Locking the Mutex _lnSslBioMutex[%d] Mode = %d
File :%s Line No : %d\n,type,mode,file,line);
rstat = pthread_mutex_lock((SslBIO::_lnSslBioMutex[type]));
lnChkMutex(rstat, FL);
}
else
{
fprintf(stderr, \nDEBUG: UnLocking the Mutex _lnSslBioMutex[%d] Mode =
%d File :%s Line No : %d\n,type,mode,file,line);
rstat = pthread_mutex_unlock((SslBIO::_lnSslBioMutex[type]));
lnChkMutex(rstat, FL);
}
}
unsigned long SslBIO::id_function()
{
unsigned long ulThreadId = (unsigned long)pthread_self();
fprintf(stderr, \nDEBUG: Thread ID = %d\n,ulThreadId);
return (ulThreadId);
}
int SslBIO::init(const char * initarg)
{
int i;
_lnSslBioMutex = (pthread_mutex_t *) OPENSSL_malloc(CRYPTO_num_locks() *
sizeof(pthread_mutex_t));
if (!_lnSslBioMutex)
return 0;
fprintf(stderr, \nDEBUG: Number of Locks(CRYPTO_NUM_LOCKS) = %d
\n,CRYPTO_num_locks());
for(i=0;iCRYPTO_num_locks();i++)
{
fprintf(stderr, \nDEBUG: Initialize the Mutex
_lnSslBioMutex[%d]\n,i);
int rstat = pthread_mutex_init((_lnSslBioMutex[i]),
pthread_mutexattr_default);
lnChkMutex(rstat, FL);
}
CRYPTO_set_id_callback(SslBIO::id_function);
CRYPTO_set_locking_callback(SslBIO::locking_function);
return 0;
}
int SslBIO::terminate()
{
int i = 0;
int rstat;
if (!_lnSslBioMutex)
{
return 0;
}
CRYPTO_set_id_callback(NULL);
CRYPTO_set_locking_callback(NULL);
for(i=0;iCRYPTO_num_locks();i++)
{
fprintf(stderr, \nDEBUG: Cleanup the Mutex _lnSslBioMutex[%d]\n,i);
rstat = pthread_mutex_destroy((_lnSslBioMutex[i]));
lnChkMutex(rstat, FL);
}
OPENSSL_free(_lnSslBioMutex);
_lnSslBioMutex = NULL;
}
SslBIO::SslBIO(const char *host,
const int port, const int timeout,
int retCode, int blockingConnect)
{
_debug = 0;
_lnreqctx = 0;
_type = SslBIO::CALLER;
_totSent = 0;
_totReceived = 0;
_errBuf[0] = '\0';
if(host!=NULL)
strcpy(_hostName,(char *)host);
_portNum = port;
retCode = FAIL;
/* Set up the library */
SSL_library_init();
ERR_load_BIO_strings();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
_sslctx = SSL_CTX_new(SSLv23_client_method());
if(_sslctx == 0)
{
fprintf(stderr, failed SslBIO::SslBIO. SslBIO not initialized.
_sslctx=0\n);
return;
}
_bio = BIO_new_ssl_connect(_sslctx);
BIO_get_ssl(_bio, _ssl);
SSL_set_mode(_ssl, SSL_MODE_AUTO_RETRY);
/* Create and setup the connection */
BIO_set_conn_hostname(_bio, _hostName); //
cdc13-www.lexisnexis.com:https);
BIO_set_conn_int_port(_bio, _portNum); // 443);
if(BIO_do_connect(_bio) = 0)
{
fprintf(stderr, Error attempting to connect
[%s[%d]]\n,_hostName,_portNum);
ERR_print_errors_fp(stderr);
BIO_free_all(_bio);
_bio = NULL; //Nullify the _bio member object after deallocating
return;
}
else
{
fprintf(stderr, SslBIO: connected[%s[%d]]\n,_hostName,_portNum);
}
/* Check the certificate */
if(SSL_get_verify_result(_ssl) != X509_V_OK)
{
fprintf(stderr, Certificate verification error: %i\n,
SSL_get_verify_result(_ssl));
}
_timeout = timeout;
retCode = OK;
}
SslBIO::~SslBIO() {
/* Close the connection and free the context */
if (_bio != 0)
{
BIO_free_all(_bio);
_bio=NULL; // bulletproof for webstar 3019980
}
if (_sslctx != 0)
{
fprintf(stderr, Freeing SslBIO::_sslctx\n);
SSL_CTX_free(_sslctx);
_sslctx=NULL; // bulletproof for webstar 3019980
}
}
int SslBIO::read(char *buf, int len, int currRead)
{
int retCode;
if (buf == LN_NULL)
{
return(FAIL);
}
printf(DEBUG: Before Read \n);
currRead = BIO_read(_bio, buf, len);
printf(DEBUG: After Read currRead = %d Buf = %s Length =
%d\n,currRead,buf,len);
if (currRead = 0)
{
buf[currRead] = 0;
if (_debug)
{
ostrstream strm;
strm Out of SslBIO::read currRead =currRead endl;
strm ends;
delete strm.str();
}
}
else
buf[0] = 0;
return(OK);
}
int SslBIO::write(const char *buf, const int len)
{
int written;
int totLen;
if (len 0)
{
return(FAIL);
}
Core occurred while executing SSL_library_init() and call back method locking_function()
While executing the below code its coring randomly in two cases,
1) While executing the method SSL_library_init() in the constructor.
2) Coring while executing the call back method locking_function().
We are not sure, now the call back method is calling after it is set to NULL
Ex : CRYPTO_set_locking_callback(NULL)
Here, after we set to NULL its calling the call back method.
We want to make sure it should not be called after setting to NULL.
It will be great if someone explain me in detail, how the call back
mechanism works internally.
Code:
-
pthread_mutex_t *SslBIO::_lnSslBioMutex=NULL;
void SslBIO::locking_function(int mode, int type, const char * file, int
line)
{
int rstat;
if (mode CRYPTO_LOCK)
{
fprintf(stderr, \nDEBUG: Locking the Mutex _lnSslBioMutex[%d] Mode = %d
File :%s Line No : %d\n,type,mode,file,line);
rstat = pthread_mutex_lock((SslBIO::_lnSslBioMutex[type]));
lnChkMutex(rstat, FL);
}
else
{
fprintf(stderr, \nDEBUG: UnLocking the Mutex _lnSslBioMutex[%d] Mode =
%d File :%s Line No : %d\n,type,mode,file,line);
rstat = pthread_mutex_unlock((SslBIO::_lnSslBioMutex[type]));
lnChkMutex(rstat, FL);
}
}
unsigned long SslBIO::id_function()
{
unsigned long ulThreadId = (unsigned long)pthread_self();
fprintf(stderr, \nDEBUG: Thread ID = %d\n,ulThreadId);
return (ulThreadId);
}
int SslBIO::init(const char * initarg)
{
int i;
_lnSslBioMutex = (pthread_mutex_t *) OPENSSL_malloc(CRYPTO_num_locks() *
sizeof(pthread_mutex_t));
if (!_lnSslBioMutex)
return 0;
fprintf(stderr, \nDEBUG: Number of Locks(CRYPTO_NUM_LOCKS) = %d
\n,CRYPTO_num_locks());
for(i=0;i= 0)
{
buf[currRead] = 0;
if (_debug)
{
ostrstream strm;
strm Out of SslBIO::read currRead =currRead endl;
strm ends;
delete strm.str();
}
}
else
buf[0] = 0;
return(OK);
}
int SslBIO::write(const char *buf, const int len)
{
int written;
int totLen;
if (len 0)
{
return(FAIL);
}
totLen = len;
printf(DEBUG: Before Write\n);
if ((written = BIO_write(_bio, buf, len)) != totLen)
{
return(FAIL);
}
printf(DEBUG: After Write written = %d Buf = %s Length =
%d\n,written,buf,len);
_totSent += totLen;
return(OK);
}
--
View this message in context:
http://old.nabble.com/Core-occurred-while-executing-SSL_library_init%28%29-and-call-back-method-locking_function%28%29-tp31596258p31596258.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
Re: Certificate chaining
Probably I was not clear in my question. When I have several certificates like server cert + key, intermediate and root and want all them to bundle in a single file say, PKCS#12. Is there a specific sequence to bundle them? For example: first option = key + server cert + intermediate + root second option = root + intermediate + server cert + key third option = server cert + key + intermediate + root ... Please throw some light here. Thanks. On Thu, Oct 21, 2010 at 11:11 PM, Suresh suresh.chi...@gmail.com wrote: Thank you for a detailed reply Dave. There is a standard ASN.1 structure, PKCS#7 aka Cryptographic Message Syntax or CMS, which can carry multiple certs and/or CRLs in DER (or PEM-ified single DER, as opposed to PEM concatenation) and is fairly commonly used for that purpose. This makes me understand PKCS#7 or PKCS#12 can take several certificates and key in PEM format into a single file. When packaging server, intermediate and key into a single file is there a sequence to do that ? Also, please correct me if my understanding is correct. Thanks. On Tue, Oct 19, 2010 at 8:40 PM, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of liv2luv Sent: Tuesday, 19 October, 2010 11:26 I am new to SSL and Certificates. I have generated a CSR and certificate for signing. In return I've got three certificates. a. Root CA's certificate b. Intermediate Certificate c. Server certificate After some searching, understand I need to combine them in the sequence as server, intermediate and root certificate. Probably not. For an OpenSSL server, you do need entity + intermediate as below, unless the/each client has the intermediate as trusted (which is sometimes possible). It rarely makes sense to transmit a root in protocol, since the peer must have it already to trust it. After that I converted the PEM format to DER to see the certificate. It is only showing the top certificate (server certificate) in this case. OpenSSL x509 can look at a certificate file in either DER or PEM with exactly the same capabilities. If you mean you had multiple certs (e.g. the chain) in one file in PEM format and did openssl x509 -inform pem -outform der that only converts the first cert found, just like openssl x509 -inform pem -text -noout only displays the first cert. To process with the commandline utility like this you must put each cert in a separate file. As to recombining later, see below. How can the certificate chain be created in a single file? There is no standard format for just putting multiple certs, or anything else, in DER format into a file. In a few places OpenSSL accepts multiple certs in PEM format in a file. SSL_CTX_load_verify_locations (CAfile), used by -CAfile in several utilities, takes certs (and CRLs if used) in PEM format in one file. SSL_CTX_use_certificate_chain_file takes entity cert plus chain (excluding root, which as above is not needed) in PEM format, and thus should be what you need. This concatenated PEM format is not a standard as far as I know, although I believe some others have adopted OpenSSL's method. Remember that PEM format (here) is actually just DER encoded in base64 plus labels; the real data is actually the same. There is a standard ASN.1 structure, PKCS#7 aka Cryptographic Message Syntax or CMS, which can carry multiple certs and/or CRLs in DER (or PEM-ified single DER, as opposed to PEM concatenation) and is fairly commonly used for that purpose. The SSL routines in OpenSSL do not use PKCS#7 directly, although code you write using lower-level libcrypto can, and the commandline utility pkcs7 can display them from which you can capture them into one or more files in PEM format and manipulate further. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Suresh -- Suresh
Re: Certificate chaining
Thank you for a detailed reply Dave. There is a standard ASN.1 structure, PKCS#7 aka Cryptographic Message Syntax or CMS, which can carry multiple certs and/or CRLs in DER (or PEM-ified single DER, as opposed to PEM concatenation) and is fairly commonly used for that purpose. This makes me understand PKCS#7 or PKCS#12 can take several certificates and key in PEM format into a single file. When packaging server, intermediate and key into a single file is there a sequence to do that ? Also, please correct me if my understanding is correct. Thanks. On Tue, Oct 19, 2010 at 8:40 PM, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of liv2luv Sent: Tuesday, 19 October, 2010 11:26 I am new to SSL and Certificates. I have generated a CSR and certificate for signing. In return I've got three certificates. a. Root CA's certificate b. Intermediate Certificate c. Server certificate After some searching, understand I need to combine them in the sequence as server, intermediate and root certificate. Probably not. For an OpenSSL server, you do need entity + intermediate as below, unless the/each client has the intermediate as trusted (which is sometimes possible). It rarely makes sense to transmit a root in protocol, since the peer must have it already to trust it. After that I converted the PEM format to DER to see the certificate. It is only showing the top certificate (server certificate) in this case. OpenSSL x509 can look at a certificate file in either DER or PEM with exactly the same capabilities. If you mean you had multiple certs (e.g. the chain) in one file in PEM format and did openssl x509 -inform pem -outform der that only converts the first cert found, just like openssl x509 -inform pem -text -noout only displays the first cert. To process with the commandline utility like this you must put each cert in a separate file. As to recombining later, see below. How can the certificate chain be created in a single file? There is no standard format for just putting multiple certs, or anything else, in DER format into a file. In a few places OpenSSL accepts multiple certs in PEM format in a file. SSL_CTX_load_verify_locations (CAfile), used by -CAfile in several utilities, takes certs (and CRLs if used) in PEM format in one file. SSL_CTX_use_certificate_chain_file takes entity cert plus chain (excluding root, which as above is not needed) in PEM format, and thus should be what you need. This concatenated PEM format is not a standard as far as I know, although I believe some others have adopted OpenSSL's method. Remember that PEM format (here) is actually just DER encoded in base64 plus labels; the real data is actually the same. There is a standard ASN.1 structure, PKCS#7 aka Cryptographic Message Syntax or CMS, which can carry multiple certs and/or CRLs in DER (or PEM-ified single DER, as opposed to PEM concatenation) and is fairly commonly used for that purpose. The SSL routines in OpenSSL do not use PKCS#7 directly, although code you write using lower-level libcrypto can, and the commandline utility pkcs7 can display them from which you can capture them into one or more files in PEM format and manipulate further. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org -- Suresh __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Error loading CA private key
Hello, I am running the foll. commands for setting up openldap with openssl. And getting the error listed below. Please help. Also I checked out changing openssl.cnf line to private_key = $dir/private/cakey.pem # The private key [EMAIL PROTECTED] misc]# ./CA.pl -newca CA certificate filename (or enter to create) Mail server, CSE [EMAIL PROTECTED] misc]# ls CA.pl CA.sh c_hash c_info c_issuer c_name demoCA [EMAIL PROTECTED] misc]# openssl req -newkey rsa:1024 -nodes -days 365 -keyout newreq.pem -out newreq.pem Generating a 1024 bit RSA private key ...++ .++ writing new private key to 'newreq.pem' - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:Maharashtra Locality Name (eg, city) []:Mumbai Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [EMAIL PROTECTED] misc]# ./CA.pl -sign Using configuration from /usr/local/openssl/openssl.cnf unable to load CA private key 14024:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY Signed certificate is in newcert.pem thanks and regards, Suresh
[no subject]
Hi Please remove from the mailing list K. Suresh K. Suresh HOD, Dept of Computer Science Sri Vasavi Engineering College Tadepalligudem - Looking for last minute shopping deals? Find them fast with Yahoo! Search.
Re: Certificate error
Hi, are you sure that you have replaced the new root.pem on the client side, and put new server CERTIFICATE and new PRIVATE KEY pair on the server side? - Suresh On Sun, 28 May 2006 22:21:22 -0400 Lawrence Rose [EMAIL PROTECTED] wrote: Hi: I setup the four openSSL examples in Viega et al with certs and ran fine until the 30 day certs expired. Now after I cut a new root.pem and sereverCA.pem I cannot pass certificate verification. Where have I gone wrong? I've tried everything these past several days altering the cnf, recutting certs - any help most appreciated! err 19:self signed certificate in certificate chain ** client2.c:69 Error connecting SSL object 1:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894: -- larry Lawrence L. Rose 190 Park Avenue Daytona Development Florham Park, NJ 07932 ATT Labs - Research Tel: 793.360.8606 [EMAIL PROTECTED] Cell: 908.463.3155 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
remove
- Original Message - From: Marco GRELLA [EMAIL PROTECTED] Date: Monday, February 27, 2006 2:29 pm Subject: Problems with OpenSSL Engine and hashing. Hello everybody, I have a problem in making our OpenSSL Engine that drives our HW accelerator work fine for hash (SHA1 in particular). The problem seems to be related to my "Digest_Copy" or (less likely) "Digest_Cleanup" implementation (I'll explain this further on). The Engine works fine for the Cipher algorithms (both just operating on a file and using s_client/s_server), and works fine for SHA1 when operating on a file. Trying to run an s_client / s_server session, I noticed that multiple context are used and the calls to "Digest_Update" function are mixed, so I have to maintain coherency in some way. - 1 - The easiest (and quickest) way to do this is to buffer the data that I receive at each call to "Digest_Update", for each context, and ask for a real hash operation only when I receive the "Digest_Final" for that context. Doing in this way, everything is ok, both operating on a single file (here only one context is used) and using s_client / s_server (multiplecontexts). In this scenario, in the "Digest_Copy" function I make a "memcopy" of the EVP_MD_CTX-md_data field where our data structure sits, and moreover I manually allocate and copy the buffer in which I am keeping the stored data. In the "Digest_Cleanup" I make a "free" of the buffer in which I keep the data (it is dynamically allocated) and I set to zero the counters used to keep track of its size and actual occupation. In this way, as I said, everything works. - 2 - The previous solution is mainly a workaround and has a big disadvantageif you want to hash large files or amount of data. So I decided to use the capability of our HW accelerator to save and restore the current context of the hash block. Here I have some problem, when using s_client/ s_server. Even if I implement it in the most trivial and inefficient way (RESTORE/UPDATE/SAVE at *each* call to update) it does not work. In this scenario, we have a buffer for the context in our data structure. I allocate this buffer at the first call to "Digest_Update",obviously not setting the RESTORE flag for this first call. I call "free" for this buffer and put it to NULL in the "Digest_Cleanup"function and, if this buffer is valid (not null) I copy it in the "Digest_Copy" function, by allocating a proper memory area in the "to" context. If I use this solution on a single file, it works, so the SAVE/RESTORE mechanism works fine (and it has been proved elsewhere). But it fails in the s_client/s_server test. As the main difference is that here the "Digest_Copy" and "Digest_Cleanup" function are called, I suppose the problem is here, even if I do not see many differences with the scenarionumber -1- What am I missing? Could you help me? Can someone point me to some useful resource or describe me exactly what has to be implemented in the Digest_Copy (and Digest_Cleanup) function?Or do you know another way to avoid the problem of "mixed context"? I mean: sha1_init(ctx_A) sha1_update(ctx_A) sha1_init(ctx_B) sha1_update(ctx_B) sha1_update(ctx_A) Thank you very much and best regards, Marco Grella __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: linking ssleay32.dll statically inside the app?
Hi, I am using RSA encryption and decryption in my projects. If I do encryption continuously in loop I am not getting the desired results. Should there be any delay between calling RSA_public_encrypt. Thank in advance S.Suresh - Original Message - From: Serge [EMAIL PROTECTED] Date: Monday, January 10, 2005 6:59 pm Subject: linking ssleay32.dll statically inside the app? Hi, is it possible to link statically the ssleay32.dll along my application so I won't need to provide the dll to my customers? I use windows xp and msvc++ 6.0. thank you. - Do you Yahoo!? All your favorites on one personal page ? Try My Yahoo! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
rsa enc-dec problem
Hi, I am using RSA encryption and decryption in my projects. If I do encryption continuously in loop I am not getting the desired results. Should there be any delay between calling RSA_public_encrypt. Thank in advance S.Suresh __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Openssl in java
Hi, I am developing server application in java and client in vc++. How to use openssl from java. Thanks in abvance S.Suresh __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Openssl in java
Hi, Thanks for your reply. can i use openssl to encrypt in c++ and bouncy castle to decrypt in java. Thanks S.Suresh - Original Message - From: Lawrence Bowie [EMAIL PROTECTED] Date: Thursday, December 16, 2004 10:38 am Subject: Re: Openssl in java Try the native implementation bundled with Sun else you will have to use some JNI methods ... http://java.sun.com/products/jsse/ LDB [EMAIL PROTECTED] wrote: Hi, I am developing server application in java and client in vc++. How to use openssl from java. Thanks in abvance S.Suresh __ OpenSSL Project http://www.openssl.orgUser Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Info needed about the SSLVersion
Hi, How can i make my cerficate/keys to work in a specified version (SSL 2.0)?? Thanks Prabha __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
need some guidence please...
Title: need some guidence please... Greetings, I am getting "make: Fatal errors" while installing openssl-0.0.6c on my Solaris box (Ultra 1) which runs on Solaris 2.5.1. The complete error message is like this *** Error code 1 make: Fatal error: Command failed for target 'cbc_enc.o' Current working directory /path/openssl-0.9.6c/crypto/des Any ideas would be greatly appreciated. Thanks in advance. Best Regards, Suresh Saguturu, Sun Certified Systems Administrator - SCSA 7, MIS Support - SHARP, 360.817.8463
