Re: BN_bin2bn problem
Nils Larsch wrote: Olga Kornievskaia wrote: Hi, can anyone tell me how to fix the leading zero in BIGNUM. I have the following code: unsigned char pkinit_1024_dhprime[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }; BIGNUM *p; p = BN_bin2bn(pkinit_1024_dhprime, sizeof(pkinit_1024_dhprime), NULL); When I print the big number is comes out with a leading zero: 00:ff:ff:ff:ff:ff:ff:ff:ff:c9:0f:da:a2:21:68: c2:34:c4:c6:62:8b:80:dc:1c:d1:29:02:4e:08:8a: 67:cc:74:02:0b:be:a6:3b:13:9b:22:51:4a:08:79: 8e:34:04:dd:ef:95:19:b3:cd:3a:43:1b:30:2b:0a: 6d:f2:5f:14:37:4f:e1:35:6d:6d:51:c2:45:e4:85: b5:76:62:5e:7e:c6:f4:4c:42:e9:a6:37:ed:6b:0b: ff:5c:b6:f4:06:b7:ed:ee:38:6b:fb:5a:89:9f:a5: ae:9f:24:11:7c:4b:1f:e6:49:28:66:51:ec:e6:53: 81:ff:ff:ff:ff:ff:ff:ff:ff In crypto/bn/bn.h, I read comments about Bignum consistency macros and I tried to add bn_fix_top(p) after calling BN_bin2bn() but it didn't fix the leading zero problem. Any suggestions would be appreciated. the bignum library doesn't add a leading zero byte. The leading zero byte is normally added when you DER encode an integer to indicate that the number is positive. Ok. Thanks. I was hoping that a leading zero was the answer to my real problem which is. I'm using the above p and a generator g = 2 (both are well-known group 2 DH parameters described in the RFC 2412). I initialize the DH structure with them and the then call DH_check() which returns with an error code of 8 which is the g value is not a generator. I'm puzzled as to why the library doesn't like the well-known DH parameters. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
BN_bin2bn problem
Hi, can anyone tell me how to fix the leading zero in BIGNUM. I have the following code: unsigned char pkinit_1024_dhprime[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }; BIGNUM *p; p = BN_bin2bn(pkinit_1024_dhprime, sizeof(pkinit_1024_dhprime), NULL); When I print the big number is comes out with a leading zero: 00:ff:ff:ff:ff:ff:ff:ff:ff:c9:0f:da:a2:21:68: c2:34:c4:c6:62:8b:80:dc:1c:d1:29:02:4e:08:8a: 67:cc:74:02:0b:be:a6:3b:13:9b:22:51:4a:08:79: 8e:34:04:dd:ef:95:19:b3:cd:3a:43:1b:30:2b:0a: 6d:f2:5f:14:37:4f:e1:35:6d:6d:51:c2:45:e4:85: b5:76:62:5e:7e:c6:f4:4c:42:e9:a6:37:ed:6b:0b: ff:5c:b6:f4:06:b7:ed:ee:38:6b:fb:5a:89:9f:a5: ae:9f:24:11:7c:4b:1f:e6:49:28:66:51:ec:e6:53: 81:ff:ff:ff:ff:ff:ff:ff:ff In crypto/bn/bn.h, I read comments about Bignum consistency macros and I tried to add bn_fix_top(p) after calling BN_bin2bn() but it didn't fix the leading zero problem. Any suggestions would be appreciated. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Certificate name check failing?
Hi, I have problem with Netscape giving me a warning that the certificate that is presented by a server (Netscape Enterprise) doesn't have the server's name in it. I do not understand where the server name should go. When I create a key pair I am giving exactly the name of server (rather the name of server's host machine) on the prompt to type in the certificate name. But (as I understand) that is only used to create the key database with the same name (name-key.db). When I create the certificate requets there is no field to put the name of the server. So the questions are: How Netscape does tne certificate name check? Where it is looking for the server name (in the body of the sertificate??)? How to avoid this problem? Thanks a lot for your help! Olga Antropova. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RSA licensing for OpenSSL usage?
Ross, On 27-Apr-99 Ross Foard wrote: Olga, Did you get any responses to this question? Because of the unclear (to me) nature of the RSA licensing I am using an evaluation of Covalent Raven while try to understand the licensing issues. In the past I have always used Netscape ^ It seems to me that while using Raven you still need a license and this could mean buying (and using???) BSAFE. Products for our secure server needs, but the customer requested apache. The mod_ssl installation instructions state that I should download the package RSAref (RAS Reference Implementation) to comply with patent legalities, but that is not available now. ^^^ According to the recent discussion in openssl-user mailing list RSARef is not legal for the use in the commercial applications (even if it would be available). I am suprised that no one has responded to your post. Let me know if you learn anything new in this regard. There are some responces you should have them by now. The time for message to get to a mailing list is for some reason too long (about a day for me to see my message in there - I am in US), much longer than in other mailing lists to which I am subscribed. My understanding now is that for use in commercial application BSAFE (or RSA Data Security license?) should be bought and that there is no alternative and because of it the prices are very high. Olga. Ross Foard [EMAIL PROTECTED] olga wrote: Hi, I am using an openssl in the commercial product. As we should get license for using RSA we were talking with RSA about the terms of licensing. The RSA person I was talking to says that they can not sell the license for RSA usage with an OpenSSL and that we have to buy their BSAFE product. Does it mean that BSAFE was bought (and used???) for all existing commercial products that use OpenSSL instead of just buying a license for RSA usage? It sounds pretty unbelievable to me... Are there any examples to support or disprove this? Thanks a lot, Olga Antropova. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problem compiling with sunos-cc
Hi, I ran confugure with sunos-cc and when compiling on I have the following: making crypto... cc -I. -I../include -O4 -DNOPROTO -DNOCONST -DCFLAGS=" \"cc -O4 -DNOPROTO -DNOCONST\" " -DPLATFORM=" \"sunos-cc\" " -c cryptlib.c cc: Warning: option -4 passed to ld "/usr/include/unistd.h", line 333: identifier redeclared: rename current : function(pointer to char, pointer to char) returning int previous: function(pointer to const char, pointer to const char) returning int : "/usr/include/stdio.h", line 227 cc: acomp failed for cryptlib.c Does anyone know how to fix the problem? Thanks a lot, Olga Antropova. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problem compiling on HPUX
Hi, on HPUX it looks like compilation is fine but then make hangs in the following: cc -o ssleay -DMONOLITH -I../include -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive ssleay.o verify.o asn1pa rs.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o s_server.o s_ client.o speed.o s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o ciphers.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -l crypto /usr/ccs/bin/ld: (Warning) At least one PA 2.0 object file (ssleay.o) was detected. The linked output may not run on a PA 1.x sys tem. Does anyone know what is the problem? Thanks for your help, Olga Antropova. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Error compiling with cc on IRIX
Hi, While compiling on IRIX with cc I got the following error: cfe: Error: bn_mul.c, line 98: Syntax Error if (n2 (16) // 32 ) ---^ cfe: Error: bn_mul.c, line 281: Syntax Error if (tn (16) // 32 ) ---^ cfe: Error: bn_mul.c, line 285: Syntax Error else ^ cfe: Error: bn_mul.c, line 359: Syntax Error if (n = (32) // 32 ) ---^ cfe: Error: bn_mul.c, line 366: Syntax Error else ^ cfe: Error: bn_mul.c, line 617: Syntax Error if (al (16) // 32 ) ---^ cfe: Error: bn_mul.c, line 631: Syntax Error else if ((al (16) // 32 ) || (bl (16) // 32 )) -^ cfe: Error: bn_mul.c, line 631: Syntax Error else if ((al (16) // 32 ) || (bl (16) // 32 )) ---^ cfe: Error: bn_mul.c, line 638: Syntax Error else -- The problem I guess is C++ comments in C code (in crypto/bn/bn_lcl.h): bn_lcl.h:#define BN_MULL_SIZE_NORMAL(16) // 32 bn_lcl.h:#define BN_MUL_RECURSIVE_SIZE_NORMAL (16) // 32 /* less than */ bn_lcl.h:#define BN_SQR_RECURSIVE_SIZE_NORMAL (16) // 32 bn_lcl.h:#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) // 32 bn_lcl.h:#define BN_MONT_CTX_SET_SIZE_WORD (64) // 32 Am I right? Thanks, Olga Antropova. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Best Ciphers?
Hi, SSLeay Programmer Reference has performance characteristics: http://www.psy.uq.oz.au/~ftp/Crypto/ssl.html Also there is a cryptographic lib comparison at: http://www.homeport.org/~adam/crypto/ Olga Antropova. On 25-Mar-99 Juergen Rensen wrote: Hi everyone, I was wondering if there is something like a "best" cipher to use, ie. which one is the fastest, which one the most secure, which one the best compromise, etc. I checked the mail archive and couldn't find anything on that topic. If anyone knows of any books or FAQs where I can find some comparative information, then I would be grateful if you could let me know. Thank you Juergen __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- E-Mail: olga [EMAIL PROTECTED] Date: 25-Mar-99 Time: 08:34:07 This message was sent by XFMail -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]