Re: BN_bin2bn problem

2006-10-19 Thread Olga Kornievskaia 



Nils Larsch wrote:

Olga Kornievskaia wrote:
Hi, can anyone tell me how to fix the leading zero in BIGNUM. I have 
the following code:


unsigned char pkinit_1024_dhprime[128] = {
   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
   0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
   0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
   0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
   0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
   0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
   0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
   0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
   0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
   0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
   0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
   0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
   0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
   0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
   0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};

BIGNUM *p;
p = BN_bin2bn(pkinit_1024_dhprime, sizeof(pkinit_1024_dhprime), NULL);

When I print the big number is comes out with a leading zero:
   00:ff:ff:ff:ff:ff:ff:ff:ff:c9:0f:da:a2:21:68:
   c2:34:c4:c6:62:8b:80:dc:1c:d1:29:02:4e:08:8a:
   67:cc:74:02:0b:be:a6:3b:13:9b:22:51:4a:08:79:
   8e:34:04:dd:ef:95:19:b3:cd:3a:43:1b:30:2b:0a:
   6d:f2:5f:14:37:4f:e1:35:6d:6d:51:c2:45:e4:85:
   b5:76:62:5e:7e:c6:f4:4c:42:e9:a6:37:ed:6b:0b:
   ff:5c:b6:f4:06:b7:ed:ee:38:6b:fb:5a:89:9f:a5:
   ae:9f:24:11:7c:4b:1f:e6:49:28:66:51:ec:e6:53:
   81:ff:ff:ff:ff:ff:ff:ff:ff

In crypto/bn/bn.h, I read comments about Bignum consistency macros 
and I tried to add bn_fix_top(p) after calling BN_bin2bn() but it 
didn't fix the leading zero problem.


Any suggestions would be appreciated.


the bignum library doesn't add a leading zero byte. The leading zero byte
is normally added when you DER encode an integer to indicate that the
number is positive.

Ok. Thanks. I was hoping that a leading zero was the answer to my real 
problem which is. I'm using the above p and a generator g = 2 (both 
are well-known group 2 DH parameters described in the  RFC 2412).  I 
initialize the DH structure with them and the then call DH_check() which 
returns with an error code of 8 which is  the g value is not a 
generator. I'm puzzled as to why the library doesn't like the 
well-known DH parameters.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

BN_bin2bn problem

2006-10-18 Thread Olga Kornievskaia 
Hi, can anyone tell me how to fix the leading zero in BIGNUM. I have the 
following code:


unsigned char pkinit_1024_dhprime[128] = {
   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
   0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
   0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
   0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
   0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
   0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
   0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
   0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
   0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
   0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
   0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
   0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
   0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
   0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
   0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
   0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};

BIGNUM *p;
p = BN_bin2bn(pkinit_1024_dhprime, sizeof(pkinit_1024_dhprime), NULL);

When I print the big number is comes out with a leading zero:
   00:ff:ff:ff:ff:ff:ff:ff:ff:c9:0f:da:a2:21:68:
   c2:34:c4:c6:62:8b:80:dc:1c:d1:29:02:4e:08:8a:
   67:cc:74:02:0b:be:a6:3b:13:9b:22:51:4a:08:79:
   8e:34:04:dd:ef:95:19:b3:cd:3a:43:1b:30:2b:0a:
   6d:f2:5f:14:37:4f:e1:35:6d:6d:51:c2:45:e4:85:
   b5:76:62:5e:7e:c6:f4:4c:42:e9:a6:37:ed:6b:0b:
   ff:5c:b6:f4:06:b7:ed:ee:38:6b:fb:5a:89:9f:a5:
   ae:9f:24:11:7c:4b:1f:e6:49:28:66:51:ec:e6:53:
   81:ff:ff:ff:ff:ff:ff:ff:ff

In crypto/bn/bn.h, I read comments about Bignum consistency macros and 
I tried to add bn_fix_top(p) after calling BN_bin2bn() but it didn't fix 
the leading zero problem.


Any suggestions would be appreciated.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Certificate name check failing?

1999-10-04 Thread Olga Antropova 

Hi,

I have problem with Netscape giving me a warning that the certificate that is
presented by a server (Netscape Enterprise) doesn't have the
server's name in it. 

I do not understand where the server name should go. When I create a key pair
I am giving exactly the name of server (rather the name of server's host
machine) on the prompt to type in the certificate name. But (as I understand)
that is only used to create the key database with the same name (name-key.db).
When I create the certificate requets there is no field to put the name of the
server.

So the questions are:
How Netscape does tne certificate name check? Where it is looking for the
server name (in the body of the sertificate??)? How to avoid this problem?

Thanks a lot for your help!

Olga Antropova.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: RSA licensing for OpenSSL usage?

1999-04-27 Thread olga 

Ross,

On 27-Apr-99 Ross Foard wrote:
 Olga,
 
 Did you get any responses to this question?   Because of the unclear (to me)
 nature of the RSA licensing I am using an evaluation of Covalent Raven while
 try
 to understand the licensing issues.  In the past I have always used Netscape
^

It seems to me that while using Raven you still need a license and this could
mean buying (and using???) BSAFE. 


 Products for our secure server needs, but the customer requested apache.  The
 mod_ssl installation instructions state that I should download the package
 RSAref
 (RAS Reference Implementation) to comply with patent legalities, but that is
 not
 available now.
 
^^^
According to the recent discussion in openssl-user mailing list RSARef is not
legal for the use in the commercial applications (even if it would be
available).

 I am suprised that no one has responded to your post.  Let me know if you
 learn
 anything new in this regard.

There are some responces you should have them by now. The time for message to
get to a mailing list is for some reason too long (about a day for me to see my
message in there - I am in US), much longer than in other mailing lists to which
I am subscribed.

My understanding now is that for use in commercial application BSAFE (or
RSA Data Security license?) should be bought and that there is no alternative
and because of it the prices are very high.

Olga.

 
 Ross Foard
 [EMAIL PROTECTED]
 
 olga wrote:
 
 Hi,

 I am using an openssl in the commercial product. As we should get license
 for
 using RSA we were talking with RSA about the terms of licensing. The RSA
 person
 I was talking to says that they can not sell the license for RSA usage
 with an OpenSSL and that we have to buy their BSAFE product. Does it mean
 that
 BSAFE was bought (and used???) for all existing commercial products that use
 OpenSSL instead of just buying a license for RSA usage? It sounds pretty
 unbelievable to me... Are there any examples to support or disprove this?

 Thanks a lot,

 Olga Antropova.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Problem compiling with sunos-cc

1999-04-06 Thread olga 

Hi,

I ran confugure with sunos-cc and when compiling on I have the following:

making crypto...
cc -I. -I../include -O4 -DNOPROTO -DNOCONST -DCFLAGS=" \"cc -O4 -DNOPROTO
-DNOCONST\" " -DPLATFORM=" \"sunos-cc\" "  -c  cryptlib.c
cc: Warning: option -4 passed to ld
"/usr/include/unistd.h", line 333: identifier redeclared: rename
current : function(pointer to char, pointer to char) returning int
previous: function(pointer to const char, pointer to const char)
returning int : "/usr/include/stdio.h", line 227
cc: acomp failed for cryptlib.c

Does anyone know how to fix the problem?

Thanks a lot,

Olga Antropova.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Problem compiling on HPUX

1999-04-06 Thread olga 

Hi, 

on HPUX it looks like compilation is fine but then make hangs in the following:

  cc -o ssleay -DMONOLITH -I../include -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit
+O4 -Wl,-a,archive ssleay.o verify.o asn1pa
rs.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o  pkcs7.o crl2p7.o crl.o 
rsa.o dsa.o dsaparam.o  x509.o genrsa.o s_server.o s_
client.o speed.o  s_time.o apps.o s_cb.o s_socket.o version.o sess_id.o 
ciphers.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -l
crypto 
/usr/ccs/bin/ld: (Warning) At least one PA 2.0 object file (ssleay.o) was
detected. The linked output may not run on a PA 1.x sys
tem.

Does anyone know what is the problem?

Thanks for your help,

Olga Antropova.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Error compiling with cc on IRIX

1999-04-05 Thread olga 

Hi,

While compiling on IRIX with cc I got the following error:

cfe: Error: bn_mul.c, line 98: Syntax Error
if (n2  (16) // 32 )
---^
cfe: Error: bn_mul.c, line 281: Syntax Error
if (tn  (16) // 32 )
---^
cfe: Error: bn_mul.c, line 285: Syntax Error
else
^
cfe: Error: bn_mul.c, line 359: Syntax Error
if (n = (32) // 32 )
---^
cfe: Error: bn_mul.c, line 366: Syntax Error
else
^
cfe: Error: bn_mul.c, line 617: Syntax Error
if (al  (16) // 32 )
---^
cfe: Error: bn_mul.c, line 631: Syntax Error
else if ((al  (16) // 32 ) || (bl  (16) // 32 ))
-^
cfe: Error: bn_mul.c, line 631: Syntax Error
else if ((al  (16) // 32 ) || (bl  (16) // 32 ))
---^
cfe: Error: bn_mul.c, line 638: Syntax Error
else

--

The problem I guess is C++ comments in C code (in crypto/bn/bn_lcl.h):

bn_lcl.h:#define BN_MULL_SIZE_NORMAL(16) // 32
bn_lcl.h:#define BN_MUL_RECURSIVE_SIZE_NORMAL   (16) // 32 /* less than
*/
bn_lcl.h:#define BN_SQR_RECURSIVE_SIZE_NORMAL   (16) // 32
bn_lcl.h:#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL   (32) // 32
bn_lcl.h:#define BN_MONT_CTX_SET_SIZE_WORD  (64) // 32

Am I right?

Thanks,

Olga Antropova.

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Best Ciphers?

1999-03-25 Thread olga 

Hi,

SSLeay Programmer Reference has performance characteristics:

http://www.psy.uq.oz.au/~ftp/Crypto/ssl.html

Also there is a cryptographic lib comparison at:

http://www.homeport.org/~adam/crypto/

Olga Antropova.

On 25-Mar-99 Juergen Rensen wrote:
 Hi everyone,
 
 I was wondering if there is something like a "best" cipher to use, ie. 
 which one is the fastest, which one the most secure, which one the best 
 compromise, etc.
 
 I checked the mail archive and couldn't find anything on that topic. If 
 anyone knows of any books or FAQs where I can find some comparative 
 information, then I would be grateful if you could let me know.
 
 Thank you
 
 Juergen
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]

--
E-Mail: olga [EMAIL PROTECTED]
Date: 25-Mar-99
Time: 08:34:07

This message was sent by XFMail
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]