openssl-enc: needs additional base64 garbage check?
Hello. #?1|kent:tmp$ x=U2FsdGVkX19hzr7eekkcCcfeydWYK7HAeLr2lRPThis [ ^ $? of last command] #?0|kent:tmp$ printf ${x}= | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2 -d #?0|kent:tmp$ printf ${x}=t | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2 -d #?0|kent:tmp$ printf ${x}=to | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2 -d #?0|kent:tmp$ printf ${x}=tor | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2 -d #?0|kent:tmp$ printf ${x}=tory | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2 -d bad decrypt 8908367F:error:1C80006B:Provider routines:ossl_cipher_generic_block_final:wrong final block length:providers/implementations/ciphers/ciphercommon.c:443: #?1|kent:tmp$ printf ${x} | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2 -d bad decrypt 80105031D77F:error:1C80006B:Provider routines:ossl_cipher_generic_block_final:wrong final block length:providers/implementations/ciphers/ciphercommon.c:443: #?1|kent:tmp$ printf 0${x} | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2 -d bad magic number #?1|kent:tmp$ printf 0${x}= | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2 -d bad magic number #?1|kent:tmp$ printf ${x}= | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2 -d github issue? --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
RE: Base64 or Base64url
Thank you for your answer. I know, my version is old and I need to update (and I will). It's installed on IBM AIX server. I was not precise enough in my question, I need to have base64url natively supported for a certification purpose. I'm using openssl in some bash scripts, I can easily replace characters to bypass the problem of / and + but I don't think I will be authorized to do so. Is there any other options ? Best regards [http://www.cromology.com/mail/cromology-it.gif] Benjamin ENTE Ingénieur système et BDD Services Infrastructure 71, Bd du Général Leclerc - 92583 Clichy cedex Tel. +33(0)175338276 | Mobile. +33(0)678003942 benjamin.e...@cromology.com<mailto:%22benjamin.e...@cromology.com%22> www.cromology.com<http://www.cromology.com/> Merci de penser à l'environnement avant d'imprimer ce message. De : Dr. Matthias St. Pierre Envoyé : vendredi 18 octobre 2019 09:10 À : Benjamin ENTE ; openssl-users@openssl.org Objet : AW: Base64 or Base64url Just noticed your OpenSSL version: it is _very_ old and not supported anymore. its successor, OpenSSL 1.0.2, will be EOL by the end of this year. The current stable LTS version is OpenSSL 1.1.1. Matthias [NCP engingeering GmbH] Dr. Matthias St. Pierre Senior Software Engineer matthias.st.pie...@ncp-e.com Phone: +49 911 9968-0 www.ncp-e.com Follow us on: Facebook<https://www.facebook.com/NCPengineering> | Twitter<https://twitter.com/NCP_engineering> | Xing<https://www.xing.com/companies/ncpengineeringgmbh> | YouTube<https://www.youtube.com/user/NCPengineeringGmbH> | LinkedIn<http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0> Headquarters Germany: NCP engineering GmbH • Dombuehler Str. 2 • 90449 • Nuremberg North American HQ: NCP engineering Inc. • 678 Georgia Ave. • Sunnyvale, CA 94085 East Coast Office: NCP engineering Inc. • 601 Cleveland Str., Suite 501-25 • Clearwater, FL 33755 Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate Dietrich Registry Court: Lower District Court of Nuremberg Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE 133557619 This e-mail message including any attachments is for the sole use of the intended recipient(s) and may contain privileged or confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply e-mail and delete the original message and destroy all copies thereof. <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen><https://www.ncp-e.com/de/aktuelles/events/veranstaltungen> Von: openssl-users Im Auftrag von Benjamin ENTE Gesendet: Freitag, 18. Oktober 2019 08:51 An: openssl-users@openssl.org Betreff: Base64 or Base64url Hi everyone I'm looking for an information I can't find. I'm using OpenSSL 1.0.1e 11 Feb 2013 and I want to know if it's encoding in base64 or in base64url. Thank you in advance for your help Best regards Benjamin [http://www.cromology.com/mail/cromology-it.gif] Benjamin ENTE Ingénieur système et BDD Services Infrastructure 71, Bd du Général Leclerc - 92583 Clichy cedex Tel. +33(0)175338276 | Mobile. +33(0)678003942 benjamin.e...@cromology.com<mailto:%22benjamin.e...@cromology.com%22> www.cromology.com<http://www.cromology.com/> Merci de penser à l'environnement avant d'imprimer ce message.
AW: Base64 or Base64url
P.S: My answer to your original question applies to 1.0.1 as well: https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/doc/crypto/EVP_EncodeInit.pod Von: openssl-users Im Auftrag von Dr. Matthias St. Pierre Gesendet: Freitag, 18. Oktober 2019 09:10 An: Benjamin ENTE ; openssl-users@openssl.org Betreff: AW: Base64 or Base64url Just noticed your OpenSSL version: it is _very_ old and not supported anymore. its successor, OpenSSL 1.0.2, will be EOL by the end of this year. The current stable LTS version is OpenSSL 1.1.1. Matthias Von: openssl-users mailto:openssl-users-boun...@openssl.org>> Im Auftrag von Benjamin ENTE Gesendet: Freitag, 18. Oktober 2019 08:51 An: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Betreff: Base64 or Base64url Hi everyone I'm looking for an information I can't find. I'm using OpenSSL 1.0.1e 11 Feb 2013 and I want to know if it's encoding in base64 or in base64url. Thank you in advance for your help Best regards Benjamin [http://www.cromology.com/mail/cromology-it.gif] Benjamin ENTE Ingénieur système et BDD Services Infrastructure 71, Bd du Général Leclerc - 92583 Clichy cedex Tel. +33(0)175338276 | Mobile. +33(0)678003942 benjamin.e...@cromology.com<mailto:%22benjamin.e...@cromology.com%22> www.cromology.com<http://www.cromology.com/> Merci de penser à l'environnement avant d'imprimer ce message.
AW: Base64 or Base64url
Just noticed your OpenSSL version: it is _very_ old and not supported anymore. its successor, OpenSSL 1.0.2, will be EOL by the end of this year. The current stable LTS version is OpenSSL 1.1.1. Matthias Von: openssl-users Im Auftrag von Benjamin ENTE Gesendet: Freitag, 18. Oktober 2019 08:51 An: openssl-users@openssl.org Betreff: Base64 or Base64url Hi everyone I'm looking for an information I can't find. I'm using OpenSSL 1.0.1e 11 Feb 2013 and I want to know if it's encoding in base64 or in base64url. Thank you in advance for your help Best regards Benjamin [http://www.cromology.com/mail/cromology-it.gif] Benjamin ENTE Ingénieur système et BDD Services Infrastructure 71, Bd du Général Leclerc - 92583 Clichy cedex Tel. +33(0)175338276 | Mobile. +33(0)678003942 benjamin.e...@cromology.com<mailto:%22benjamin.e...@cromology.com%22> www.cromology.com<http://www.cromology.com/> Merci de penser à l'environnement avant d'imprimer ce message.
AW: Base64 or Base64url
OpenSSL is using regular base64 encoding, see for example https://www.openssl.org/docs/man1.1.1/man3/EVP_EncodeInit.html But if you need base64url encoding, no problem: a simple string replace will help. https://brockallen.com/2014/10/17/base64url-encoding/ Regards, Matthias Von: openssl-users Im Auftrag von Benjamin ENTE Gesendet: Freitag, 18. Oktober 2019 08:51 An: openssl-users@openssl.org Betreff: Base64 or Base64url Hi everyone I'm looking for an information I can't find. I'm using OpenSSL 1.0.1e 11 Feb 2013 and I want to know if it's encoding in base64 or in base64url. Thank you in advance for your help Best regards Benjamin Benjamin ENTE Ingénieur système et BDD Services Infrastructure 71, Bd du Général Leclerc - 92583 Clichy cedex Tel. +33(0)175338276 | Mobile. +33(0)678003942 mailto:%22benjamin.e...@cromology.com%22 http://www.cromology.com/ Merci de penser à l'environnement avant d'imprimer ce message.
Base64 or Base64url
Hi everyone I'm looking for an information I can't find. I'm using OpenSSL 1.0.1e 11 Feb 2013 and I want to know if it's encoding in base64 or in base64url. Thank you in advance for your help Best regards Benjamin [http://www.cromology.com/mail/cromology-it.gif] Benjamin ENTE Ingénieur système et BDD Services Infrastructure 71, Bd du Général Leclerc - 92583 Clichy cedex Tel. +33(0)175338276 | Mobile. +33(0)678003942 benjamin.e...@cromology.com<mailto:%22benjamin.e...@cromology.com%22> www.cromology.com<http://www.cromology.com/> Merci de penser à l'environnement avant d'imprimer ce message.
Re: [openssl-users] base64 decode in C
Hi, My problem is if the string that I want to decode start with null terminated char (as in a SSH pubkey), the base64_decode does not return anything at all. The encoded string itself does not have null terminated chars but rather the decoded result. The buffer being returned is empty. How to overcome this ? Also my C is relatively rusty, it would be great help if someone could look look at my code and suggest what I'm doing wrong. Also, I tried to use the EVP_DecodeBlock function with same result. It decodes everything except the SSH pubkey. Thanks. --Prashant On 18 March 2015 at 22:56, Scott Neugroschl scot...@xypro.com wrote: I believe the SSH pubkey is binary data, not ASCII, so strlen() will not work on it if it has embedded NUL chars. As Dave Thompson suggested, instead of strlen(), use the length returned from BIO_read. *From:* openssl-users [mailto:openssl-users-boun...@openssl.org] *On Behalf Of *Prashant Bapat *Sent:* Wednesday, March 18, 2015 8:08 AM *To:* openssl-users *Subject:* Re: [openssl-users] base64 decode in C Hi Dave and Walter, Thanks for our reply. I'm not doing anything different for the ssh pubkey. I'm able to decode it using the openssl enc -base64 -d -A command. But not using the C program. Attaching my entire code here. After getting the base64 decoded I'm calculating the MD5 sum and printing it. This works for a regular string but not for SSH pubkey. Thanks again. --Prashant On 18 March 2015 at 18:04, Walter H. walte...@mathemainzel.info wrote: Hi, before calling this function, remove any whitespace; Walter ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] base64 decode in C
Hey I got this. Sorry I was confused with the length. BIO_read returns the length which I was able to use to get the MD5. Problem solved!!! Many thanks. --Pashant On 19 March 2015 at 14:24, Prashant Bapat prash...@apigee.com wrote: Hi, My problem is if the string that I want to decode start with null terminated char (as in a SSH pubkey), the base64_decode does not return anything at all. The encoded string itself does not have null terminated chars but rather the decoded result. The buffer being returned is empty. How to overcome this ? Also my C is relatively rusty, it would be great help if someone could look look at my code and suggest what I'm doing wrong. Also, I tried to use the EVP_DecodeBlock function with same result. It decodes everything except the SSH pubkey. Thanks. --Prashant On 18 March 2015 at 22:56, Scott Neugroschl scot...@xypro.com wrote: I believe the SSH pubkey is binary data, not ASCII, so strlen() will not work on it if it has embedded NUL chars. As Dave Thompson suggested, instead of strlen(), use the length returned from BIO_read. *From:* openssl-users [mailto:openssl-users-boun...@openssl.org] *On Behalf Of *Prashant Bapat *Sent:* Wednesday, March 18, 2015 8:08 AM *To:* openssl-users *Subject:* Re: [openssl-users] base64 decode in C Hi Dave and Walter, Thanks for our reply. I'm not doing anything different for the ssh pubkey. I'm able to decode it using the openssl enc -base64 -d -A command. But not using the C program. Attaching my entire code here. After getting the base64 decoded I'm calculating the MD5 sum and printing it. This works for a regular string but not for SSH pubkey. Thanks again. --Prashant On 18 March 2015 at 18:04, Walter H. walte...@mathemainzel.info wrote: Hi, before calling this function, remove any whitespace; Walter ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] base64 decode in C
Hi, before calling this function, remove any whitespace; Walter smime.p7s Description: S/MIME Cryptographic Signature ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] base64 decode in C
Hi Dave and Walter, Thanks for our reply. I'm not doing anything different for the ssh pubkey. I'm able to decode it using the openssl enc -base64 -d -A command. But not using the C program. Attaching my entire code here. After getting the base64 decoded I'm calculating the MD5 sum and printing it. This works for a regular string but not for SSH pubkey. Thanks again. --Prashant On 18 March 2015 at 18:04, Walter H. walte...@mathemainzel.info wrote: Hi, before calling this function, remove any whitespace; Walter ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users #include openssl/md5.h #include openssl/sha.h #include openssl/hmac.h #include openssl/evp.h #include openssl/bio.h #include openssl/buffer.h #include string.h #include stdio.h char *b64_decode(unsigned char *input, int length); char* md5_digest(char *string); int main() { char *str = B3NzaC1yc2EDAQABAAABAQC/KdcFv09+f+tJK9IZ8I+L0zG7dUINClI5v8FlHJsBPSM3DDO2DpwIg/KqZKCRH9y6lEO+QAJt2DTEq/LBZcBUCdeiX1TXPFRorX+VdZigj7av/S/UHkq2EH6hfkJB3oLA5ZOZioMOAuDv1ng/DE4pRBr+KZ2oVhGjf3wa0hWi21vTZqb3s7vh+bPf6C2eUmAQJKHvFhtBK8Xx7FxN0b7igsGbk7ObwcItfMxdzkMvuiuU/UnthFVpa8wZIObFDi3MxJuf3/R+h6R1lFMvEIrU6CWRupS7Pqkm4X3qWQfhAWbdgdbD5KAk5JLA2eWIPQQA5Uay5CeH+GXz8gCa4zaz; printf(Base64 decoded string is : %s\n, b64_decode(str, strlen(str))); // This should print binary for a ssh key. printf(MD5 Sum of the decoded string is : %s\n, md5_digest(b64_decode(str, strlen(str; return 0; } char *b64_decode(unsigned char *input, int length) { BIO *b64, *bmem; char *buffer = (char *)malloc(length); memset(buffer, 0, length); b64 = BIO_new(BIO_f_base64()); bmem = BIO_new_mem_buf((void*)input, length); bmem = BIO_push(b64, bmem); BIO_set_flags(bmem, BIO_FLAGS_BASE64_NO_NL); BIO_read(bmem, buffer, length); BIO_free_all(bmem); return buffer; } char* md5_digest(char *string) { int i; unsigned char result[MD5_DIGEST_LENGTH]; // Length of MD5 signature is 32 ! char * md5_sig = (char *) malloc(33); MD5(string, strlen(string), result); // output for(i = 0; i MD5_DIGEST_LENGTH; i++){ sprintf( md5_sig[i*2], %02x, result[i]); } return md5_sig; } ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] base64 decode in C
Please refer to Dave Thompson's answer, it describes your problem. On 18/03/2015 16:08, Prashant Bapat wrote: Hi Dave and Walter, Thanks for our reply. I'm not doing anything different for the ssh pubkey. I'm able to decode it using the openssl enc -base64 -d -A command. But not using the C program. Attaching my entire code here. After getting the base64 decoded I'm calculating the MD5 sum and printing it. This works for a regular string but not for SSH pubkey. Thanks again. --Prashant Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] base64 decode in C
I believe the SSH pubkey is binary data, not ASCII, so strlen() will not work on it if it has embedded NUL chars. As Dave Thompson suggested, instead of strlen(), use the length returned from BIO_read. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Prashant Bapat Sent: Wednesday, March 18, 2015 8:08 AM To: openssl-users Subject: Re: [openssl-users] base64 decode in C Hi Dave and Walter, Thanks for our reply. I'm not doing anything different for the ssh pubkey. I'm able to decode it using the openssl enc -base64 -d -A command. But not using the C program. Attaching my entire code here. After getting the base64 decoded I'm calculating the MD5 sum and printing it. This works for a regular string but not for SSH pubkey. Thanks again. --Prashant On 18 March 2015 at 18:04, Walter H. walte...@mathemainzel.infomailto:walte...@mathemainzel.info wrote: Hi, before calling this function, remove any whitespace; Walter ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] base64 decode in C
Hi, Most likely this has been answered before, please bear with me. I'm trying to use the base64 decode function in C. Below is the function. char *b64_decode(unsigned char *input, int length) { BIO *b64, *bmem; char *buffer = (char *)malloc(length); memset(buffer, 0, length); b64 = BIO_new(BIO_f_base64()); bmem = BIO_new_mem_buf((void*)input, length); bmem = BIO_push(b64, bmem); BIO_set_flags(bmem, BIO_FLAGS_BASE64_NO_NL); BIO_read(bmem, buffer, length); BIO_free_all(bmem); return buffer; } This works well for simple b64 encoded strings like hello world! etc. But when I want to b64 decode the contents of a SSH public key, it fails. Returns nothing. What I'm trying to get to is the SSH public key fingerprint which is the MD5 hash of the base64 decoded part of the public key. This decodes fine. dGhpcyBpcyBhd2Vzb21lCg== : this is awesome This does not. B3NzaC1yc2EDAQABAAABAQC/KdcFv09+f+tJK9IZ8I+L0zG7dUINClI5v8FlHJsBPSM3DDO2DpwIg/KqZKCRH9y6lEO+QAJt2DTEq/LBZcBUCdeiX1TXPFRorX+VdZigj7av/S/UHkq2EH6hfkJB3oLA5ZOZioMOAuDv1ng/DE4pRBr+KZ2oVhGjf3wa0hWi21vTZqb3s7vh+bPf6C2eUmAQJKHvFhtBK8Xx7FxN0b7igsGbk7ObwcItfMxdzkMvuiuU/UnthFVpa8wZIObFDi3MxJuf3/R+h6R1lFMvEIrU6CWRupS7Pqkm4X3qWQfhAWbdgdbD5KAk5JLA2eWIPQQA5Uay5CeH+GXz8gCa4zaz What I'm I doing wrong ? Btw in the command line both decode. Using echo string | openssl enc -base64 -d -A Any help appreciated. Thanks in advance. --Prashant ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] base64 decode in C
On 18.03.2015 16:08, Prashant Bapat wrote: printf(Base64 decoded string is : %s\n, b64_decode(str, strlen(str))); // This should print binary for a ssh key. not really, because the return of b64_decode is not a C string; and the format specfier %s expects a C string; smime.p7s Description: S/MIME Cryptographic Signature ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: Convert symmetrically encrypted content to base64
On Fri, 24 Aug 2012 15:54:50 -0400 Dave Thompson wrote: Note OpenSSL's RSA privatekey *includes* publickey. RSA publickey is n,e and naive privatekey is n,d, but OpenSSL privatekey is CRT form with n,d,e,p,q + more. There is no need to transmit the publickey separately, [..] Tiny aside: BIO_new_mem_buf will do the strlen() for you if you pass -1 for length. Just a convenience. [..] If PEM_read_* returns null (or nearly any other OpenSSL routine returns a failure indication), look at the error queue. http://www.openssl.org/support/faq.html#PROG6 and #PROG7 also if you don't get readable error. If they didn't, look very carefully at your PEM data. Commandline can do this: openssl asn1parse -in myprivkey.pem and/or: openssal rsa -in myprivkey.pem -text Thanks for your hints. After a lot of testing I figured out that my functions pem2key() and key2pem() works fine. The problem is that I lose some characters (e.g. '+' gets replaced by spaces) while sending the key over the network. But I think this problem don't belong to the mailing list. ;-) Thanks a lot! Björn -- Björn Schießle bjo...@schiessle.org www: http://schiessle.org gnupg key: 0x0x2378A753E2BF04F6 fingerprint: 244F CEB0 CB09 9524 B21F B896 2378 A753 E2BF 04F6 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Convert symmetrically encrypted content to base64
Hi Bjoern, please see my comments below: (rather Qt and memory related) On Thu, Aug 23, 2012 at 03:12:55PM +0200, Bjoern Schiessle wrote: QMapQString, QString Encryption::key2pem(RSA *rsa, QString password) { QMapQString, QString keypair; BUF_MEM *bptr; BIO *pubBio = BIO_new(BIO_s_mem()); BIO *privBio = BIO_new(BIO_s_mem()); PEM_write_bio_RSA_PUBKEY(pubBio, rsa); PEM_write_bio_RSAPrivateKey(privBio, rsa, EVP_aes_128_cfb(),NULL, 0, 0, password.toLocal8Bit().data()); The following block can be simplified: BIO_get_mem_ptr(pubBio, bptr); char *pubKey = (char *)malloc(bptr-length+1); memcpy(pubKey, bptr-data, bptr-length); pubKey[bptr-length] = 0; BIO_get_mem_ptr(pubBio, bptr); keypair[publickey] = QString::fromAscii(bptr-data, bptr-length); BIO_get_mem_ptr(privBio, bptr); char *privKey = (char *)malloc(bptr-length+1); memcpy(privKey, bptr-data, bptr-length); privKey[bptr-length] = 0; BIO_get_mem_ptr(privBio, bptr); keypair[privatekey] = QString::fromAscii(bptr-data, bptr-length); keypair[privatekey] = QString(privKey); keypair[publickey] = QString(pubKey); /* this would be required in your code */ free(privKey); free(pubKey); Cheers Christian __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Convert symmetrically encrypted content to base64
Hi Christian, On Fri, 24 Aug 2012 08:11:25 +0200 Christian Hohnstaedt wrote: please see my comments below: (rather Qt and memory related) Thank you for your feedback. Now I'm trying the implement the function which does exactly the opposite: Take the public and private key in the PEM format from the server and import it in a RSA structure: void Encryption::pem2key(QString publickey, QString privatekey, QString password) { BIO *pubBio = BIO_new_mem_buf(publickey.toLocal8Bit().data(), strlen(publickey.toLocal8Bit().data())); BIO *privBio = BIO_new_mem_buf(privatekey.toLocal8Bit().data(), strlen(privatekey.toLocal8Bit().data())); RSA *rsa = RSA_new(); PEM_read_bio_RSAPublicKey(pubBio, rsa, 0, NULL); PEM_read_bio_RSAPrivateKey(privBio, rsa, 0, password.toLocal8Bit().data()); Keymanager::Instance()-setRSAkey(rsa); BIO_free_all(pubBio); BIO_free_all(privBio); } The program compiles and run without a problem. But if I call the key2pem() function with the newly imported RSA key. I get two quite short keys back (only half a line of data). So something seems to go wrong during import of the PEM encoded keys. Any idea what I'm doing wrong in the pem2key() function? Thanks! Björn __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Convert symmetrically encrypted content to base64
From: owner-openssl-us...@openssl.org On Behalf Of Bjoern Schiessle Sent: Friday, 24 August, 2012 12:14 snip Now I'm trying the implement the function which does exactly the opposite: Take the public and private key in the PEM format from the server and import it in a RSA structure: Note OpenSSL's RSA privatekey *includes* publickey. RSA publickey is n,e and naive privatekey is n,d, but OpenSSL privatekey is CRT form with n,d,e,p,q + more. There is no need to transmit the publickey separately, (Not for DH or ECDH, though.) void Encryption::pem2key(QString publickey, QString privatekey, QString password) { BIO *pubBio = BIO_new_mem_buf(publickey.toLocal8Bit().data(), strlen(publickey.toLocal8Bit().data())); BIO *privBio = BIO_new_mem_buf(privatekey.toLocal8Bit().data(), strlen(privatekey.toLocal8Bit().data())); Tiny aside: BIO_new_mem_buf will do the strlen() for you if you pass -1 for length. Just a convenience. RSA *rsa = RSA_new(); PEM_read_bio_RSAPublicKey(pubBio, rsa, 0, NULL); PEM_read_bio_RSAPrivateKey(privBio, rsa, 0, password.toLocal8Bit().data()); Keymanager::Instance()-setRSAkey(rsa); BIO_free_all(pubBio); BIO_free_all(privBio); } The program compiles and run without a problem. But if I call the key2pem() function with the newly imported RSA key. I get two quite short keys back (only half a line of data). So something seems to go wrong during import of the PEM encoded keys. Any idea what I'm doing wrong in the pem2key() function? If PEM_read_* returns null (or nearly any other OpenSSL routine returns a failure indication), look at the error queue. http://www.openssl.org/support/faq.html#PROG6 and #PROG7 also if you don't get readable error. If they didn't, look very carefully at your PEM data. Commandline can do this: openssl asn1parse -in myprivkey.pem and/or: openssal rsa -in myprivkey.pem -text __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Convert symmetrically encrypted content to base64
Hi, I want to generate a RSA private and public key and than encrypt the private key symmetrically with a password to store it on a server. The data has to be stored and transferred base64 encoded. This is how I encrypt the private key: EVP_CIPHER_CTX ctx; unsigned char *key = (unsigned char*)password.toLocal8Bit().data(); unsigned char *data = (unsigned char*)privkey.toLocal8Bit().constData()); int len = strlen((char*)data)+1; unsigned char iv[EVP_MAX_IV_LENGTH]; select_random_iv(iv, EVP_MAX_IV_LENGTH); int c_len = len + AES_BLOCK_SIZE, f_len = 0; unsigned char *ciphertext = (unsigned char*)malloc(c_len); EVP_EncryptInit(ctx, EVP_aes_128_cfb(), key, iv); EVP_EncryptUpdate(ctx, ciphertext, c_len, data, len); EVP_EncryptFinal(ctx, ciphertext+c_len, f_len); This works fine and if I send the encrypted data, the iv, the key and the password directly to the decrypt function (decryptPrivateKey(...)) I can also decrypt the data again. But if I encode the data together with the iv as base64 to store it on the server and later decode it again the decryption fails. Here is how I encode the data together with the iv in base64: char *base64Key = base64(ciphertext, strlen((char*)ciphertext)); char *base64IV = base64(iv, strlen((char*)iv)); char *iv_seperator = (char*)00iv00; base64Key = (char*)realloc(base64Key, strlen(base64Key)+strlen(base64IV)+6+1); strcat(base64Key, iv_seperator); strcat(base64Key, base64IV); The result is a string data00iv00iv which I transfer to the server. Now when I retrieve the data again I separate the encrypted key and the iv, decode it and send it to the decryption function: char *data = privkey.toLocal8Bit().data(); char keyBase64[strlen(data)+1]; char ivBase64[2000]; int separator, i; bool isKey = true; for(i = 0; istrlen(data); i++) { if (data[i] == '0' data[i+1] == '0' data[i+2] == 'i' data[i+3] == 'v' data[i+4] == '0' data[i+5] == '0') { isKey = false; keyBase64[i] = '\0'; i += 5; separator = i; } else { if (isKey) keyBase64[i] = data[i]; else ivBase64[i-separator-1] = data[i]; } } ivBase64[i-separator-1] = '\0'; unsigned char *key = unbase64(keyBase64, strlen(keyBase64)); unsigned char *iv = unbase64(ivBase64, strlen(ivBase64)); return (decryptPrivateKey(key, iv, password)); This is how base64 and unbase64 looks: char* Encryption::base64(const unsigned char *input, int length) { BIO *bmem, *b64; BUF_MEM *bptr; b64 = BIO_new(BIO_f_base64()); bmem = BIO_new(BIO_s_mem()); b64 = BIO_push(b64, bmem); BIO_write(b64, input, length); BIO_flush(b64); BIO_get_mem_ptr(b64, bptr); char *buff = (char *)malloc(bptr-length+1); memcpy(buff, bptr-data, bptr-length); buff[bptr-length] = 0; BIO_free_all(b64); return buff; } unsigned char* Encryption::unbase64(char *input, int length) { BIO *b64, *bmem; unsigned char *buffer = (unsigned char *)malloc(length); memset(buffer, 0, length); b64 = BIO_new(BIO_f_base64()); bmem = BIO_new_mem_buf(input, length); bmem = BIO_push(b64, bmem); BIO_read(bmem, buffer, length); BIO_free_all(bmem); return buffer; } I already tried several other methods to endoce/decode base64 but nothing really works. Maybe someone on this list can help me? Thanks a lot! Björn __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Convert symmetrically encrypted content to base64
Hi, I think I did it way too complicated. I think the problem was that I always tried to mimic some openssl php code I know, but I think the solution I have now is much easier and standard complained: void Encryption::generateUserKeys(QString password) { RSA *rsa; EVP_PKEY *pkey; int bits = 1024; unsigned long exp = RSA_F4; QMapQString, QString keypair; rsa = RSA_generate_key(bits, exp, NULL, NULL); pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); keypair = key2pem(rsa, password); RSA_free(rsa); sendUserKeysToServer(keypair); } QMapQString, QString Encryption::key2pem(RSA *rsa, QString password) { QMapQString, QString keypair; BUF_MEM *bptr; BIO *pubBio = BIO_new(BIO_s_mem()); BIO *privBio = BIO_new(BIO_s_mem()); PEM_write_bio_RSA_PUBKEY(pubBio, rsa); PEM_write_bio_RSAPrivateKey(privBio, rsa, EVP_aes_128_cfb(),NULL, 0, 0, password.toLocal8Bit().data()); BIO_get_mem_ptr(pubBio, bptr); char *pubKey = (char *)malloc(bptr-length+1); memcpy(pubKey, bptr-data, bptr-length); pubKey[bptr-length] = 0; BIO_get_mem_ptr(privBio, bptr); char *privKey = (char *)malloc(bptr-length+1); memcpy(privKey, bptr-data, bptr-length); privKey[bptr-length] = 0; keypair[privatekey] = QString(privKey); keypair[publickey] = QString(pubKey); BIO_free_all(pubBio); BIO_free_all(privBio); return keypair; } Please feel free to commend on it if you think there is still something to improve. best wishes, Björn -- Björn Schießle bjo...@schiessle.org www: http://schiessle.org gnupg key: 0x0x2378A753E2BF04F6 fingerprint: 244F CEB0 CB09 9524 B21F B896 2378 A753 E2BF 04F6 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: [FWD] BUG: base64
From: owner-openssl-us...@openssl.org On Behalf Of Lutz Jaenicke Sent: Friday, 29 June, 2012 15:10 Forwarded to openssl-users for public discussion (attachment: 80-char lines of base64 that didn't decode) OpenSSL BIO_f_base64 by default tries to nearly enforce the MIME limit of 76 encoded chars per line, and your 80 fails. Unfortunately it usually doesn't report this as an error; the code is too complicated for me to easily see why not. Break it into lines shorter than 80, or put it all in one big line and use BASE64_NO_NL (or commandline enc -A), and OpenSSL works. (By default OpenSSL *generates* the safer PEM limit of 64.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
[FWD] BUG: base64
Forwarded to openssl-users for public discussion Best regards, Lutz -- Lutz Jaenicke jaeni...@openssl.org OpenSSL Project http://www.openssl.org/~jaenicke/ ---BeginMessage--- I found a possible bug with base64 decoding, the following block can't be decoded by openssl: IpNxhjGxdGInsW02lYU/fM/GEobiwQTkaRypNb7LnNJ1W1qj2QYbTm2vFEL28LX+BRL84Ns44w9jnj0n qVlHWDhqbHXBGvxYYkR/39FWnFjY5oQRoGGT5m7A7pPJyey+bmKiT2e/+/MMawCu4zybYzFnGH7UXPww g4AA6NB8o8fWcBvYaMlPfKZ7fGeXBl0TRzArxlE9sbZeYzBogZ9mXPYzHZDfjwFUYnrTpEvXg5SdMr7e SHVLPgB6kbyHKT1p+Ks4a1whZxiOCsup6YnH2hBoa5G21CKnFwNtNO312MmgjR911DiOfagn5x+h347U 7RXO7+frqYIwkuvZJIpLHoW1AXqTp4Dlgr01IGnFts0ZXsXYUTlWaikK4dyVfqAyclCSdBo1pLJru1X2 TFDOCa1Z4QWPooKSuFICGjgi6ElYFy4BETDZScSn3nviARThQn8VKT3gvFLictlw7inkd6fS0HZC4XV3 GaGXpOwc7gvXzDPAU85A+aK03BQI/usfK9w7eukTwP4/6fZHIyTt29VI54vpCPWQ+gmyR5uaKnS/6HBs ZG9i3C9qWc1JxolsdNGZtpE7omeuI/s68YiC3m16u5B/+BNbFwLtLgr4IPivXeRFXcPEzI37Fw6M1oRZ dmhGk6exFHlpBtwB012++geQHOmAqPFQ+UKvYsQm3dSOR6L7wsLC8NNiZH/ZLjVCERRU2CtJrhSLLyQ2 8P6dbuDaY2p0aAGcrNSI413Ey71fL0bAYjGOWnSeYFW2tX02vrocnMqcDbpZSv2dx0JZRSsOMvuoO8XV U0QOLoQMFgt5qLQqRQni3XDYMtGTTX4qncS94JVv49iRYBihn9UPz1ULS+08zeoo8HCrOtSUmgVvqntv aB+CSrYsut3ZcgME22IB6gECBySUNIYwSlhVgo45bWJ0/KFDe9oXvGtJ http://pastebin.com/raw.php?i=nrnQgAhq However it is possible to decode it with base64_decode (from php), base64 (from gnu utils) and libb64 (from Chris Venter) -- Paco ---End Message---
How to properly base64-encode a buffer
I have this buffer given: unsigned char *buffer; int buffer_length; This is how I currently convert it to a base64-encoded buffer: --- BIO *mem = BIO_new(BIO_s_mem()); BIO *b64 = BIO_new(BIO_f_base64()); mem = BIO_push(b64, mem); int write_length = BIO_write(mem, buffer, buffer_length); if (write_length != buffer_length) //* return -1; int flush_result = BIO_flush(mem); if (flush_result != 1) return -1; unsigned char *result; //** int result_length = BIO_get_mem_data(mem, result); //use the base64-encoded result to do whatever I need to do BIO_free_all(mem); return 0; --- So far, this seems to be working. However, is this good and robust code? I have particular questions about the code pieces marked with asterisks above: *: Is it correct to assume that BIO_write() will always write out the whole base64 encoded string at once, or do I have to create a loop here? **: Is it correct to have the type unsigned char* or must I use char * instead? -- View this message in context: http://old.nabble.com/How-to-properly-base64-encode-a-buffer-tp32995002p32995002.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Missing data trying to Base64 Decode a AES-256-CBC encrypted file
From: owner-openssl-us...@openssl.org On Behalf Of Craig Sent: Monday, 21 November, 2011 11:56 I'm fairly new to C/C++ so please bear with me. Warning: beware of people who tell you C++ is a superset of C. It's not. C++, deliberately, includes MOST of C -- maybe 80-90%, depending how you count -- but NOT all. So in some cases it matters which you are using. I'm having issues base64 decoding files that have been encrypted using AES-256-CBC and the base64 encoded. I'm using the following code to base64 decode and this works fine on plain text files that have been base64 encoded. char * base64Decode(unsigned char * input, int length) { BIO *b64, *bmem; char * buffer = (char *) malloc(length); memset(buffer, 0, length); b64 = BIO_new(BIO_f_base64()); bmem = BIO_new_mem_buf(input, length); bmem = BIO_push(b64, bmem); BIO_read(bmem, buffer, length); BIO_free_all(bmem); return buffer; } Nit: the cast on malloc is not needed in correct C (if your compiler complains, you didn't #include stdlib.h and just throwing in a cast is NOT the correct solution); in C++ it is better to use 'new' and 'delete' instead (which don't need any casts). Note that a base64 decoded result will ALWAYS be smaller than the input, so malloc'ing for length is more than you actually need. However, the computation of exactly what you need can be a little tricky, and usually it's better to err on the side of too much than too little. The returned char is always much smaller than expeted for files that have been encrypted. I do pass the correct encoded data size along with the data What makes you think it's smaller? Are you trying to treat the decoded but still encrypted data as a C string? It's not. It's raw binary data that usually and in your case contains 'null' characters (byte value zero) which terminate a string. With modern (WW2) ciphers even unencrypted/clear data CAN be any binary data, although you may choose in your application(s) to encrypt only C strings, or only printable ones. The return value from BIO_read is the number of bytes read, which for BIO_f_base64 is the number of bytes decoded, or negative for error. Check and use that. If you are using C++, you CAN put binary data in a std::string, which is NOT the same as a C OR C++ char* string. There is no standard or builtin way, in either language, to return a pointer (char*) plus count together. You can: - pass the (already-allocated) buffer and return the length - return the newly-allocated pointer and store the length to an argument (that is, through a pointer argument) - return the length and store the newly-allocated pointer to an argument - return an error code/status, or nothing, and store both length and newly-allocated pointer to arguments - return a struct you declare containing pointer and length - store to an argument struct ditto - more complicated possibilities snip rest __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Conversion of RSA Encrypted message to Base64 format !!!
Hi, I have done the RSA encryption program. Now I want to convert that encrypted message to BASE64 message inorder to send the message via socket. I am trying the following sample code which converts Hello World to Base64 format and *printing in console* ( stdout). *How can I use the funtion BIO_new_fp(stdout, BIO_NOCLOSE) to print the value to another character array instead of stdout? If not this, which Bio_ function I can use so that it will convert to Base64 and put it in char buffer ?? * ** #include stdio.h #include openssl/bio.h #include openssl/evp.h int main(int argc, char *argv[]) { printf(Hello, world\n); BIO *bio, *b64; char message[] = Hello World \n; b64 = BIO_new(BIO_f_base64()); bio = BIO_new_fp(stdout, BIO_NOCLOSE); //bio = BIO_new_mem_buf( bio = BIO_push(b64, bio); BIO_write(bio, message, strlen(message)); BIO_flush(bio); BIO_free_all(bio); return 0; } Thanks, Pattabi.
Re: Conversion of RSA Encrypted message to Base64 format !!!
On 20 Apr 2011, at 3:01 AM, pattabi raman wrote: How can I use the funtion BIO_new_fp(stdout, BIO_NOCLOSE) to print the value to another character array instead of stdout? If not this, which Bio_ function I can use so that it will convert to Base64 and put it in char buffer ?? I think you want to use a memory BIO, e.g. BIO_new(BIO_s_mem()). If your C library has the funopen() call, you could use that to write to a memory buffer using BIO_new_fp(), but that seems silly. :) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Base64 Encoding and Decoding error
From: owner-openssl-us...@openssl.org On Behalf Of Vinay Kumar L Sent: Tuesday, 01 March, 2011 23:42 Thanks for your reply, but OpenSSL Base64 decoding api returns NULL on passing Base64 encoded data. The code snippet is as follows: I very much doubt it returns NULL. NULL in C is a null POINTER (pedantically, a null pointer CONSTANT). Your code will return a string of zero characters, i.e. an empty string. In general this is sometimes called a null STRING but in C that's confusing because a null string is not a null pointer. (And FWIW in SQL a NULL value is not an empty string either, although some user tools will DISPLAY it as such.) Also, the byte that terminates a C (narrow) string is a null character or null byte, sometimes called NUL (note 3 letters). But this character is not IN the string, it is AFTER the string. int main(int argc, char **argv) { char *output = unbase64(dGVzdGVuY29kaW5nCg==, strlen(dGVzdGVuY29kaW5nCg==)); Your real problem is that the ENCODING should have terminating newline. See below. (The encoded/decoded DATA can include a newline or not, which as you have already seen changes the encoding, but often isn't even characters so the concept of newline doesn't apply.) printf(Unbase64: %s\n, output); free(output); } In C99 or C++ you must have at least a declaration of the function before the call. (You can have the definition which is also a declaration, by arranging your code 'bottom up'.) But in C89, the implicit declaration is 'returns int'. You should be unable to assign it to a char* without at least a warning. And even if you add a cast, it still won't work on some systems because the calling sequence is actually different. (Pedantically, initialization isn't assignment but it's sufficiently like.) In C (both C89 and C99) you can choose whether to use a prototype declaration (with parameter types) or a nonprototype aka KR1 declaration without. Prototypes are Better(tm). char *unbase64(unsigned char *input, int length) With a nonprototype (including implicit) declaration this is wrong. strlen() returns size_t, not int. On SOME systems size_t and int are actually the same size (and passed compatibly) and this 'accidentally' works. On some systems it doesn't work at all. (With a prototype it will be converted as long as the value is in range. If you have data long enough its length fits in size_t but not int, use size_t.) Technically unsigned-char* is not the same type as plain-char*, which is the value of the string literal above -- even on systems where plain-char is unsigned. In practice this will always work. However, since (valid) b64 data is always in a limited character set that is a subset of the 'basic execution' set, it usually makes sense to store it in array of plain-char, and pass it as pointer to same. OTOH the data encoded into and decoded from b64 is often binary (although your example isn't) so in general treating it as array of and pointer to unsigned-char is usually better. { BIO *b64, *bmem; char *buffer = (char *)malloc(length); Should check for failed allocation (returned null pointer) before using, but I'll assume this is only test/example code. The cast is not needed in C if you have #include'd stdlib.h as required; without that correct declaration the cast doesn't actually solve the problem on some systems, it just silences the warning because you lied to the compiler. In C++ the cast is needed if you use malloc but you shouldn't use malloc. memset(buffer, 0, length); Don't need this if you add just one null terminator in the right place. If you actually do need zero-fill, calloc() may be less inefficient. b64 = BIO_new(BIO_f_base64()); bmem = BIO_new_mem_buf(input, length); bmem = BIO_push(b64, bmem); BIO_read(bmem, buffer, length); You should use the return value of BIO_read. For the data above, the return value is zero, because by default b64BIO requires input to have the line terminators specified by PEM (always at the end, plus in the middle if 'too long') and similarly inserts them on output (which you don't have here). You can change this with BIO_set_flags (b64,BIO_FLAGS_BASE64_NO_NL) When successful, the return value is the number of bytes decoded, which is convenient for a number of things; in your case you want to treat the data as a null-terminated string, so that's the right place to insert a single null-character terminator. BIO_free_all(bmem); return buffer; } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager
RE: Base64 Encoding and Decoding error
From: Dave Thompson Sent: Thursday, March 03, 2011 10:35 PM To: openssl-users@openssl.org Also, the byte that terminates a C (narrow) string is a null character or null byte, sometimes called NUL (note 3 letters). But this character is not IN the string, it is AFTER the string. If we're being pedantic, the null character is part of the string as far as C is concerned.__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Base64 Encoding and Decoding error
Hi Jan, Thanks for your reply, but OpenSSL Base64 decoding api returns NULL on passing Base64 encoded data. The code snippet is as follows: int main(int argc, char **argv) { char *output = unbase64(dGVzdGVuY29kaW5nCg==, strlen(dGVzdGVuY29kaW5nCg==)); printf(Unbase64: %s\n, output); free(output); } char *unbase64(unsigned char *input, int length) { BIO *b64, *bmem; char *buffer = (char *)malloc(length); memset(buffer, 0, length); b64 = BIO_new(BIO_f_base64()); bmem = BIO_new_mem_buf(input, length); bmem = BIO_push(b64, bmem); BIO_read(bmem, buffer, length); BIO_free_all(bmem); return buffer; } The string *dGVzdGVuY29kaW5nCg==* on Base64 decoding should return *testencoding\n*, but the above code returns *NULL*. Please let me know the cause of Base64 returning NULL. Thanks Best Regards, Vinay Jan Steffens wrote: On Tue, Mar 1, 2011 at 7:00 AM, Vinay Kumar L vinaykuma...@globaledgesoft.com wrote: Encoding of string testencoding using base64 command: #base64 data.txt encode.txt data.txt - It contains only the string testencoding encode.txt - It contains encoded data #cat encode.txt dGVzdGVuY29kaW5nCg== This is actually the encoding for the string testencoding\n. Note the trailing newline, and check what your data.txt really contains. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Base64 Encoding and Decoding error
Hi All, I am doing Base64 encoding and decoding of a string testencoding using OpenSSL api *BIO_f_base64, *but when Base64 encoding is done for the same string using OpenSSL command *base64,* the last byte of encoded data will be different than the one generated using *BIO_f_base64 *api. Also the Base64 decoding api returns NULL. The code snippet is as follows: _ Encoding of string *testencoding* using *base64* command:_ *#base64 data.txt encode.txt* data.txt - It contains only the string *testencoding* encode.txt - It contains encoded data *#cat encode.txt dGVzdGVuY29kaW5nCg== *_Encoding of string *testencoding* using *BIO_f_base64* api: _ char str[]=testencoding; char *ptr; ptr=base64(str, strlen(str)); printf(Encoded string = %s\n, ptr); char *base64(const char *input, int32_t length) { BIO *bmem=NULL, *b64=NULL; char *buff; BUF_MEM *bptr; b64 = (BIO *)BIO_new(BIO_f_base64()); bmem = (BIO *)BIO_new(BIO_s_mem()); b64 = (BIO *)BIO_push(b64, bmem); BIO_write(b64, input, length); BIO_flush(b64); BIO_get_mem_ptr(b64, bptr); buff = (char *)malloc(bptr-length+1); memcpy(buff, bptr-data, bptr-length); buff[bptr-length] = 0; if(b64) BIO_free_all(b64); return buff; } The output of the above code snippet is : *dGVzdGVuY29kaW5n* _ Decoding of same encoded text* *_*_dGVzdGVuY29kaW5nCg== _*_using_*_ Base64 _*_openssl command: _*#base64 -d encode.txt decode.txt* encode.txt - It contains encoded data decode.txt - It contains decoded data *#cat decode.txt testencoding *_Decoding of same encoded text_*_ _*_*dGVzdGVuY29kaW5nCg *using* openssl api's: *_*char *unbase64(unsigned char *input, int length) * { BIO *b64=NULL, *bmem=NULL; FILE *ptr; char *buffer = (char *)malloc(length); memset(buffer,0,length); b64 = (BIO *)BIO_new(BIO_f_base64()); bmem = BIO_new_mem_buf(input, length); bmem = (BIO *)BIO_push(b64, bmem); BIO_read(bmem, buffer,length); if(bmem) BIO_free_all(bmem); return buffer; } When encoded data *dGVzdGVuY29kaW5nCg *is passed to the above function, it returns NULL. Please let me know why* BIO_read *is returning NULL on decoding and also why the last bytes of encoded data(using OpenSSL api) is different than the encoded data using openssl command. Thanks Best Regards, Vinay _* *_
Re: Base64 Encoding and Decoding error
On Tue, Mar 1, 2011 at 7:00 AM, Vinay Kumar L vinaykuma...@globaledgesoft.com wrote: Encoding of string testencoding using base64 command: #base64 data.txt encode.txt data.txt - It contains only the string testencoding encode.txt - It contains encoded data #cat encode.txt dGVzdGVuY29kaW5nCg== This is actually the encoding for the string testencoding\n. Note the trailing newline, and check what your data.txt really contains. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: B64_read_PKCS7 : Anyone modified the base64 reader to be more forgiving?
From: owner-openssl-us...@openssl.org On Behalf Of Harakiri Sent: Tuesday, 02 November, 2010 10:06 BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL) Output doesn't generate (any) linebreaks. Input doesn't REQUIRE them every 80, but does ALLOW them anywhere. Sorry, but it looks like I misled you. b64BIO NO_NL input doesn't allow breaks anywhere, only beginning and end of a *buffer*, but the QD test I built before didn't notice. When I constructed a case based on the data you posted, and debugged it, I found this. I now don't see any good solution to your problem other than correcting the input so that b64BIO accepts it. The apparent alternative would be to duplicate most of SMIME_read: parse the MIME, decode base64 more leniently, and parse that result as (DER) PKCS7. Yuck. Or you could change b64_read or even DecodeBlock. But b64BIO's and other b64 are used all over OpenSSL, and you'd have to verify your changes don't break other things -- at least other things you care about or may in the future. Personally I would be reluctant to risk that. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: B64_read_PKCS7 : Anyone modified the base64 reader to be more forgiving?
--- On Thu, 10/28/10, Dave Thompson dthomp...@prinpay.com wrote: From: Dave Thompson dthomp...@prinpay.com Subject: RE: B64_read_PKCS7 : Anyone modified the base64 reader to be more forgiving? To: openssl-users@openssl.org Date: Thursday, October 28, 2010, 7:00 PM From: owner-openssl-us...@openssl.org On Behalf Of Harakiri Sent: Thursday, 28 October, 2010 07:52 However, it would be easy to fix i guess - the base64 reader simply must ignore the rule that each line has to be a certain length. BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL) Output doesn't generate (any) linebreaks. Input doesn't REQUIRE them every 80, but does ALLOW them anywhere. Thanks for your reply, that does look like a good idea - however you say that the output doesnt generate any newlines either - well this not wanted because after decryption/verification the output generated by the CMD would then contain an invalid encoded message if the base64 block is just one line with no new lines. Is BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL) a global variable? Maybe it would be possible to set this to ignore NL/errors for reading but reset it again for writing the resulting message ? Alternatively, instead of using a BIO directly on the message as received, you could first correct it by just breaking any overlong base64 line(s); instead of actually parsing MIME maybe you can assume nonheader nonmarker is base64 body. If it fits in memory you can just read it in and fix it, then point to that in a memBIO you give to SIME_read_. If not you probably have to make a BIO_pair and a thread that feeds your end with corrected data while OpenSSL consumes the other end. That sounds pretty complicated actually, and i dont want to pipe it into memory, it should work for streaming (as the default) so it can handle very large messages too. Thanks for your reply. Regards __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: B64_read_PKCS7 : Anyone modified the base64 reader to be more forgiving?
--- On Thu, 10/28/10, Dave Thompson dthomp...@prinpay.com wrote: From: Dave Thompson dthomp...@prinpay.com Subject: RE: B64_read_PKCS7 : Anyone modified the base64 reader to be more forgiving? To: openssl-users@openssl.org Date: Thursday, October 28, 2010, 7:00 PM From: owner-openssl-us...@openssl.org On Behalf Of Harakiri Sent: Thursday, 28 October, 2010 07:52 BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL) Output doesn't generate (any) linebreaks. Input doesn't REQUIRE them every 80, but does ALLOW them anywhere. i tried this - however it does not work - i patched the method in question static PKCS7 *B64_read_PKCS7(BIO *bio) { BIO *b64; PKCS7 *p7; if(!(b64 = BIO_new(BIO_f_base64( { PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE); return 0; } printf(Testing..); BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL); bio = BIO_push(b64, bio); if(!(p7 = d2i_PKCS7_bio(bio, NULL))) PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); BIO_flush(bio); bio = BIO_pop(bio); BIO_free(b64); return p7; } I used a simple smime signed message where the last base64 line was faulty: DhBgOxHXEhy/CzkNjQysNxJQ492WCybahjBwpRfJRU3i0qwW1SBG+7XL4lEZ2CfaOdheE2yM3Ooo the last 4 A should be in the next line However, now another error is returned (header too long) 24073:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150: 24073:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142: 24073:error:2107A08C:PKCS7 routines:SMIME_read_PKCS7:pkcs7 sig parse error:pk7_mime.c:349: previously it was the not enough data error 24091:error:0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data:a_d2i_fp.c:238: 24091:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:140: 24091:error:2107A08C:PKCS7 routines:SMIME_read_PKCS7:pkcs7 sig parse error:pk7_mime.c:347: Any ideas ? Putting the 4 A in the last line fixed it so the base64 itself is technically OK. Thanks __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
B64_read_PKCS7 : Anyone modified the base64 reader to be more forgiving?
I'm getting alot of wrongly encoding mails lately from different sources, they have base64 lines which exceeds the standard. I.e. in between one line is 4 characters longer, then the next lines are all shifted by these 4 characters. i.e. 3/BExiJWU6pKjH8JFebBYjHyYYbVYdIqpm6HeKJd2QdGIWXqaUacDXdEZ582wBvtpiqd/IsP9zwn DhBgOxHXEhy/CzkNjQysNxJQ492WCybahjBwpRfJRU3i0qwW1SBG+7XL4lEZ2CfaOdheE2yM3Ooo this can happend at either the end of the message or somewhere in the middle. I know openssl is not to blame of creating invalid base64 blocks for mime messages. However, it would be easy to fix i guess - the base64 reader simply must ignore the rule that each line has to be a certain length. So anyone already done the task on modifying the base64 reader for smime messages? I tracked it to crypto/pkcs7/pk7_mime.c function *B64_read_PKCS7 static PKCS7 *B64_read_PKCS7(BIO *bio) { BIO *b64; PKCS7 *p7; if(!(b64 = BIO_new(BIO_f_base64( { PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE); return 0; } bio = BIO_push(b64, bio); if(!(p7 = d2i_PKCS7_bio(bio, NULL))) PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); BIO_flush(bio); bio = BIO_pop(bio); BIO_free(b64); return p7; } im not certain at which point i have todo the change tho. BTW: One popular offender of invalid base64 encodings is blackberry clients, messages which are signed AND encrypted are very funny. The original encrypted message has the correct base64 encoding, however after decrypting and seeing the signed messages - there are no newlines in the base64 block - the base64 is just one freaking long line. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: B64_read_PKCS7 : Anyone modified the base64 reader to be more forgiving?
From: owner-openssl-us...@openssl.org On Behalf Of Harakiri Sent: Thursday, 28 October, 2010 07:52 I'm getting alot of wrongly encoding mails lately from different sources, they have base64 lines which exceeds the standard. I.e. in between one line is 4 characters longer, then the next lines are all shifted by these 4 characters. However, it would be easy to fix i guess - the base64 reader simply must ignore the rule that each line has to be a certain length. BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL) Output doesn't generate (any) linebreaks. Input doesn't REQUIRE them every 80, but does ALLOW them anywhere. So anyone already done the task on modifying the base64 reader for smime messages? I tracked it to crypto/pkcs7/pk7_mime.c function *B64_read_PKCS7 No idea if anyone has. I see this area (SMIME/CMS) has changed substantially in 1.0.0 and it looks like this functionality is now in asn1/asn_mime.c but still using default NL setting. Alternatively, instead of using a BIO directly on the message as received, you could first correct it by just breaking any overlong base64 line(s); instead of actually parsing MIME maybe you can assume nonheader nonmarker is base64 body. If it fits in memory you can just read it in and fix it, then point to that in a memBIO you give to SIME_read_. If not you probably have to make a BIO_pair and a thread that feeds your end with corrected data while OpenSSL consumes the other end. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Blowfish Encrypt / Decrypt (also base64)
Hi, Ah yes... thanks for that Dave. Been doing C++ too much and a bit rusty on the nuances of pointer stuff... Anyway, I now have another issue. What I'm trying to do is to encrypt a password using blowfish, then base64 it for writing as a string into a config file (it has to be a plain ascii string - no binary - hence using b64). I then want to read in the string, UNbase64 it, then decrypt it to recover the correct password. I found the following... http://www.ioncannon.net/programming/34/howto-base64-encode-with-cc-and-openssl/ http://www.ioncannon.net/programming/122/howto-base64-decode-with-cc-and-openssl/ which are handy but I don't think this will work as it doesn't tell you the exact length of the decoded binary buffer - i.e it just uses the length of the input string which will always be longer than the actual binary for b64. I will need this for the decrypting to work correctly. Is it possible to get the exact length of the base64 decoded binary using the SSL library? Regards, Emyr On 15/10/10 21:16, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of emyr Sent: Friday, 15 October, 2010 12:23 The program fails when I try to decrypt an encrypted buffer and fails on the EVP_CipherFinal_ex() call. int do_crypt(unsigned char *inbuf, int inlen, unsigned char *outbuf, int *outlen, int do_encrypt) { outbuf=(unsigned char*) malloc(inlen+EVP_MAX_BLOCK_LENGTH); Asides: you need up to an extra block on CBC *encrypt*. You don't need extra space on *decrypt*, but it does no harm. And you don't need to cast the return of malloc if it has been properly declared by #include'ingstdlib.h which it should be; there are some systems where the C89-default declaration as int() doesn't work, and on C99 'implicit int' is gone altogether. snip: EVP setup, Update if(!EVP_CipherFinal_ex(ctx, outbuf+db,tmplen)) { Whenever you get an error from libcrypto routines (and in most cases libssl routines also) you should display the OpenSSL error queue. The simplest way is just call ERR_print_errors_fp(stderr); after having done SSL_load_error_strings() at startup. Or there are more customizable options. int main(int argc, char **argv) { char *plain=the quick brown fox jumps over the lazy dog; int plain_len=strlen(plain); printf(plain_len=%d\n,plain_len); unsigned char *cipher; int cipher_len; printf(* ENCRYPT *\n); if (!do_crypt((unsigned char*) plain, strlen(plain), cipher, cipher_len, 1)) { printf(failed to encrypt\n); return 1; } printf(cipher_len=%d\n,cipher_len); But this is your problem. You call do_crypt(1) with an uninitialized output pointer 'cipher'. do_crypt allocates the buffer and puts the data there, but 'cipher' in main() has no idea about this buffer so ... char *decrypt; int decrypt_len; printf(* DECRYPT *\n); if(!do_crypt(cipher, cipher_len, decrypt,decrypt_len, 0)) { printf(failed to decrypt\n); return 1; } ... this call at best passes garbage to be decrypted, and could easily even cause SEGV or similar faults. And similarly even if 'cipher' had been good on that call 'decrypt' wouldn't be for the same reason. And if decrypt really is char*, the compiler should have required a cast to unsigned char* there (like for plain in the encrypt call). printf(decrypt=\%s\\n,decrypt); printf(decrypt_len=%d\n,decrypt_len); return 0; See www.c-faq.com number 4.8. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Blowfish Encrypt / Decrypt (also base64)
From: owner-openssl-us...@openssl.org On Behalf Of emyr Sent: Monday, 18 October, 2010 07:33 Anyway, I now have another issue. What I'm trying to do is to encrypt a password using blowfish, then base64 it for writing as a string into a config file [and reverse] http://www.ioncannon.net/programming/34/howto-base64-encode-wi th-cc-and-openssl/ http://www.ioncannon.net/programming/122/howto-base64-decode-w ith-cc-and-openssl/ Those have a lot of unnecessary headers, and are oddly asymmetric: encode chops the last char, which will always be a newline, but the decode example has the newline plus a useless null. Personally I consider it a waste of effort to go through the BIO structure unless you're streaming, or un/base64ing a whole file that is conveniently or even better accessed by BIO. When you do, b64BIO output by default generates and b64BIO input by default REQUIRES a newline at the end, and intermediate ones depending on the length of the data. This is correct for the PEM (S/)MIME and HTTP formats where base64 is most widespread, but often inconvenient for things like a 'string in a config file', so you may want/need to BIO_set_flags(b64bio,BIO_FLAGS_BASE64_NO_NL). which are handy but I don't think this will work as it doesn't tell you the exact length of the decoded binary buffer - i.e it just uses the length of the input string which will always be longer than the actual binary for b64. I will need this for the decrypting to work correctly. Is it possible to get the exact length of the base64 decoded binary using the SSL library? Yes, that code fails to capture the decoded length. Using b64BIO like that, the number of bytes decoded is the return from BIO_read. (In general, the return from BIO_read is the data read; for b64BIO, data read is bytes decoded from chars read from the underlying BIO; for b64BIO/memBIO-in, it's bytes decoded from chars in the buffer.) Personally for small in-memory without newlines like this, I just call EVP_{Encode|Decode}Block. (Or in cases where openssl isn't convenient, use my own code; it's only about 10 lines to encode and 20 to decode.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Can't get RSA object from .pem file after base64 decoding it
Here's another approach for the same porpuse and it seems to work!, can you please help me to optimize my implementation? Thanks in advance. void encryptThis () { FILE *fp; RSA *rsa_rpu=NULL; fp = fopen([[[NSBundle mainBundle] pathForResource:@publickey ofType:@ pem]UTF8String],r); rsa_rpu = PEM_read_RSA_PUBKEY(fp,NULL, NULL, NULL); if (rsa_rpu==NULL){ printf(Reading of public key failed); } else{ printf(Reading of public key successful); } const char text[] = Aloha vengo de implementar RSA encryption!!!; unsigned char encrypted[2560] = { 0 }; int resultEncrypt = 0; resultEncrypt = RSA_public_encrypt ( strlen(text) + 1 , (unsigned char *)text, encrypted, rsa_rpu, RSA_PKCS1_OAEP_PADDING ); NSLog(@%d from encrypt., resultEncrypt); //This line prints 128 NSLog(@encrypted message %i, (int)encrypted); //Here I get a large negative number (- 974687...) if (resultEncrypt == -1){ printf(encryption failed ); } else{ printf(Encryption success); } } 2010/7/9 Dave Thompson dthomp...@prinpay.com From: owner-openssl-us...@openssl.org On Behalf Of Carlos Saldaña Sent: Friday, 09 July, 2010 12:48 Thanks for answer Dave, Actually what I'm trying to do is encode messages using the public key presumably encoded in a .pem file. I checked the contents of this .pem file and ir has the -BEGIN PUBLIC KEY- and -END PUBLIC KEY- headers. I fixed my code to take away this headers and then base64 decode the string. Okay, that's simple enough. Note that your security relies on the authenticity and integrity of the pubkey file -- if (any of) your users can be convinced to install/use a bogus file, their 'secret' data is exposed. If anyone besides you will use this system, make sure this limitation is acceptable to them. And bear in mind that user representatives like managers usually promise that people will follow rules perfectly, and those promises are almost always broken. I'm new to this technology of using openssl and using certificates, this is the code I've buit, so far I don't get any RSA object from the d2i_RSAPublicKey function: snip: get publickey.pem, trim whitespace, drop BEGIN/END lines, trim again looks reasonable to me; I don't know ObjC/NS details but I assume you can see with a debugger that this produces the correct string in memory const char *base64Text = [unlabeledEndPemString cStringUsingEncoding:[NSString defaultCStringEncoding]]; char *unBase64Text = unbase64((unsigned char *)base64Text, strlen(base64Text)); //Create a new RSA instance int dataLengt = strlen(unBase64Text); RSA *anRSA = d2i_RSAPublicKey(0, (unsigned char **)unBase64Text, dataLengt); As I mostly said before: 1. unbase64 of a .pem file body block gives DER which is binary data containing zero/nulls and strlen will not give the correct length. (And if you don't give the correct length OpenSSL can't decode it.) 2. It's better to treat DER as unsigned char (as you do for the plaintext and ciphertext below). C will mostly let you 'cheat' on signed/unsigned/plain, but DER data is in fact unsigned bytes. 3. The contents of a BEGIN/END PUBLIC KEY are NOT an RSAPublicKey object. They are a PublicKeyInfo object CONTAINING a (labelled) RSAPublicKey. OpenSSL can only decode a DER if you tell it the correct type. See below. unsigned char cleartext[2560] = A; unsigned char encrypted[2560] = { 0 }; int resultEncrypt = 0; NSLog(@here); resultEncrypt = RSA_public_encrypt ( 1 , cleartext, encrypted, anRSA, RSA_PKCS1_OAEP_PADDING ); NSLog(@%d from encrypt., resultEncrypt); The (raw) result of RSA encryption is as big as the key size. Key sizes 2560 are possible though unusual. To avoid buffer overflow and possible exploit of your system, you should either check that the size of the key you read is not too big, or allocate the output buffer using the actual key size. Well, after all this the long question I think is: am I calling the right functions to encrypt and send back a message using the public key that's inside a .pem file? Once you get the key correctly it should encrypt. Direct RSA encryption with OAEP is limited to 'message' sizes of the key size minus about 200 bits (I don't remember the exact number but you'll get an error when you hit it). For most schemes for most people this is unacceptable and the usual practice is to encrypt the data with a symmetric cipher (e.g. AES) under a random key (called Data Encrypting Key, DEK) and encrypt and transport that DEK under under the RSA key (Key Encrypting Key, KEK) and transport with the data. The approach you are using works if both/all ends agree, but you probably won't interoperate with anybody else. Thanks in advance. 2010/7/8 Dave Thompson dthomp...@prinpay.com Even if unBase64Text
Re: Can't get RSA object from .pem file after base64 decoding it
2010/7/12 Carlos Saldaña saldana...@gmail.com unsigned char encrypted[2560] = { 0 }; int resultEncrypt = 0; resultEncrypt = RSA_public_encrypt ( strlen(text) + 1 , (unsigned char *)text, encrypted, rsa_rpu, RSA_PKCS1_OAEP_PADDING ); NSLog(@%d from encrypt., resultEncrypt); //This line prints 128 NSLog(@encrypted message %i, (int)encrypted); //Here I get a large negative number (- 974687...) if (resultEncrypt == -1){ printf(encryption failed ); } else{ printf(Encryption success); } I don't know ObjC, but when it doesn't deviate too much from C/C++, then the %i (- 974687...) is you printing the address of 'encrypted' as an integer, which can be any kind of number on any platform, and that's not exactly informative. ;-) (Name of array variable functions as pointer/reference, when used without the [] index brackets) Anyway, to see the encrypted data, I'd suggest hexdumping the stuff like, for instance, so: printf(crypted data dump (len = %d):\n, resultEncrypt); for (int i = 0; i resultEncrypt; i++) { printf(%02X , encrypted[i]); } or whatever the equivalent of that bit of C code would read in ObjC/NS. (NSLog() ~ printf(), I take it?) Be reminded that the encryption process can only be truly called 'successful' iff you also happen to have code (and complementary key) which performs the /decryption/ process so that you get your original message a.k.a. 'plaintext' back. For that, your partners should have provided you with a key pair for testing purposes (or you might have received directions how to roll your own keypair in a way 100% compatible with theirs). -- Met vriendelijke groeten / Best regards, Ger Hobbelt -- web:http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 --
RE: Can't get RSA object from .pem file after base64 decoding it
From: owner-openssl-us...@openssl.org On Behalf Of Carlos Saldaña Sent: Monday, 12 July, 2010 10:50 Here's another approach for the same porpuse and it seems to work!, can you please help me to optimize my implementation? Do you mean 'optimize' as just 'make better', or in the specific (and common) sense of 'highest performance' or specifically 'fastest'? I make some comments below on good (in my opinion) coding. For speed: if you will do multiple encryptions per program/process, it will save a little time if you read/parse the key once and save and re-use it. But most of your encryption time will be in the actual RSA computation, and you can't reduce that. Except by using a smaller key, which would be insecure; even RSA 1024 is now being worried about a little by experts. Or by going to the symmetric + RSA scheme as previously described and again below, since then you only need one RSA for any amount of data that is going together from the same source to the same destination. void encryptThis () { FILE *fp; RSA *rsa_rpu=NULL; fp = fopen([[[NSBundle mainBundle] pathForResource:@publickey ofType:@pem]UTF8String],r); rsa_rpu = PEM_read_RSA_PUBKEY(fp,NULL, NULL, NULL); if (rsa_rpu==NULL){ printf(Reading of public key failed); } Yes, I was focussed on your questions as stated and forgot to mention that just using PEM_read_ routine(s) is another and simpler approach. Should check if fp is null (fopen failed) before calling PEM_read_. If it failed, look at errno (usually with strerror or perror). And either return or skip the rest, see below. Aside- I'm guessing the NS stuff means MacOSX? Just in case you are (or this program will be) on Windows, *if* you use DLLs not a static library, there are some issues about passing C library FILE pointers across modules, including to OpenSSL here. In that case it can be easier to create a BIO to read the file and use PEM_read_bio_ to read from the BIO, instead of reading from the file directly. If the PEM_read_ return is null, I repeat my suggestion to look at the error queue, see FAQ #PROG6. That's much more likely to help you or even a user solve the problem than just failed. And you should not continue into code which tries to use the nonexistent key; either return early, or put the alternative within the else branch. (This is a coding style issue, where the second way is commonly called 'single-entry single-exit' aka SESE; some people have strong opinions on the subject, but this isn't the place to discuss them.) In fact, you might want to make this function return a value that indicates success or error (and possibly which error) (not void) so the caller can proceed differently (if appropriate). else{ printf(Reading of public key successful); } const char text[] = Aloha vengo de implementar RSA encryption!!!; unsigned char encrypted[2560] = { 0 }; int resultEncrypt = 0; resultEncrypt = RSA_public_encrypt ( strlen(text) + 1 , (unsigned char *)text, encrypted, rsa_rpu, RSA_PKCS1_OAEP_PADDING ); NSLog(@%d from encrypt., resultEncrypt); //This line prints 128 That is the length of the encrypted data, in bytes. The key you are using is apparently 1024 bits. Note the most data you can encrypt per call is keysize=128 - about 40 bytes overhead = about 85 bytes. NSLog(@encrypted message %i, (int)encrypted); //Here I get a large negative number (- 974687...) It's not an int. It's 'resultEncrypt' bytes, here 128. Do something with the bytes. Maybe you want to send them to your server. Maybe you want to base64 them and send that to the server, maybe with some tags. Maybe you want to convert them into XML and send that to the server. What does the server want? What do you or your boss/customers/users want? If you do need to encrypt more data than fits in one key-sized call, you and the server will need some protocol to deal with it. As noted, most people instead symmetric-encrypt (e.g. AES) the data (which has no limit, or extremely large limits like exabytes(?)) and only RSA-encrypt the symmetric key, so don't have this issue. if (resultEncrypt == -1){ printf(encryption failed ); } else{ printf(Encryption success); } } Same about error handling, although an error here is less likely. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Can't get RSA object from .pem file after base64 decoding it
Thanks for answer Dave, Actually what I'm trying to do is encode messages using the public key presumably encoded in a .pem file. I checked the contents of this .pem file and ir has the -BEGIN PUBLIC KEY- and -END PUBLIC KEY- headers. I fixed my code to take away this headers and then base64 decode the string. I'm new to this technology of using openssl and using certificates, this is the code I've buit, so far I don't get any RSA object from the d2i_RSAPublicKey function: //Get the .pem file contents NSString *path = [[NSBundle mainBundle] pathForResource:@publickey ofType:@pem]; NSString *labeledPemString = [[NSString alloc] initWithContentsOfFile:path encoding:NSUTF8StringEncoding error:nil]; //Take off new lines and white spaces NSCharacterSet *newLineCSet = [NSCharacterSet whitespaceAndNewlineCharacterSet]; NSString *newLinesOffLabeledPemString = [labeledPemString stringByTrimmingCharactersInSet:newLineCSet]; //Take off -BEGIN PUBLIC KEY- and -END PUBLIC KEY- headers //First get begin range NSRange beginHeaderRange = [newLinesOffLabeledPemString rangeOfString:@-BEGIN PUBLIC KEY-]; //Trim text NSString *unlabeledBeginPemString = [newLinesOffLabeledPemString substringFromIndex:(beginHeaderRange.location + beginHeaderRange.length)]; //Now the end header range NSRange endHeaderRange = [unlabeledBeginPemString rangeOfString:@-END PUBLIC KEY-]; //Trim again NSString *unlabeledEndPemString = [unlabeledBeginPemString substringToIndex:endHeaderRange.location]; //Un-base64 decode remainig pem representation const char *base64Text = [unlabeledEndPemString cStringUsingEncoding:[NSString defaultCStringEncoding]]; char *unBase64Text = unbase64((unsigned char *)base64Text, strlen(base64Text)); //Create a new RSA instance int dataLengt = strlen(unBase64Text); RSA *anRSA = d2i_RSAPublicKey(0, (unsigned char **)unBase64Text, dataLengt); unsigned char cleartext[2560] = A; unsigned char encrypted[2560] = { 0 }; int resultEncrypt = 0; NSLog(@here); resultEncrypt = RSA_public_encrypt ( 1 , cleartext, encrypted, anRSA, RSA_PKCS1_OAEP_PADDING ); NSLog(@%d from encrypt., resultEncrypt); Well, after all this the long question I think is: am I calling the right functions to encrypt and send back a message using the public key that's inside a .pem file? Thanks in advance. 2010/7/8 Dave Thompson dthomp...@prinpay.com From: owner-openssl-us...@openssl.org On Behalf Of Carlos Saldaña Sent: Thursday, 08 July, 2010 18:51 I'm to openssl and PKI in general and got a problem whit decrypting in my application. My partners provided me with two files: publickey.x509 and publickey.pem to find a wy to send messages between server and my client application. Do you want to do this with SSL by calling openssl? Or are you trying to re-implement SSL, or some other (likely bad) protocol, yourself? If you call openssl, you don't need to decode any of these files, just give the correct files to openssl in the correct places. So far I've dicovered that .pem files are just base64 encoded DER files, DER is the encoding for x509 files that contain the publickey among other information. Only partly right. .pem files are (just) base64 of DER *plus BEGIN/END lines plus in some cases a few more header lines*. Those can be important. DER is part of a general-purpose international standard ASN.1, and is the encoding for many different things used in openssl. (And in other applications also, not relevant here.) An X.509 certificate is *ONE* thing that is encoded in DER, *or* in PEM-armored-DER. (There are other things in X.509, like CRLs, that you almost certainly don't care about. When people just say X.509, they mean an X.509 cert.) If you are doing an SSL server, using common web ciphersuites, you need a *private key* and a (matching) *X.509 certificate*. The cert contains the public key, plus additional data. We can't tell just from the file names what those files contain. They might have given you the cert in publickey.x509 (either PEM or DER) and the *privatekey* in publickey.pem, although that would be a poor name. A file containing only the publickey is possible, but useless. Presumably publickey.pem *is* PEM; what type is in its BEGIN line? I have the following code: //Get the .pem file contents NSString *path = [[NSBundle mainBundle] pathForResource:@ publickey ofType:@pem]; NSString * pemString = [NSString stringWithContentsOfFile:path encoding:NSUTF8StringEncoding error:nil]; const char *base64Text = [pemString cStringUsingEncoding:[NSString defaultCStringEncoding]]; I don't know much ObjectiveC, or any NextStep; does that remove the labels? //Base64 decode to obtain a DER representation char *unBase64Text = unbase64((unsigned char *)base64Text, strlen(base64Text)); int dataLength = strlen(unBase64Text); Even
RE: Can't get RSA object from .pem file after base64 decoding it
From: owner-openssl-us...@openssl.org On Behalf Of Carlos Saldaña Sent: Friday, 09 July, 2010 12:48 Thanks for answer Dave, Actually what I'm trying to do is encode messages using the public key presumably encoded in a .pem file. I checked the contents of this .pem file and ir has the -BEGIN PUBLIC KEY- and -END PUBLIC KEY- headers. I fixed my code to take away this headers and then base64 decode the string. Okay, that's simple enough. Note that your security relies on the authenticity and integrity of the pubkey file -- if (any of) your users can be convinced to install/use a bogus file, their 'secret' data is exposed. If anyone besides you will use this system, make sure this limitation is acceptable to them. And bear in mind that user representatives like managers usually promise that people will follow rules perfectly, and those promises are almost always broken. I'm new to this technology of using openssl and using certificates, this is the code I've buit, so far I don't get any RSA object from the d2i_RSAPublicKey function: snip: get publickey.pem, trim whitespace, drop BEGIN/END lines, trim again looks reasonable to me; I don't know ObjC/NS details but I assume you can see with a debugger that this produces the correct string in memory const char *base64Text = [unlabeledEndPemString cStringUsingEncoding:[NSString defaultCStringEncoding]]; char *unBase64Text = unbase64((unsigned char *)base64Text, strlen(base64Text)); //Create a new RSA instance int dataLengt = strlen(unBase64Text); RSA *anRSA = d2i_RSAPublicKey(0, (unsigned char **)unBase64Text, dataLengt); As I mostly said before: 1. unbase64 of a .pem file body block gives DER which is binary data containing zero/nulls and strlen will not give the correct length. (And if you don't give the correct length OpenSSL can't decode it.) 2. It's better to treat DER as unsigned char (as you do for the plaintext and ciphertext below). C will mostly let you 'cheat' on signed/unsigned/plain, but DER data is in fact unsigned bytes. 3. The contents of a BEGIN/END PUBLIC KEY are NOT an RSAPublicKey object. They are a PublicKeyInfo object CONTAINING a (labelled) RSAPublicKey. OpenSSL can only decode a DER if you tell it the correct type. See below. unsigned char cleartext[2560] = A; unsigned char encrypted[2560] = { 0 }; int resultEncrypt = 0; NSLog(@here); resultEncrypt = RSA_public_encrypt ( 1 , cleartext, encrypted, anRSA, RSA_PKCS1_OAEP_PADDING ); NSLog(@%d from encrypt., resultEncrypt); The (raw) result of RSA encryption is as big as the key size. Key sizes 2560 are possible though unusual. To avoid buffer overflow and possible exploit of your system, you should either check that the size of the key you read is not too big, or allocate the output buffer using the actual key size. Well, after all this the long question I think is: am I calling the right functions to encrypt and send back a message using the public key that's inside a .pem file? Once you get the key correctly it should encrypt. Direct RSA encryption with OAEP is limited to 'message' sizes of the key size minus about 200 bits (I don't remember the exact number but you'll get an error when you hit it). For most schemes for most people this is unacceptable and the usual practice is to encrypt the data with a symmetric cipher (e.g. AES) under a random key (called Data Encrypting Key, DEK) and encrypt and transport that DEK under under the RSA key (Key Encrypting Key, KEK) and transport with the data. The approach you are using works if both/all ends agree, but you probably won't interoperate with anybody else. Thanks in advance. 2010/7/8 Dave Thompson dthomp...@prinpay.com Even if unBase64Text for dataLength is correctly the unbase64-ed data, it is *very* unlikely you have a file containing an RSAPublicKey structure. Openssl normally uses files containing a X.509 cert which contains a publickey for any of several algorithms, possibly with algorithm-dependent parameters; This part didn't apply to your case. or a PubKeyInfo structure which does similarly. For the latter you should use d2i_PUBKEY[_*] to get a generic EVP structure and then get the RSA part if necessary -- or just use the openssl EVP routines which take it as-is -- or use d2i_RSA_PUBKEY[_*] which just does those two for you. This part did. Except maybe the middle point -- I don't think there are EVP wrappings for just-RSA. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord
Can't get RSA object from .pem file after base64 decoding it
Hi, I'm to openssl and PKI in general and got a problem whit decrypting in my application. My partners provided me with two files: publickey.x509 and publickey.pem to find a wy to send messages between server and my client application. So far I've dicovered that .pem files are just base64 encoded DER files, DER is the encoding for x509 files that contain the publickey among other information. I have the following code: //Get the .pem file contents NSString *path = [[NSBundle mainBundle] pathForResource:@publickey ofType:@pem]; NSString * pemString = [NSString stringWithContentsOfFile:path encoding:NSUTF8StringEncoding error:nil]; const char *base64Text = [pemString cStringUsingEncoding:[NSString defaultCStringEncoding]]; //Base64 decode to obtain a DER representation char *unBase64Text = unbase64((unsigned char *)base64Text, strlen(base64Text)); int dataLength = strlen(unBase64Text); //Get RSA representation so we can encode messages to send back to the server RSA *anRSA = d2i_RSAPublicKey(0, (unsigned char **)unBase64Text, dataLength); So I stop the debugger here and notice that variable 'anRSA' is empty even tough: 'unBase64Text = some not-understandable data' and 'dataLength = 17' What could am I doing wrong? -- Greetings Carlos Saldaña Garcia
RE: Can't get RSA object from .pem file after base64 decoding it
From: owner-openssl-us...@openssl.org On Behalf Of Carlos Saldaña Sent: Thursday, 08 July, 2010 18:51 I'm to openssl and PKI in general and got a problem whit decrypting in my application. My partners provided me with two files: publickey.x509 and publickey.pem to find a wy to send messages between server and my client application. Do you want to do this with SSL by calling openssl? Or are you trying to re-implement SSL, or some other (likely bad) protocol, yourself? If you call openssl, you don't need to decode any of these files, just give the correct files to openssl in the correct places. So far I've dicovered that .pem files are just base64 encoded DER files, DER is the encoding for x509 files that contain the publickey among other information. Only partly right. .pem files are (just) base64 of DER *plus BEGIN/END lines plus in some cases a few more header lines*. Those can be important. DER is part of a general-purpose international standard ASN.1, and is the encoding for many different things used in openssl. (And in other applications also, not relevant here.) An X.509 certificate is *ONE* thing that is encoded in DER, *or* in PEM-armored-DER. (There are other things in X.509, like CRLs, that you almost certainly don't care about. When people just say X.509, they mean an X.509 cert.) If you are doing an SSL server, using common web ciphersuites, you need a *private key* and a (matching) *X.509 certificate*. The cert contains the public key, plus additional data. We can't tell just from the file names what those files contain. They might have given you the cert in publickey.x509 (either PEM or DER) and the *privatekey* in publickey.pem, although that would be a poor name. A file containing only the publickey is possible, but useless. Presumably publickey.pem *is* PEM; what type is in its BEGIN line? I have the following code: //Get the .pem file contents NSString *path = [[NSBundle mainBundle] pathForResource:@publickey ofType:@pem]; NSString * pemString = [NSString stringWithContentsOfFile:path encoding:NSUTF8StringEncoding error:nil]; const char *base64Text = [pemString cStringUsingEncoding:[NSString defaultCStringEncoding]]; I don't know much ObjectiveC, or any NextStep; does that remove the labels? //Base64 decode to obtain a DER representation char *unBase64Text = unbase64((unsigned char *)base64Text, strlen(base64Text)); int dataLength = strlen(unBase64Text); Even if base64Text is correctly the base64 data from the .pem, after un-base64-ing strlen won't work. DER encodings are binary and contain 'null' bytes which C considers to terminate a string. Your unbase64 procedure *MUST* tell you the decoded length. You should better declare the unbase64-ed DER as 'unsigned char *' (or 'unsigned char []'). Although you can cast differently-signed chars back and forth in C, this data actually is unsigned, and on systems where C plain char is signed, the debugger etc. will give misleading results. //Get RSA representation so we can encode messages to send back to the server RSA *anRSA = d2i_RSAPublicKey(0, (unsigned char **)unBase64Text, dataLength); In general whenever a libcrypto routine returns an error, and most times when a libssl routine does, you should look at the error queue: http://www.openssl.org/support/faq.html#PROG6 Even if unBase64Text for dataLength is correctly the unbase64-ed data, it is *very* unlikely you have a file containing an RSAPublicKey structure. Openssl normally uses files containing a X.509 cert which contains a publickey for any of several algorithms, possibly with algorithm-dependent parameters; or a PubKeyInfo structure which does similarly. For the latter you should use d2i_PUBKEY[_*] to get a generic EVP structure and then get the RSA part if necessary -- or just use the openssl EVP routines which take it as-is -- or use d2i_RSA_PUBKEY[_*] which just does those two for you. What could am I doing wrong? See above. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Base64 Decode Problem
I know this doesn't have anything to do with the problem you are facing, or with openssl for that matter (I'm afraid I can't help with that), but isn't %m exclusive to the syslog() call? Does it also work with printf() ? Regards, Felipe On 20 May 2010, at 16:43, Doug Kehn wrote: Hi All, I'm trying to decode a base64 encoded string. The problem I'm running in to is that BIO_read() always returns 0. BIO_should_retry() and BIO_should_read() also return 0 when BIO_read() returns 0. If the base64 encoded string is shortened, BIO_read returns the decoded information. I get this result using OpenSSL 0.9.8k (cross-compiled for a Blackfin processor) and OpenSSL 0.9.8g on Ubuntu 9.04. Any suggestions on what I'm doing wrong? Thanks, ...doug ---8- /* * Compiled with: gcc -Wall -lssl */ #include openssl/bio.h #include openssl/evp.h #include stdio.h #include string.h int main(int argc, char **argv) { #if 1 /* * This does not work */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0byBjb21lIHRvIHRoZSBhaWQgb2YgdGhlaXIgY291bnRyeS4NClRoZSBxdWljayBicm93biBmb3gganVtcGVkIG92ZXIgdGhlIGxhenkgZG9nJ3MgYmFjayAwMTIzNDU2Nzg5Lg ==\n; #endif #if 0 /* * This shortened version works */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0by== \n; #endif BIO *b64, *bio, *bmem; char *buf; int i = strlen(message); buf = malloc(i); if (!buf) { printf(malloc fail, %m\n); return -1; } bmem = BIO_new_mem_buf((void*)message, -1); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(bmem, BIO_FLAGS_BASE64_NO_NL); bio = BIO_push(b64, bmem); i = BIO_read(bio, (void*)buf, i); buf[i] = '\0'; BIO_free_all(bio); printf(%s\n%s\n, message, buf); return 0; } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Base64 Decode Problem
Hi All, I'm trying to decode a base64 encoded string. The problem I'm running in to is that BIO_read() always returns 0. BIO_should_retry() and BIO_should_read() also return 0 when BIO_read() returns 0. If the base64 encoded string is shortened, BIO_read returns the decoded information. I get this result using OpenSSL 0.9.8k (cross-compiled for a Blackfin processor) and OpenSSL 0.9.8g on Ubuntu 9.04. Any suggestions on what I'm doing wrong? Thanks, ...doug ---8- /* * Compiled with: gcc -Wall -lssl */ #include openssl/bio.h #include openssl/evp.h #include stdio.h #include string.h int main(int argc, char **argv) { #if 1 /* * This does not work */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0byBjb21lIHRvIHRoZSBhaWQgb2YgdGhlaXIgY291bnRyeS4NClRoZSBxdWljayBicm93biBmb3gganVtcGVkIG92ZXIgdGhlIGxhenkgZG9nJ3MgYmFjayAwMTIzNDU2Nzg5Lg==\n; #endif #if 0 /* * This shortened version works */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0by==\n; #endif BIO *b64, *bio, *bmem; char *buf; int i = strlen(message); buf = malloc(i); if (!buf) { printf(malloc fail, %m\n); return -1; } bmem = BIO_new_mem_buf((void*)message, -1); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(bmem, BIO_FLAGS_BASE64_NO_NL); bio = BIO_push(b64, bmem); i = BIO_read(bio, (void*)buf, i); buf[i] = '\0'; BIO_free_all(bio); printf(%s\n%s\n, message, buf); return 0; } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Base64 Decode Problem/Question
Hi All, I'm trying to decode a base64 encoded string. The problem I'm running in to is that BIO_read() always returns 0. BIO_should_retry() and BIO_should_read() also return 0 when BIO_read() returns 0. If the base64 encoded string is shortened, BIO_read returns the decoded information. I'm using OpenSSL 0.9.8g 19 Oct 2007 on Ubuntu 9.04. Any suggestions on what I'm doing wrong? Thanks, ...doug ---8- /* * Compiled with: gcc -Wall -lssl */ #include openssl/bio.h #include openssl/evp.h #include stdio.h #include string.h int main(int argc, char **argv) { #if 1 /* * This does not work */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0byBjb21lIHRvIHRoZSBhaWQgb2YgdGhlaXIgY291bnRyeS4NClRoZSBxdWljayBicm93biBmb3gganVtcGVkIG92ZXIgdGhlIGxhenkgZG9nJ3MgYmFjayAwMTIzNDU2Nzg5Lg==\n; #endif #if 0 /* * This shortened version works */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0by==\n; #endif BIO *b64, *bio, *bmem; char *buf; int i = strlen(message) + 25; buf = malloc(i); if (!buf) { printf(malloc fail, %m\n); return -1; } bmem = BIO_new_mem_buf((void*)message, -1); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(bmem, BIO_FLAGS_BASE64_NO_NL); bio = BIO_push(b64, bmem); i = BIO_read(bio, (void*)buf, i); buf[i] = '\0'; BIO_free_all(bio); printf(%s\n%s\n, message, buf); return 0; } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Base64 Decode Problem/Question
Doug Kehn rdk...@yahoo.com writes: Hi All, Hi \n is not base64. Try with echo -n Bruno I'm trying to decode a base64 encoded string. The problem I'm running in to is that BIO_read() always returns 0. BIO_should_retry() and BIO_should_read() also return 0 when BIO_read() returns 0. If the base64 encoded string is shortened, BIO_read returns the decoded information. I'm using OpenSSL 0.9.8g 19 Oct 2007 on Ubuntu 9.04. Any suggestions on what I'm doing wrong? Thanks, ...doug ---8- /* * Compiled with: gcc -Wall -lssl */ #include openssl/bio.h #include openssl/evp.h #include stdio.h #include string.h int main(int argc, char **argv) { #if 1 /* * This does not work */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0byBjb21lIHRvIHRoZSBhaWQgb2YgdGhlaXIgY291bnRyeS4NClRoZSBxdWljayBicm93biBmb3gganVtcGVkIG92ZXIgdGhlIGxhenkgZG9nJ3MgYmFjayAwMTIzNDU2Nzg5Lg==\n; #endif #if 0 /* * This shortened version works */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0by==\n; #endif BIO *b64, *bio, *bmem; char *buf; int i = strlen(message) + 25; buf = malloc(i); if (!buf) { printf(malloc fail, %m\n); return -1; } bmem = BIO_new_mem_buf((void*)message, -1); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(bmem, BIO_FLAGS_BASE64_NO_NL); bio = BIO_push(b64, bmem); i = BIO_read(bio, (void*)buf, i); buf[i] = '\0'; BIO_free_all(bio); printf(%s\n%s\n, message, buf); return 0; } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Base64 Decode Problem/Question
Hi Bruno, --- On Thu, 5/20/10, Bruno Vetel bruno.ve...@esas.fr wrote: From: Bruno Vetel bruno.ve...@esas.fr Subject: Re: Base64 Decode Problem/Question To: openssl-users@openssl.org Date: Thursday, May 20, 2010, 1:43 PM Doug Kehn rdk...@yahoo.com writes: Hi All, Hi \n is not base64. Try with echo -n I removed the '\n' and got the same result. (Sorry for the double post. I had mailer problems and didn't think the first attempt went out.) I'm trying to decode a base64 encoded string. The problem I'm running in to is that BIO_read() always returns 0. BIO_should_retry() and BIO_should_read() also return 0 when BIO_read() returns 0. If the base64 encoded string is shortened, BIO_read returns the decoded information. I'm using OpenSSL 0.9.8g 19 Oct 2007 on Ubuntu 9.04. Any suggestions on what I'm doing wrong? Thanks, ...doug ---8- /* * Compiled with: gcc -Wall -lssl */ #include openssl/bio.h #include openssl/evp.h #include stdio.h #include string.h int main(int argc, char **argv) { #if 1 /* * This does not work */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0byBjb21lIHRvIHRoZSBhaWQgb2YgdGhlaXIgY291bnRyeS4NClRoZSBxdWljayBicm93biBmb3gganVtcGVkIG92ZXIgdGhlIGxhenkgZG9nJ3MgYmFjayAwMTIzNDU2Nzg5Lg==\n; #endif #if 0 /* * This shortened version works */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0by==\n; #endif BIO *b64, *bio, *bmem; char *buf; int i = strlen(message) + 25; buf = malloc(i); if (!buf) { printf(malloc fail, %m\n); return -1; } bmem = BIO_new_mem_buf((void*)message, -1); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(bmem, BIO_FLAGS_BASE64_NO_NL); bio = BIO_push(b64, bmem); i = BIO_read(bio, (void*)buf, i); buf[i] = '\0'; BIO_free_all(bio); printf(%s\n%s\n, message, buf); return 0; } __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Base64 Decode Problem/Question
From: owner-openssl-us...@openssl.org On Behalf Of Bruno Vetel Sent: Thursday, 20 May, 2010 13:44 Doug Kehn rdk...@yahoo.com writes: \n is not base64. Try with echo -n I'm trying to decode a base64 encoded string. The problem I'm running in to is that BIO_read() always returns 0. [...] If the base64 encoded string is shortened [it works] Other way. The base64 concept allows linebreaks, and other whitespace -- that's exactly one of the 'transport damage' it was created to cope with. Original PEM required linebreaks at *exactly* 64 characters, and MIME requires *up to* 76. BIO_f_base64() output=encode does 64, and it appears to me input accepts up to 76 and maybe 80. For 'no limit' use BIO_FLAGS_BASE64_NO_NULL as per the man page. Or for all-in-memory, just call EVP_DecodeBlock directly. You don't really need all the BIO framework stuff. (Or you can write your own b64decode in about 10-20 lines.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Base64 Decode Problem/Question
Hi All, I figured out my problem. The call to BIO_set_flags() wasn't correct. Replacing the sequence: : b64 = BIO_new(BIO_f_base64()); BIO_set_flags(bmem, BIO_FLAGS_BASE64_NO_NL); bio = BIO_push(b64, bmem); : with : b64 = BIO_new(BIO_f_base64()); bio = BIO_push(b64, bmem); BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); : fixed the problem. Regards, ...doug --- On Thu, 5/20/10, Doug Kehn rdk...@yahoo.com wrote: From: Doug Kehn rdk...@yahoo.com Subject: Re: Base64 Decode Problem/Question To: openssl-users@openssl.org Date: Thursday, May 20, 2010, 3:37 PM Hi Bruno, --- On Thu, 5/20/10, Bruno Vetel bruno.ve...@esas.fr wrote: From: Bruno Vetel bruno.ve...@esas.fr Subject: Re: Base64 Decode Problem/Question To: openssl-users@openssl.org Date: Thursday, May 20, 2010, 1:43 PM Doug Kehn rdk...@yahoo.com writes: Hi All, Hi \n is not base64. Try with echo -n I removed the '\n' and got the same result. (Sorry for the double post. I had mailer problems and didn't think the first attempt went out.) I'm trying to decode a base64 encoded string. The problem I'm running in to is that BIO_read() always returns 0. BIO_should_retry() and BIO_should_read() also return 0 when BIO_read() returns 0. If the base64 encoded string is shortened, BIO_read returns the decoded information. I'm using OpenSSL 0.9.8g 19 Oct 2007 on Ubuntu 9.04. Any suggestions on what I'm doing wrong? Thanks, ...doug ---8- /* * Compiled with: gcc -Wall -lssl */ #include openssl/bio.h #include openssl/evp.h #include stdio.h #include string.h int main(int argc, char **argv) { #if 1 /* * This does not work */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0byBjb21lIHRvIHRoZSBhaWQgb2YgdGhlaXIgY291bnRyeS4NClRoZSBxdWljayBicm93biBmb3gganVtcGVkIG92ZXIgdGhlIGxhenkgZG9nJ3MgYmFjayAwMTIzNDU2Nzg5Lg==\n; #endif #if 0 /* * This shortened version works */ char *message = Tm8gaXMgdGhlIHRpbWUgZm9yIGFsbCBnb29kIG1lbiB0by==\n; #endif BIO *b64, *bio, *bmem; char *buf; int i = strlen(message) + 25; buf = malloc(i); if (!buf) { printf(malloc fail, %m\n); return -1; } bmem = BIO_new_mem_buf((void*)message, -1); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(bmem, BIO_FLAGS_BASE64_NO_NL); bio = BIO_push(b64, bmem); i = BIO_read(bio, (void*)buf, i); buf[i] = '\0'; BIO_free_all(bio); printf(%s\n%s\n, message, buf); return 0; } __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
base64 filter fails only with memory BIO but works with other BIOs
Hi all, I have some base64 encoded data in my own buffer (a character array). I want to decode this. From the man pages it appeared to me that I should 1) create a memory bio, 2) populate it with my base64 encoded data. 3) Create a base64 filter bio 4) Create a chain like this: [base64_bio]-[mem_bio] 5) Read from the chain Sadly this does not work. Read always signals EOF/EOD. Read always returns -1. BIO_should_retry() or BIO_should_read() is true after every subsequent attempt to read from the chain. If I replace the [mem_bio] with a [fp_bio], it works fine, i.e if I place the base64 encoded data in a file and create a chain like this: [base64_bio]-[fp_bio] and then read from the chain, the data is properly decoded, all in one go. I read this posting : http://marc.info/?l=openssl-usersm=123171064303018w=2 and this : http://markmail.org/message/cdndl7pofs7maixq#query:+page:1+mid:hts7ql...http://markmail.org/message/cdndl7pofs7maixq#query:+page:1+mid:hts7qlqkz3yzsmz2+state:results but they did not solve my problem. The first posting is large and elaborate and I did understand parts of it. Probably its the parts that I did not understand that are needed here. Either ways, any help is really appreciated. I previously posted this questions via Google groups and it is here : http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/d7686d4f46f1b332?pli=1 My code is also put up in that Google groups post. Yesterday when i did not see my message archived at marc.info I sent an email to opessl-us...@openssl.org , but again today I do not see my email in the marc.info archives or listed on the google groups. So I now subscribed to the list and am sending it again. So I hope I get it right this time. -- Regards, Brahmana. The LIGHT shows the way. The WISE see it. The BRAVE walk it. The PERSISTENT endure and complete it. I want to do it all ALONE.
base64 filter fails only with memory BIO but works with other BIOs
Hi all, I have some base64 encoded data in my own buffer (a character array). I want to decode this. From the man pages it appeared to me that I should 1) create a memory bio, 2) populate it with my base64 encoded data. 3) Create a base64 filter bio 4) Create a chain like this: [base64_bio]-[mem_bio] 5) Read from the chain Sadly this does not work. Read always signals EOF/EOD. Read always returns -1. BIO_should_retry() or BIO_should_read() is true after every subsequent attempt to read from the chain. If I replace the [mem_bio] with a [fp_bio], it works fine, i.e if I place the base64 encoded data in a file and create a chain like this: [base64_bio]-[fp_bio] and then read from the chain, the data is properly decoded, all in one go. I read this posting : http://marc.info/?l=openssl-usersm=123171064303018w=2 and this : http://markmail.org/message/cdndl7pofs7maixq#query:+page:1+mid:hts7ql...http://markmail.org/message/cdndl7pofs7maixq#query:+page:1+mid:hts7qlqkz3yzsmz2+state:results but they did not solve my problem. The first posting is large and elaborate and I did understand parts of it. Probably its the parts that I did not understand that are needed here. Either ways, any help is really appreciated. I previously posted this questions via Google groups and it is here : http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/d7686d4f46f1b332?pli=1 My code is also put up in that Google groups post. Thank you. -- Regards, Brahmana. The LIGHT shows the way. The WISE see it. The BRAVE walk it. The PERSISTENT endure and complete it. I want to do it all ALONE.
Re: base64 filter fails only with memory BIO but works with other BIOs
On Mon, Oct 05, 2009, Srirang Doddihal wrote: Hi all, I have some base64 encoded data in my own buffer (a character array). I want to decode this. From the man pages it appeared to me that I should 1) create a memory bio, 2) populate it with my base64 encoded data. 3) Create a base64 filter bio 4) Create a chain like this: [base64_bio]-[mem_bio] 5) Read from the chain Sadly this does not work. Read always signals EOF/EOD. Read always returns -1. BIO_should_retry() or BIO_should_read() is true after every subsequent attempt to read from the chain. If I replace the [mem_bio] with a [fp_bio], it works fine, i.e if I place the base64 encoded data in a file and create a chain like this: [base64_bio]-[fp_bio] and then read from the chain, the data is properly decoded, all in one go. I read this posting : http://marc.info/?l=openssl-usersm=123171064303018w=2 and this : http://markmail.org/message/cdndl7pofs7maixq#query:+page:1+mid:hts7ql...http://markmail.org/message/cdndl7pofs7maixq#query:+page:1+mid:hts7qlqkz3yzsmz2+state:results but they did not solve my problem. The first posting is large and elaborate and I did understand parts of it. Probably its the parts that I did not understand that are needed here. Either ways, any help is really appreciated. Does this simpler version help: http://www.openssl.org/support/faq.html#PROG15 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: base64 filter fails only with memory BIO but works with other BIOs
Hi Steve, On Mon, Oct 5, 2009 at 5:11 PM, Dr. Stephen Henson st...@openssl.orgwrote: [snipped] Does this simpler version help: http://www.openssl.org/support/faq.html#PROG15 Thank you for pointing me to this. I understand it better now. However the problem is still unresolved. From the FAQ I understand that if I were to do BIO_set_mem_eof_return(bio, 0), then the behavior should be similar to a file bio and my code to read decoded data should work. But it doesn't. Here is the code: http://pastebin.ca/1594435 To verify that it is the eof behavior that is causing this problem I tried reading directly from the memory bio without making this call : BIO_set_mem_eof_return(bio, 0). I could successfully read the base64 data present in the mem bio and in the next call to read all the parameters were appropriately set to indicate that I should stop reading, namely: 1) BIO_read returned -1 2)One of the two flags, should_retry or should_read, was false So if reading directly from the memory bio works fine, why doesn't it work in a chain with a base64 bio? Is it the case that the base64 bio expects its source bio to be in some particular state or to be of a particular type? If so, what are those particular properties? -- Regards, Brahmana. The LIGHT shows the way. The WISE see it. The BRAVE walk it. The PERSISTENT endure and complete it. I want to do it all ALONE.
Re: base64 filter fails only with memory BIO but works with other BIOs
On Mon, Oct 05, 2009, Srirang Doddihal wrote: Hi Steve, On Mon, Oct 5, 2009 at 5:11 PM, Dr. Stephen Henson st...@openssl.orgwrote: [snipped] Does this simpler version help: http://www.openssl.org/support/faq.html#PROG15 Thank you for pointing me to this. I understand it better now. However the problem is still unresolved. From the FAQ I understand that if I were to do BIO_set_mem_eof_return(bio, 0), then the behavior should be similar to a file bio and my code to read decoded data should work. But it doesn't. Here is the code: http://pastebin.ca/1594435 To verify that it is the eof behavior that is causing this problem I tried reading directly from the memory bio without making this call : BIO_set_mem_eof_return(bio, 0). I could successfully read the base64 data present in the mem bio and in the next call to read all the parameters were appropriately set to indicate that I should stop reading, namely: 1) BIO_read returned -1 2)One of the two flags, should_retry or should_read, was false So if reading directly from the memory bio works fine, why doesn't it work in a chain with a base64 bio? Is it the case that the base64 bio expects its source bio to be in some particular state or to be of a particular type? If so, what are those particular properties? Does your file have a newline at the end of that data? If I place a newline on it in your program string then it works. If you don't use newlines then as documented you need to set: BIO_FLAGS_BASE64_NO_NL with BIO_set_flags(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: base64 filter fails only with memory BIO but works with other BIOs
On Mon, Oct 5, 2009 at 9:21 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Mon, Oct 05, 2009, Srirang Doddihal wrote: Hi Steve, On Mon, Oct 5, 2009 at 5:11 PM, Dr. Stephen Henson st...@openssl.org wrote: [snipped] Does this simpler version help: http://www.openssl.org/support/faq.html#PROG15 Thank you for pointing me to this. I understand it better now. However the problem is still unresolved. From the FAQ I understand that if I were to do BIO_set_mem_eof_return(bio, 0), then the behavior should be similar to a file bio and my code to read decoded data should work. But it doesn't. Here is the code: http://pastebin.ca/1594435 To verify that it is the eof behavior that is causing this problem I tried reading directly from the memory bio without making this call : BIO_set_mem_eof_return(bio, 0). I could successfully read the base64 data present in the mem bio and in the next call to read all the parameters were appropriately set to indicate that I should stop reading, namely: 1) BIO_read returned -1 2)One of the two flags, should_retry or should_read, was false So if reading directly from the memory bio works fine, why doesn't it work in a chain with a base64 bio? Is it the case that the base64 bio expects its source bio to be in some particular state or to be of a particular type? If so, what are those particular properties? Does your file have a newline at the end of that data? If I place a newline on it in your program string then it works. No, it does not. I confirmed it multiple times. I am attaching the file that I am using, in case you want to take a closer look. There is no new line and without setting the below mentioned flag, decoding works just fine with file bio. The encoded text is not Hello World, but I tried the same text with both BIOs. If you don't use newlines then as documented you need to set: BIO_FLAGS_BASE64_NO_NL with BIO_set_flags(). However, this method does solve the current problem. Decoding from the memory BIO now works well with this flag and the set_eof flag together. Thank you. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Regards, Brahmana. The LIGHT shows the way. The WISE see it. The BRAVE walk it. The PERSISTENT endure and complete it. I want to do it all ALONE. encoded-src Description: Binary data
OpenSSL C example Base64 Decode,
HI all, I have a working example of Encoding base64 using the BIO methods but decrypting a string is being somewhat problematic. The code in the man page for decoding does not work either as the stdin new_fp does not hand off / stop listening for input. The openssl version is 0.9.8i If anyone could supply a working example I would appreciate it, Regards Nigel __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL C example Base64 Decode,
This works for me: void base64Decode(unsigned char* pIn, int inLen, unsigned char* pOut, int outLen) { // create a memory buffer containing base64 encoded data BIO* bmem = BIO_new_mem_buf((void*)pIn, inLen); // push a Base64 filter so that reading from buffer decodes it BIO *bioCmd = BIO_new(BIO_f_base64()); // we don't want newlines BIO_set_flags(bioCmd, BIO_FLAGS_BASE64_NO_NL); bmem = BIO_push(bioCmd, bmem); int finalLen = BIO_read(bmem, (void*)pOut, outLen); BIO_free_all(bmem); outLen = finalLen; } On Fri, Sep 4, 2009 at 1:37 PM, Nigel Sollarsn...@vx.com wrote: HI all, I have a working example of Encoding base64 using the BIO methods but decrypting a string is being somewhat problematic. The code in the man page for decoding does not work either as the stdin new_fp does not hand off / stop listening for input. The openssl version is 0.9.8i If anyone could supply a working example I would appreciate it, Regards Nigel __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Base64-encoded public key convert to PEM
On Tue, Jul 28, 2009, Bizhan Gholikhamseh (bgholikh) wrote: HI ALL, I have a binary format of a public key which is in BASE64-encoded public key in RSA PKCS#1 format. How could I convert that to a PEM format? Here is another data set: TO get the binary format I ran the following command: openssl asn1parse -inform d -in key.bin 0:d=0 hl=2 l= 107 prim: priv [ 29 ] 109:d=0 hl=2 l= 30 prim: priv [ 6 ] 141:d=0 hl=2 l= 25 prim: priv [ 16 ] Error in encoding 22295:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150: Well asn1parse wont handle base64 decoding with -inform d. Try it without that option. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Base64-encoded public key convert to PEM
HI ALL, I have a binary format of a public key which is in BASE64-encoded public key in RSA PKCS#1 format. How could I convert that to a PEM format? Many thanks in advance, Bizhan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Base64-encoded public key convert to PEM
HI ALL, I have a binary format of a public key which is in BASE64-encoded public key in RSA PKCS#1 format. How could I convert that to a PEM format? Here is another data set: TO get the binary format I ran the following command: openssl asn1parse -inform d -in key.bin 0:d=0 hl=2 l= 107 prim: priv [ 29 ] 109:d=0 hl=2 l= 30 prim: priv [ 6 ] 141:d=0 hl=2 l= 25 prim: priv [ 16 ] Error in encoding 22295:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150: Any help greatly appriciated. Thanks, Bizhan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: base64 decoding using an s_mem chain
Frans, The mistake in your original code is largely due to the BIO_set_mem_eof_return(mem, 0); call at the start as that one prevents the bio chain from signaling 'should retry' upon error conditions (such as BIO_mem becoming empty, due to BIO_read pulling the data out of it). Instead, things should've gone rather better with: BIO_set_mem_eof_return(mem, -1); ... though then still the 'should retry' checking code would be lacking from the code (which is the second part causing your agony). ;-) No sweat: I had to debug the bugger to find out it had to be BIO_set_mem_eof_return(mem, -1) instead of BIO_set_mem_eof_return(mem, 0). By simply reading your code I didn't spot the issue. Hence I wrote the next section as much for you as for myself and others, to 'recall' how it should be. Summary: BIO_read -- ret==0: check retry/should flags, otherwise the end. BIO_read -- ret0: check retry/should flags, otherwise error. want to 'auto-recover' from (temporary) EOD/no more data in the BIO source, then make sure the BIO source spits out a negative value on such 'end' BIO_read() calls and has set the appropriate retry/want flags. BIO_s_mem() and BIO_pair (see second function in attached sample code) do the latter out of the box (= signal retry on EOD). --- Elaboration: Okay, what's the issue here: you fill the BIO_mem, fine, then BIO_read() with a BIO_F_base64 filter in its chain on top of BIO_mem fetches that data from the BIO_mem source/sink again (which is thus used as an intermediate buffer store). As the BIO_read tries to read as many bytes ('inlen') as there currently are in BIO_mem 'raw storage', this will run into an 'EOF' signal from BIO_mem. Why? Because the chain is set up to DECODE BASE64, i.e. output 'raw input' is assumed to be base64 enc'ed stuff and BIO_read() should produce the literal, unencoded bytes. BASE64 encoding clocks in at a conversion ratio of 4:3, i.e. 4 enc'ed bytes produce 3 decoded bytes. Hence, the bio chain won't be able to produce than inlen*3/4 bytes, best case, per round of fread/BIO_mem:write/base64::BIO_read. And just just because I said 'because' up there, it doesn't mean this is the problem. This behaviour is not a problem; it is rather to be expected, and given the variable inputs accepted for BASE64, the 'best case' in the paragraph above is a sure hint you won't ever be able to nail the number of decoded/read bytes per round to a sure-fire fixed number. And if you even would/could, such would lead to very inflexible, brittle software. WARNING: beginners' mistake #1: trying to 'tweak' in BIO_read(, bufsize): bufsize argument to 'make it just work'. I've seen them try it, then panic, thus try some more, and there's a special shotgun waiting in my drawer for those IT 'professionals', loaded with hollow-point silver tips. ;-) (No worries, mate, drawer's not going to open today.) Why is this beginners' mistake a grave one? Because it's trying to plug a hole by fiddling with a /symptom/ rather than curing the (hidden) error. Generally speaking for streams, and BIOs are a particular brand of those, halting reads (i.e. reads which won't deliver anything anymore after a certain time/size) happen most often because somewhere down the line the system has concluded it's stream closing time. If you don't want that, the question becomes how to prevent the streams from closing (== signaling 'End Of Stream Data'). Given your choice to use a BIO_mem source/sink for buffering purposes (I like the idea, though note the caveats!) you have chosen to create a read-stream with an implicit 'hickuppy EOF' behaviour: every time you try to read more data than currently resides in the BIO_mem memory space, you'll get the sensible response from the BIO_mem source/sink: EOF reached. To 'lift' the EOF blockade again, once you've stored some more, fresh data in BIO_mem, you need to make that previous EOF signal provide a little extra info: 'please retry later'. The wicked bit here is that, on the outside, it does not so much depend on BIO_read() producing a 0 or -1 return value (0 usually assumed to mean 'EOF reached' in other systems and OPENSSL generally adheres to the same assumption), but you've got to check these flags as well to see if it's the end for real or if the system is somehow aware there might be some more at a later time: BIO_should_retry(bio) BIO_should_read(bio) In your case checking for BIO_should_read() is not really necessary as you only use the read I/O direction anyhow, but I suggest you check it anyhow (once you move on to SSL-enabled read and write are not all that separate anymore: write can trigger BIO_should_read and vice versa). The bugger in there is now how to make BIO_mem report BIO_should_retry every time it runs into 'End Of Data' due to an oversized read. (And note that those 'BIO_should_retry' and other signals propagate up the BIO chain!) Turns out that BIO_mem acts correctly, but my mind
Re: base64 decoding using an s_mem chain
Hi Mike, Thanks for your postings in reply to my base64 decoding problem. I must admit that I saw your first posting only after sending out the reply to William, so let's correct that here :-) In your last posting you wrote: Are you stripping the bytes that might appear in the stream that do not represent encoded characters or a part of the count? That's an interesting thought. I assumed that when BIO_f_base64 decodes it is expecting the information it has originally encoded. The man-page states: BIO_f_base64() returns the base64 BIO method. This is a filter BIO that base64 encodes any data written through it and decodes any data read through it. So, f_base64 writes a newline after 64 encoded chars. When I remove the newline chars following your suggestion I get no output at all. Maybe that's kind of weird too, but at least it matches my assumtion that the way base64 writes information is the way it expects it back. But your remark did put me onto some useful track: base64's output suggests that its output should be read in chunks of 64 bytes. OK so far, but when I do that repeatedly on the same base64 and mem object conversion fails after one or two blocks. The following code, however, works fine: int main() { while (true) { char inbuf[65]; BIO *b64 = BIO_new(BIO_f_base64()); BIO *mem = BIO_new(BIO_s_mem()); BIO *bio = BIO_push(b64, mem); int inlen; if ((inlen = fread(inbuf, 1, 65, stdin)) = 0) break; BIO_write(mem, inbuf, inlen); inlen = BIO_read(bio, inbuf, 48); if (inlen 0) fwrite(inbuf, inlen, 1, stderr); BIO_free_all(bio); } } Note that I renew f_base64 and s_mem at each new block of 65 bytes. Here I use `65' and `48', but you could multiply these values by any integral factor `x', e.g., using x = 15 and then x * 65 and x * 48. The program works fine for any positive x. The main problems I have with the above code (irrespective of the factor used) is that I have to renew the f_base64 and s_mem objects at each new read-cycle and that I dislike magic numbers. I'm willing to accept the latter, considering that `x * 65' and `x * 48' are inherent elements of the base64 decoding, but I would be very interested in knowing how to re-use rather than re-new the f_base64 and s_mem objects. ... there must be a more systematic way to handle my problem There is, I posted the link to one such solution. Have you read it? Yes, by now I have. It doesn't solve the problem though: the posted solution `hand-decodes' base64 encoded information instead of using the ssl-functions. I'm sure I can do that, too, but my original plan was (and still is) to use the available ssl-functions for that. Thanks for showing me the link, though. I appreciate it, but completely missed your posting when writing my previous posting. Is this a homework assignment? :-) Great remark! No it isn't. One day I could make it into an assignment for my students, though ;-) But no: for now I'm just interested in applying the facilities offered by the openssl library to my own programs. BTW: It's highly unlikely that I'll be able to reply to any new postings to this thread for the coming 3 weeks. Please don't take silence from me during that period for impoliteness or lack of interest. Cheers, -- Frank B. Brokken Center for Information Technology, University of Groningen (+31) 50 363 9281 Public PGP key: http://pgp.surfnet.nl Key Fingerprint: 8E36 9FC4 1DAA FCDF 1A0D B19F DAC4 BE50 38C6 6170 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: base64 decoding using an s_mem chain
On Thu January 1 2009, Frank B. Brokken wrote: Hi Mike, Thanks for your postings in reply to my base64 decoding problem. I must admit that I saw your first posting only after sending out the reply to William, so let's correct that here :-) In your last posting you wrote: Are you stripping the bytes that might appear in the stream that do not represent encoded characters or a part of the count? That's an interesting thought. I assumed that when BIO_f_base64 decodes it is expecting the information it has originally encoded. The man-page states: BIO_f_base64() returns the base64 BIO method. This is a filter BIO that base64 encodes any data written through it and decodes any data read through it. So, f_base64 writes a newline after 64 encoded chars. When I remove the newline chars following your suggestion I get no output at all. Maybe that's kind of weird too, but at least it matches my assumtion that the way base64 writes information is the way it expects it back. But your remark did put me onto some useful track: base64's output suggests that its output should be read in chunks of 64 bytes. OK so far, but when I do that repeatedly on the same base64 and mem object conversion fails after one or two blocks. The following code, however, works fine: int main() { while (true) { char inbuf[65]; BIO *b64 = BIO_new(BIO_f_base64()); BIO *mem = BIO_new(BIO_s_mem()); BIO *bio = BIO_push(b64, mem); int inlen; if ((inlen = fread(inbuf, 1, 65, stdin)) = 0) break; BIO_write(mem, inbuf, inlen); inlen = BIO_read(bio, inbuf, 48); if (inlen 0) fwrite(inbuf, inlen, 1, stderr); BIO_free_all(bio); } } Note that I renew f_base64 and s_mem at each new block of 65 bytes. Here I use `65' and `48', but you could multiply these values by any integral factor `x', e.g., using x = 15 and then x * 65 and x * 48. The program works fine for any positive x. The main problems I have with the above code (irrespective of the factor used) is that I have to renew the f_base64 and s_mem objects at each new read-cycle and that I dislike magic numbers. I'm willing to accept the latter, considering that `x * 65' and `x * 48' are inherent elements of the base64 decoding, but I would be very interested in knowing how to re-use rather than re-new the f_base64 and s_mem objects. ... there must be a more systematic way to handle my problem There is, I posted the link to one such solution. Have you read it? Yes, by now I have. It doesn't solve the problem though: the posted solution `hand-decodes' base64 encoded information instead of using the ssl-functions. I'm sure I can do that, too, but my original plan was (and still is) to use the available ssl-functions for that. Thanks for showing me the link, though. I appreciate it, but completely missed your posting when writing my previous posting. It was reading through that link that reminded me of the bytes in the stream in addition to the encoded bytes. Maybe it will bring something else to mind. Whatever is happening, is probably 'obvious' once you spot it. ;) It does seem a little unusual that the routines are written to be destructive. Oh, well, might just be the way they needed to be written. Is this a homework assignment? :-) Great remark! No it isn't. One day I could make it into an assignment for my students, though ;-) But no: for now I'm just interested in applying the facilities offered by the openssl library to my own programs. Might even call it a history lesson. base64 encoding was the answer to serial lines that where not 7-bit clean. Encourages the students to think about 'why'. BTW: It's highly unlikely that I'll be able to reply to any new postings to this thread for the coming 3 weeks. Please don't take silence from me during that period for impoliteness or lack of interest. Not a problem. Mike Cheers, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: base64 decoding using an s_mem chain
Hi William, Thanks for your reply. I followed your suggestion and changed the buffer size to 480: where the original program shows `500' it now has `480'. Unfortunately, after uncommenting the `Doesn't work' section the problem remains. Only the first block is decoded. Since 480 clearly fits the requirement of being divisible by both 8 and 6 I'm slightly worried about how to `find the exact point where an 8 bit is not shared'. So I thought about reading larger chunks and extracting a smaller number of characters so as not to exhaust the input buffer. After all extracting in blocks from a s_mem that completely contains the encoded file works fine, so why not do it while s_mem is being filled? But this was met with variable results: reading blocks of 700 bytes and then converting 480 bytes after each read-operation works fine, but reading blocks of 500 bytes and then extracting blocks of 240 bytes fails. Somehow I don't like this shotgun-approach, thinking that there must be a more systematic way to handle my problem Anyway, here are the essential changes I made to read + extract information: size_t const bufSize = 700; size_t const readBlock = 480; while ((inlen = fread(inbuf, 1, bufSize, stdin)) != 0) { BIO_write(mem, inbuf, inlen); BIO_flush(mem); // decode some chars at each // read from stdin inlen = BIO_read(bio, inbuf, readBlock); if (inlen = 0) // once this happens no more break; // successful decodes occur fwrite(inbuf, 1, inlen, stdout); } So, thanks again for the reply, but I think I'm still looking for a general (algorithmic) solution Cheers, -- Frank B. Brokken Center for Information Technology, University of Groningen (+31) 50 363 9281 Public PGP key: http://pgp.surfnet.nl Key Fingerprint: 8E36 9FC4 1DAA FCDF 1A0D B19F DAC4 BE50 38C6 6170 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: base64 decoding using an s_mem chain
On Wed December 31 2008, Frank B. Brokken wrote: Hi William, Thanks for your reply. I followed your suggestion and changed the buffer size to 480: where the original program shows `500' it now has `480'. Unfortunately, after uncommenting the `Doesn't work' section the problem remains. Only the first block is decoded. Since 480 clearly fits the requirement of being divisible by both 8 and 6 I'm slightly worried about how to `find the exact point where an 8 bit is not shared'. So I thought about reading larger chunks and extracting a smaller number of characters so as not to exhaust the input buffer. After all extracting in blocks from a s_mem that completely contains the encoded file works fine, so why not do it while s_mem is being filled? But this was met with variable results: reading blocks of 700 bytes and then converting 480 bytes after each read-operation works fine, but reading blocks of 500 bytes and then extracting blocks of 240 bytes fails. Are you stripping the bytes that might appear in the stream that do not represent encoded characters or a part of the count? Somehow I don't like this shotgun-approach, thinking that there must be a more systematic way to handle my problem There is, I posted the link to one such solution. Have you read it? Anyway, here are the essential changes I made to read + extract information: Is this a homework assignment? Mike size_t const bufSize = 700; size_t const readBlock = 480; while ((inlen = fread(inbuf, 1, bufSize, stdin)) != 0) { BIO_write(mem, inbuf, inlen); BIO_flush(mem); // decode some chars at each // read from stdin inlen = BIO_read(bio, inbuf, readBlock); if (inlen = 0) // once this happens no more break; // successful decodes occur fwrite(inbuf, 1, inlen, stdout); } So, thanks again for the reply, but I think I'm still looking for a general (algorithmic) solution Cheers, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
base64 decoding using an s_mem chain
Hi List-members, The following problem has (in some form) popped up on this list repeatedly, but after having browsed the archives until the beginning of this century I didn't encounter (or simply missed?) a solution for my current problem, hence the posting. For some time now I'm trying to decode a base64 encoded file which is filtered through a BIO_s_mem method. My intention is to write a function in which the actual decoding is decoupled from the source of the encoded information as well as from the destination of the decoded info, and so I thought of using a BIO_s_mem method as an intermediate storage medium chained to a BIO_f_base64 method: obtain info the the source, put it into s_mem, base64 decode it, write the decoded info to the destination. As an initial attempt the following program does the trick, but a problem occurs when I uncomment the section marked `Doesn't work'. In that case only the first block of bytes that's read is decoded after which BIO_read consistently returns 0. The program as-is properly decodes base64 encoded information but requires me to read all the encoded information into the s_mem buffer first, which is unacceptable as it would require me to have all information available in memory before base64 can start decoding. So my questions are: What's the flaw in my reasoning (c.q. program)? And: what must be done to decode information in a series of read-decode cycles rather than using a `read-all, decode-all' procedure? Here's the little program I used: -- #include openssl/bio.h #include openssl/evp.h #include stdio.h int main() { BIO *bio, *b64; char inbuf[500]; int inlen; b64 = BIO_new(BIO_f_base64()); // define BIOs BIO *mem = BIO_new(BIO_s_mem()); bio = BIO_push(b64, mem); // set up the chain BIO_set_mem_eof_return(mem, 0); // define s_mem eof // read info from some source while ((inlen = fread(inbuf, 1, 500, stdin)) != 0) { BIO_write(mem, inbuf, inlen); // put it in the s_mem buffer BIO_flush(mem); // Doesn't work: //while (1) //{ // read what's already available //inlen = BIO_read(bio, inbuf, inlen); //if (inlen = 0) // no more, then done //break; //// write decoded info to a dest. //fwrite(inbuf, 1, inlen, stdout); //} } // same procedure, but now write to the destination after first // reading all info into s_mem while (1) { inlen = BIO_read(bio, inbuf, 200); if (inlen = 0) break; fwrite(inbuf, 1, inlen, stdout); } BIO_free_all(bio); } -- Any suggestion I receive will of course greatly be appreciated. Cheers, -- Frank B. Brokken Center for Information Technology, University of Groningen (+31) 50 363 9281 Public PGP key: http://pgp.surfnet.nl Key Fingerprint: 8E36 9FC4 1DAA FCDF 1A0D B19F DAC4 BE50 38C6 6170 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: base64 decoding using an s_mem chain
On Tue December 30 2008, Frank B. Brokken wrote: Hi List-members, The following problem has (in some form) popped up on this list repeatedly, but after having browsed the archives until the beginning of this century I didn't encounter (or simply missed?) a solution for my current problem, hence the posting. For implementing a solution using the openSSL libraries, I leave to the experts. In general - consider reading any fixed length record - Your input is sets of 4 octets, you can't have a split set - Your output is sets of 3 octets, (a 4*6bit - 3*8bit function) - So your read function must either guarantee that a full records (4*x) have been read or somehow handle the excess 1 - 3 octets as the first part of the next read. For a general purpose function, it is probably a poor idea to expect the input to have line breaks (although some uses of base64 do have line breaks - just not in general). Same coding situation you would have if you where reading text lines, any partial line read must be treated as the first part of the next read operation. Here is a page with a link to a public domain, base64 encode/decode routine: http://www.fourmilab.ch/webtools/base64/ (scroll down the page to the tar ball link) Read it (I haven't) - see how they handled the situation. Since those can be used in a pipeline, it must have an example of the code you need in it. Mike For some time now I'm trying to decode a base64 encoded file which is filtered through a BIO_s_mem method. My intention is to write a function in which the actual decoding is decoupled from the source of the encoded information as well as from the destination of the decoded info, and so I thought of using a BIO_s_mem method as an intermediate storage medium chained to a BIO_f_base64 method: obtain info the the source, put it into s_mem, base64 decode it, write the decoded info to the destination. As an initial attempt the following program does the trick, but a problem occurs when I uncomment the section marked `Doesn't work'. In that case only the first block of bytes that's read is decoded after which BIO_read consistently returns 0. The program as-is properly decodes base64 encoded information but requires me to read all the encoded information into the s_mem buffer first, which is unacceptable as it would require me to have all information available in memory before base64 can start decoding. So my questions are: What's the flaw in my reasoning (c.q. program)? And: what must be done to decode information in a series of read-decode cycles rather than using a `read-all, decode-all' procedure? Here's the little program I used: -- #include openssl/bio.h #include openssl/evp.h #include stdio.h int main() { BIO *bio, *b64; char inbuf[500]; int inlen; b64 = BIO_new(BIO_f_base64()); // define BIOs BIO *mem = BIO_new(BIO_s_mem()); bio = BIO_push(b64, mem); // set up the chain BIO_set_mem_eof_return(mem, 0); // define s_mem eof // read info from some source while ((inlen = fread(inbuf, 1, 500, stdin)) != 0) { BIO_write(mem, inbuf, inlen); // put it in the s_mem buffer BIO_flush(mem); // Doesn't work: //while (1) //{ // read what's already available //inlen = BIO_read(bio, inbuf, inlen); //if (inlen = 0) // no more, then done //break; //// write decoded info to a dest. //fwrite(inbuf, 1, inlen, stdout); //} } // same procedure, but now write to the destination after first // reading all info into s_mem while (1) { inlen = BIO_read(bio, inbuf, 200); if (inlen = 0) break; fwrite(inbuf, 1, inlen, stdout); } BIO_free_all(bio); } -- Any suggestion I receive will of course greatly be appreciated. Cheers, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: base64 decoding using an s_mem chain
Since base64 regroups the original 8-bits based binary into groups of 6 bits for encoding, using padding as needed. So each original 8 bits is shared by two 6 bits, it is like a chain. To make your code work, you have to find out the exact point, where a 8 bit is not shared. For example, change your buffer size to 480, since 480 can be divided by both 8 and 6. Good luck! From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Frank B. Brokken [f.b.brok...@rug.nl] Sent: Tuesday, December 30, 2008 3:11 AM To: openssl-users@openssl.org Subject: base64 decoding using an s_mem chain Hi List-members, The following problem has (in some form) popped up on this list repeatedly, but after having browsed the archives until the beginning of this century I didn't encounter (or simply missed?) a solution for my current problem, hence the posting. For some time now I'm trying to decode a base64 encoded file which is filtered through a BIO_s_mem method. My intention is to write a function in which the actual decoding is decoupled from the source of the encoded information as well as from the destination of the decoded info, and so I thought of using a BIO_s_mem method as an intermediate storage medium chained to a BIO_f_base64 method: obtain info the the source, put it into s_mem, base64 decode it, write the decoded info to the destination. As an initial attempt the following program does the trick, but a problem occurs when I uncomment the section marked `Doesn't work'. In that case only the first block of bytes that's read is decoded after which BIO_read consistently returns 0. The program as-is properly decodes base64 encoded information but requires me to read all the encoded information into the s_mem buffer first, which is unacceptable as it would require me to have all information available in memory before base64 can start decoding. So my questions are: What's the flaw in my reasoning (c.q. program)? And: what must be done to decode information in a series of read-decode cycles rather than using a `read-all, decode-all' procedure? Here's the little program I used: -- #include openssl/bio.h #include openssl/evp.h #include stdio.h int main() { BIO *bio, *b64; char inbuf[500]; int inlen; b64 = BIO_new(BIO_f_base64()); // define BIOs BIO *mem = BIO_new(BIO_s_mem()); bio = BIO_push(b64, mem); // set up the chain BIO_set_mem_eof_return(mem, 0); // define s_mem eof // read info from some source while ((inlen = fread(inbuf, 1, 500, stdin)) != 0) { BIO_write(mem, inbuf, inlen); // put it in the s_mem buffer BIO_flush(mem); // Doesn't work: //while (1) //{ // read what's already available //inlen = BIO_read(bio, inbuf, inlen); //if (inlen = 0) // no more, then done //break; //// write decoded info to a dest. //fwrite(inbuf, 1, inlen, stdout); //} } // same procedure, but now write to the destination after first // reading all info into s_mem while (1) { inlen = BIO_read(bio, inbuf, 200); if (inlen = 0) break; fwrite(inbuf, 1, inlen, stdout); } BIO_free_all(bio); } -- Any suggestion I receive will of course greatly be appreciated. Cheers, -- Frank B. Brokken Center for Information Technology, University of Groningen (+31) 50 363 9281 Public PGP key: http://pgp.surfnet.nl Key Fingerprint: 8E36 9FC4 1DAA FCDF 1A0D B19F DAC4 BE50 38C6 6170 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
long base64, no wrap
Using EVP_DecodeInit and EVP_DecodeUpdate to decode base64, is there a simple way or function that can be used to split the data with \n's? For example my base64 encoded data was encoded as one long string (like base64 -w 0 would give you). EVP_DecodeUpdate doesnt look to like long base64 strings. ~Shaun __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [Base64 Decoding] Bug when decoding??
Thank you Steve for help. I tried to use the BIO_FLAGS_BASE64_NO_NL flag in my code. This works fine. Thank you everybody again for help. On Fri, May 23, 2008 at 12:24 PM, Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Fri, May 23, 2008, karim Bendadda wrote: Hi Stephen, I just try it! it works fine! it doesn't appear when lunching openssl command: $openssl enc ? How can I implement it using the openssl's EVP API??? It is mentioned in the documentation and the BIO equivalent is to set the flag BIO_FLAGS_BASE64_NO_NL. See enc and BIO_f_base64() documents. I don't normally use EVP for base64 encoding, I use a bio chain so don't know about that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Karim
Re: [Base64 Decoding] Bug when decoding??
Thanks for examples Victor. As Dominique suggests I tried to split the base64 encoded string to blocs. The decoding works fine now! but I still have some decrypting problems...I'll post my problem on a new topic; it concerning decrypting now!. Thank you for your help! On Thu, May 22, 2008 at 8:14 PM, Victor Duchovni [EMAIL PROTECTED] wrote: On Thu, May 22, 2008 at 02:20:07PM +0200, karim Bendadda wrote: Hi All, I'm trying to decode a Base64 encoded string. Using the openssl decoding command:* echo nnnKZdKOQMmVpLEOBqNU3L07ELMSoQxW0z7SvgZBmwXpjvMYPqnSMaWy9vu6NFUHGc40nhLbaFe8vI159nZHHdMOssHyfI6kzXljRolfrSX6bNjcMvfy7k5J+2xo451u= | openssl enc -base64 -d The string is too long to fit on one line. The openssl base64 decoder requires long strings to be split over multiple lines. As you can see, the limit is 80 characters per-line: $ let i=15; while (( i 25)) do echo $i $(perl -e printf qq{%s\n}, q{} x $i | openssl base64 -d | wc -c) let i=i+1 done 15 45 16 48 17 51 18 54 19 57 20 0 21 0 22 0 23 0 24 0 Also each line MUST end with \n or \r\n, incomplete last lines don't work: $ let i=15; while (( i 25)) do echo $i $(perl -e printf qq{%s}, q{} x $i | openssl base64 -d | wc -c) let i=i+1 done 15 0 16 0 17 0 18 0 19 0 20 0 21 0 22 0 23 0 24 0 -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Karim
Re: [Base64 Decoding] Bug when decoding??
Hi Stephen, I just try it! it works fine! it doesn't appear when lunching openssl command: $openssl enc ? How can I implement it using the openssl's EVP API??? Thank you. On Thu, May 22, 2008 at 8:12 PM, Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Thu, May 22, 2008, karim Bendadda wrote: Hi All, I'm trying to decode a Base64 encoded string. Using the openssl decoding command:* echo nnnKZdKOQMmVpLEOBqNU3L07ELMSoQxW0z7SvgZBmwXpjvMYPqnSMaWy9vu6NFUHGc40nhLbaFe8vI159nZHHdMOssHyfI6kzXljRolfrSX6bNjcMvfy7k5J+2xo451u= | openssl enc -base64 -d *I got no result! nothing!!! I tried to decode this string on an online base64 decoder http://webnet77.com/cgi-bin/helpers/base-64.pl and it's ok!! I have the correct string ( wich is an encrypted string). What's wrong with openssl command??? Did you try the -A option? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Karim
Re: [Base64 Decoding] Bug when decoding??
On Fri, May 23, 2008, karim Bendadda wrote: Hi Stephen, I just try it! it works fine! it doesn't appear when lunching openssl command: $openssl enc ? How can I implement it using the openssl's EVP API??? It is mentioned in the documentation and the BIO equivalent is to set the flag BIO_FLAGS_BASE64_NO_NL. See enc and BIO_f_base64() documents. I don't normally use EVP for base64 encoding, I use a bio chain so don't know about that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
[Base64 Decoding] Bug when decoding??
Hi All, I'm trying to decode a Base64 encoded string. Using the openssl decoding command:* echo nnnKZdKOQMmVpLEOBqNU3L07ELMSoQxW0z7SvgZBmwXpjvMYPqnSMaWy9vu6NFUHGc40nhLbaFe8vI159nZHHdMOssHyfI6kzXljRolfrSX6bNjcMvfy7k5J+2xo451u= | openssl enc -base64 -d *I got no result! nothing!!! I tried to decode this string on an online base64 decoder http://webnet77.com/cgi-bin/helpers/base-64.pl and it's ok!! I have the correct string ( wich is an encrypted string). What's wrong with openssl command??? Thank you for help. -- Karim
Re: [Base64 Decoding] Bug when decoding??
Hello karim The line must be at most 64 octets long using the file essai.pem where the unique has been splited in three the command openssl enc -base64 -d -in essai.pem works. but be carefull most of the characterare not printables karim Bendadda a écrit : Hi All, I'm trying to decode a Base64 encoded string. Using the openssl decoding command:/ echo nnnKZdKOQMmVpLEOBqNU3L07ELMSoQxW0z7SvgZBmwXpjvMYPqnSMaWy9vu6NFUHGc40nhLbaFe8vI159nZHHdMOssHyfI6kzXljRolfrSX6bNjcMvfy7k5J+2xo451u= | openssl enc -base64 -d /I got no result! nothing!!! I tried to decode this string on an online base64 decoder http://webnet77.com/cgi-bin/helpers/base-64.pl and it's ok!! I have the correct string ( wich is an encrypted string). What's wrong with openssl command??? Thank you for help. -- Karim -- Dr Dominique LOHEZ ISEN 41, Bd Vauban F59046 LILLE France Phone : +33 (0)3 20 30 40 71 Email: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [Base64 Decoding] Bug when decoding??
Hi Dominique, First I'd like to thank you for your quick answer. You're right, it works well when spliting. I'd like now to do it using the openssl API (I found the function above on the web). This function works well for input at most 64 bytes .May I have to do a manual split where input is at least 64 bytes long? Is there any methods (an Openssl function for example) to do it automatically???. Thank you for your efforts. *char *unbase64(unsigned char *input, int length) { BIO *b64, *bmem; char *buffer = (char *)malloc(length); memset(buffer, 0, length); b64 = BIO_new(BIO_f_base64()); bmem = BIO_new_mem_buf(input, length); bmem = BIO_push(b64, bmem); BIO_read(bmem, buffer, length); BIO_free_all(bmem); return buffer; } * -- On Thu, May 22, 2008 at 3:57 PM, Dominique Lohez [EMAIL PROTECTED] wrote: Hello karim The line must be at most 64 octets long using the file essai.pem where the unique has been splited in three the command openssl enc -base64 -d -in essai.pem works. but be carefull most of the characterare not printables karim Bendadda a écrit : Hi All, I'm trying to decode a Base64 encoded string. Using the openssl decoding command:/ echo nnnKZdKOQMmVpLEOBqNU3L07ELMSoQxW0z7SvgZBmwXpjvMYPqnSMaWy9vu6NFUHGc40nhLbaFe8vI159nZHHdMOssHyfI6kzXljRolfrSX6bNjcMvfy7k5J+2xo451u= | openssl enc -base64 -d /I got no result! nothing!!! I tried to decode this string on an online base64 decoder http://webnet77.com/cgi-bin/helpers/base-64.pl and it's ok!! I have the correct string ( wich is an encrypted string). What's wrong with openssl command??? Thank you for help. -- Karim -- Dr Dominique LOHEZ ISEN 41, Bd Vauban F59046 LILLE France Phone : +33 (0)3 20 30 40 71 Email: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Karim
Re: [Base64 Decoding] Bug when decoding??
You have to write a loop 1) extract the 64 first byte from the coded string and copy the to a working buffer 2) convert the working buffer to aat most 48 bytes result buffer 3) copy the working buffer to the the result 4) continue with the next 64 byte s of the input string karim Bendadda a écrit : Hi Dominique, First I'd like to thank you for your quick answer. You're right, it works well when spliting. I'd like now to do it using the openssl API (I found the function above on the web). This function works well for input at most 64 bytes .May I have to do a manual split where input is at least 64 bytes long? Is there any methods (an Openssl function for example) to do it automatically???. Thank you for your efforts. /char *unbase64(unsigned char *input, int length) { BIO *b64, *bmem; char *buffer = (char *)malloc(length); memset(buffer, 0, length); b64 = BIO_new(BIO_f_base64()); bmem = BIO_new_mem_buf(input, length); bmem = BIO_push(b64, bmem); BIO_read(bmem, buffer, length); BIO_free_all(bmem); return buffer; } / --- On Thu, May 22, 2008 at 3:57 PM, Dominique Lohez [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hello karim The line must be at most 64 octets long using the file essai.pem where the unique has been splited in three the command openssl enc -base64 -d -in essai.pem works. but be carefull most of the characterare not printables karim Bendadda a écrit : Hi All, I'm trying to decode a Base64 encoded string. Using the openssl decoding command:/ echo nnnKZdKOQMmVpLEOBqNU3L07ELMSoQxW0z7SvgZBmwXpjvMYPqnSMaWy9vu6NFUHGc40nhLbaFe8vI159nZHHdMOssHyfI6kzXljRolfrSX6bNjcMvfy7k5J+2xo451u= | openssl enc -base64 -d /I got no result! nothing!!! I tried to decode this string on an online base64 decoder http://webnet77.com/cgi-bin/helpers/base-64.pl and it's ok!! I have the correct string ( wich is an encrypted string). What's wrong with openssl command??? Thank you for help. -- Karim -- Dr Dominique LOHEZ ISEN 41, Bd Vauban F59046 LILLE France Phone : +33 (0)3 20 30 40 71 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org mailto:openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Karim -- Dr Dominique LOHEZ ISEN 41, Bd Vauban F59046 LILLE France Phone : +33 (0)3 20 30 40 71 Email: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [Base64 Decoding] Bug when decoding??
On Thu, May 22, 2008 at 02:20:07PM +0200, karim Bendadda wrote: Hi All, I'm trying to decode a Base64 encoded string. Using the openssl decoding command:* echo nnnKZdKOQMmVpLEOBqNU3L07ELMSoQxW0z7SvgZBmwXpjvMYPqnSMaWy9vu6NFUHGc40nhLbaFe8vI159nZHHdMOssHyfI6kzXljRolfrSX6bNjcMvfy7k5J+2xo451u= | openssl enc -base64 -d The string is too long to fit on one line. The openssl base64 decoder requires long strings to be split over multiple lines. As you can see, the limit is 80 characters per-line: $ let i=15; while (( i 25)) do echo $i $(perl -e printf qq{%s\n}, q{} x $i | openssl base64 -d | wc -c) let i=i+1 done 15 45 16 48 17 51 18 54 19 57 20 0 21 0 22 0 23 0 24 0 Also each line MUST end with \n or \r\n, incomplete last lines don't work: $ let i=15; while (( i 25)) do echo $i $(perl -e printf qq{%s}, q{} x $i | openssl base64 -d | wc -c) let i=i+1 done 15 0 16 0 17 0 18 0 19 0 20 0 21 0 22 0 23 0 24 0 -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [Base64 Decoding] Bug when decoding??
On Thu, May 22, 2008, karim Bendadda wrote: Hi All, I'm trying to decode a Base64 encoded string. Using the openssl decoding command:* echo nnnKZdKOQMmVpLEOBqNU3L07ELMSoQxW0z7SvgZBmwXpjvMYPqnSMaWy9vu6NFUHGc40nhLbaFe8vI159nZHHdMOssHyfI6kzXljRolfrSX6bNjcMvfy7k5J+2xo451u= | openssl enc -base64 -d *I got no result! nothing!!! I tried to decode this string on an online base64 decoder http://webnet77.com/cgi-bin/helpers/base-64.pl and it's ok!! I have the correct string ( wich is an encrypted string). What's wrong with openssl command??? Did you try the -A option? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to convert base64 encoded char buffer to X509
On Thu, Apr 10, 2008, Mohd Saleem wrote: Hi , I have char buffer in base64 encoded format. The client should read the buffer, decode it and get the result in X509 structure, i am facing issues with this. I am getting an error, error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag. Could you help me in resolving this. Any help will be great. I have attached code for reference. Thanks in advance. Saleem // This is my base64 encoded certificate char *gacacert = MIICLzCCAiswggGUoAMCAQICBgEYgSDT3DANBgkqhkiG9w0BAQUFADA0MRAwDgYD\n\ VQQKEwdlbnRydXN0MQwwCgYDVQQLEwNlbmcxEjAQBgNVBAMTCWdhTG9jYWxDQTAe\n\ Fw0wODAzMDUyMjQ3MzVaFw0yODAyMjkyMjQ3MzVaMDQxEDAOBgNVBAoTB2VudHJ1\n\ c3QxDDAKBgNVBAsTA2VuZzESMBAGA1UEAxMJZ2FMb2NhbENBMIGfMA0GCSqGSIb3\n\ DQEBAQUAA4GNADCBiQKBgQDW4ONrqPZ/Hc9Ft/vL1eD76XpbxhdmAezpjGK0aWa2\n\ 2QCkDD6IpU3VxpW93+i8em2zgCV5fujbcJuNebk+Y24q3w8FVbba7BZGcaoatB99\n\ vdZ0gp/t/DXq9KsdxdlE2W/mKBCvxkkMsEnm5kHeHZXByouqPvIXGBsJORCH2ahB\n\ vwIDAQABo0gwRjASBgNVHRMBAf8ECDAGAQH/AgEAMBEGCWCGSAGG+EIBAQQEAwIA\n\ JDAdBgNVHQ4EFgQUIZVCc+92iSwt3CD3P9TYIJB6pLQwDQYJKoZIhvcNAQEFBQAD\n\ gYEAjZq3mZ/Q6F26BBd74Q5lJcABGTM4nB1mThaCJk//dLx6WhmWoXJoZD0//nYM\n\ UDvISCc4KtMZoe5qkO/BKJs9IwsXQyZiPl5bAtcfN6OmSe+fmNPMUKD1ck8l7WLu\n\ 7k6hlBwrIIi05KhiYLY5i4ZbVh0+DyjIkXbv2GJj+g0CrEE=; int SClient::loadCert(char *v_cert) { try { char errStr[512]; int ierr = 0; SSLeay_add_ssl_algorithms(); SSL_METHOD *pSSLMethod = SSLv3_client_method(); SSL_load_error_strings(); SSL_CTX *pSSL_Context = SSL_CTX_new (pSSLMethod); // Adding the header and footer char *charsToPrepend = -BEGIN CERTIFICATE-\n; char *charsToAppend = \n-END CERTIFICATE-; char memBuffer[2000]; strcpy(memBuffer, charsToPrepend); strcat(memBuffer, v_cert); strcat(memBuffer, charsToAppend); BIO *membuf = BIO_new(BIO_s_mem()); BIO_puts(membuf, memBuffer); // This is returning null. X509 *x509 = PEM_read_bio_X509(membuf, NULL, NULL, NULL); if (x509 == NULL) { ierr = ERR_get_error(); ERR_error_string(ierr, errStr); // The error here is // error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag } } catch( ...) { //(Unexpected exception); return 0; } return 1; } The actual data you have there is not a valid certificate. If you print the complete error using ERR_print_errors_fp() for example it will complain about the serialNumber field. Analysing the result shows it is actually a SEQUENCE OF Certificate. So whatever produced that data needs to output in the correct form. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to convert base64 encoded char buffer to X509
Hi , I have char buffer in base64 encoded format. The client should read the buffer, decode it and get the result in X509 structure, i am facing issues with this. I am getting an error, error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag. Could you help me in resolving this. Any help will be great. I have attached code for reference. Thanks in advance. Saleem // This is my base64 encoded certificate char *gacacert = MIICLzCCAiswggGUoAMCAQICBgEYgSDT3DANBgkqhkiG9w0BAQUFADA0MRAwDgYD\n\ VQQKEwdlbnRydXN0MQwwCgYDVQQLEwNlbmcxEjAQBgNVBAMTCWdhTG9jYWxDQTAe\n\ Fw0wODAzMDUyMjQ3MzVaFw0yODAyMjkyMjQ3MzVaMDQxEDAOBgNVBAoTB2VudHJ1\n\ c3QxDDAKBgNVBAsTA2VuZzESMBAGA1UEAxMJZ2FMb2NhbENBMIGfMA0GCSqGSIb3\n\ DQEBAQUAA4GNADCBiQKBgQDW4ONrqPZ/Hc9Ft/vL1eD76XpbxhdmAezpjGK0aWa2\n\ 2QCkDD6IpU3VxpW93+i8em2zgCV5fujbcJuNebk+Y24q3w8FVbba7BZGcaoatB99\n\ vdZ0gp/t/DXq9KsdxdlE2W/mKBCvxkkMsEnm5kHeHZXByouqPvIXGBsJORCH2ahB\n\ vwIDAQABo0gwRjASBgNVHRMBAf8ECDAGAQH/AgEAMBEGCWCGSAGG+EIBAQQEAwIA\n\ JDAdBgNVHQ4EFgQUIZVCc+92iSwt3CD3P9TYIJB6pLQwDQYJKoZIhvcNAQEFBQAD\n\ gYEAjZq3mZ/Q6F26BBd74Q5lJcABGTM4nB1mThaCJk//dLx6WhmWoXJoZD0//nYM\n\ UDvISCc4KtMZoe5qkO/BKJs9IwsXQyZiPl5bAtcfN6OmSe+fmNPMUKD1ck8l7WLu\n\ 7k6hlBwrIIi05KhiYLY5i4ZbVh0+DyjIkXbv2GJj+g0CrEE=; int SClient::loadCert(char *v_cert) { try { char errStr[512]; int ierr = 0; SSLeay_add_ssl_algorithms(); SSL_METHOD *pSSLMethod = SSLv3_client_method(); SSL_load_error_strings(); SSL_CTX *pSSL_Context = SSL_CTX_new (pSSLMethod); // Adding the header and footer char *charsToPrepend = -BEGIN CERTIFICATE-\n; char *charsToAppend = \n-END CERTIFICATE-; char memBuffer[2000]; strcpy(memBuffer, charsToPrepend); strcat(memBuffer, v_cert); strcat(memBuffer, charsToAppend); BIO *membuf = BIO_new(BIO_s_mem()); BIO_puts(membuf, memBuffer); // This is returning null. X509 *x509 = PEM_read_bio_X509(membuf, NULL, NULL, NULL); if (x509 == NULL) { ierr = ERR_get_error(); ERR_error_string(ierr, errStr); // The error here is // error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag } } catch( ...) { //(Unexpected exception); return 0; } return 1; }
Re: How to convert base64 encoded char buffer to X509
On Thu, Apr 10, 2008, Mohd Saleem wrote: Hi , I have char buffer in base64 encoded format. The client should read the buffer, decode it and get the result in X509 structure, i am facing issues with this. I am getting an error, error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag. Could you help me in resolving this. Any help will be great. I have attached code for reference. Thanks in advance. Saleem // This is my base64 encoded certificate char *gacacert = MIICLzCCAiswggGUoAMCAQICBgEYgSDT3DANBgkqhkiG9w0BAQUFADA0MRAwDgYD\n\ VQQKEwdlbnRydXN0MQwwCgYDVQQLEwNlbmcxEjAQBgNVBAMTCWdhTG9jYWxDQTAe\n\ Fw0wODAzMDUyMjQ3MzVaFw0yODAyMjkyMjQ3MzVaMDQxEDAOBgNVBAoTB2VudHJ1\n\ c3QxDDAKBgNVBAsTA2VuZzESMBAGA1UEAxMJZ2FMb2NhbENBMIGfMA0GCSqGSIb3\n\ DQEBAQUAA4GNADCBiQKBgQDW4ONrqPZ/Hc9Ft/vL1eD76XpbxhdmAezpjGK0aWa2\n\ 2QCkDD6IpU3VxpW93+i8em2zgCV5fujbcJuNebk+Y24q3w8FVbba7BZGcaoatB99\n\ vdZ0gp/t/DXq9KsdxdlE2W/mKBCvxkkMsEnm5kHeHZXByouqPvIXGBsJORCH2ahB\n\ vwIDAQABo0gwRjASBgNVHRMBAf8ECDAGAQH/AgEAMBEGCWCGSAGG+EIBAQQEAwIA\n\ JDAdBgNVHQ4EFgQUIZVCc+92iSwt3CD3P9TYIJB6pLQwDQYJKoZIhvcNAQEFBQAD\n\ gYEAjZq3mZ/Q6F26BBd74Q5lJcABGTM4nB1mThaCJk//dLx6WhmWoXJoZD0//nYM\n\ UDvISCc4KtMZoe5qkO/BKJs9IwsXQyZiPl5bAtcfN6OmSe+fmNPMUKD1ck8l7WLu\n\ 7k6hlBwrIIi05KhiYLY5i4ZbVh0+DyjIkXbv2GJj+g0CrEE=; int SClient::loadCert(char *v_cert) { try { char errStr[512]; int ierr = 0; SSLeay_add_ssl_algorithms(); SSL_METHOD *pSSLMethod = SSLv3_client_method(); SSL_load_error_strings(); SSL_CTX *pSSL_Context = SSL_CTX_new (pSSLMethod); // Adding the header and footer char *charsToPrepend = -BEGIN CERTIFICATE-\n; char *charsToAppend = \n-END CERTIFICATE-; char memBuffer[2000]; strcpy(memBuffer, charsToPrepend); strcat(memBuffer, v_cert); strcat(memBuffer, charsToAppend); BIO *membuf = BIO_new(BIO_s_mem()); BIO_puts(membuf, memBuffer); // This is returning null. X509 *x509 = PEM_read_bio_X509(membuf, NULL, NULL, NULL); if (x509 == NULL) { ierr = ERR_get_error(); ERR_error_string(ierr, errStr); // The error here is // error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag } } catch( ...) { //(Unexpected exception); return 0; } return 1; } Since you mentioned you can't convert the buffer to DER and use that directly You need a \n on the end of charsToAppend. There are a couple of alternatived. Instead of writing to a memory BIO you can create on directly using BIO_new_mem_buf(). Also you can avoid the append/prepend stuff by prepending a base64 BIO and call d2i_X509_bio() on the result. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PEM_read_bio:bad base64 decode:pem_lib.c
Is your key in the right format? On Jan 24, 2008 3:47 PM, Artur Jasowicz [EMAIL PROTECTED] wrote: I am trying to decrypt a private key and am running into following error: $ openssl rsa -in my.key -out my.key.dec unable to load Private Key 28356:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:753: No references in google for this particular message. Any help appreciated __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- == John T. Cox e-mail [EMAIL PROTECTED] www http://members.iglou.com/vampire ==
PEM_read_bio:bad base64 decode:pem_lib.c
I am trying to decrypt a private key and am running into following error: $ openssl rsa -in my.key -out my.key.dec unable to load Private Key 28356:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:753: No references in google for this particular message. Any help appreciated __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
BIO_read and base64 problems
Goodmorning, i'm trying to write an easy program to test the base64 BIO filter but it seems it doesn't work. In particular if i push the bio64, i read a little amount of data and i pop the bio64 the read in the middle fail ( return 0 ). This doens't happen if the text to read is a lot. This is a little example: #include openssl/evp.h #include stdio.h #include string.h int main() { BIO *in, *out, *b64; char str[50]; int str_len; out=BIO_new(BIO_s_file()); BIO_write_filename(out,./file); b64=BIO_new(BIO_f_base64()); BIO_puts(out,FIRST STRING\n); out=BIO_push(b64,out); BIO_write(out,short string\n,strlen(short string\n)); BIO_flush(out); out=BIO_pop(b64); BIO_puts(out,SECOND STRING\n); out=BIO_push(b64,out); BIO_write(out,short string\n,strlen(short string\n)); BIO_flush(out); out=BIO_pop(b64); BIO_free(out); system(pause); in=BIO_new(BIO_s_file()); BIO_read_filename(in,./file); str_len=BIO_read(in,str,strlen(PRIMA STRINGA\n)); printf(\n%s - %d\n,str,str_len); in=BIO_push(b64,in); str_len=BIO_read(in,str,strlen(stringa di prova\n)); //this read returns 0 printf(\n%s - %d\n,str,str_len); in=BIO_pop(b64); BIO_read(in,str,strlen(SECONDA STRINGA\n)); in=BIO_push(b64,in); BIO_read(in,str,strlen(stringa di prova\n)); //this read returns 0 in=BIO_pop(b64); printf(\n%s\n,str); } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
0.9.7 DES Base64
Hello all, Hoping someone can help me here. I have this function that I use to do DES and Base64 encryption/encoding/decryption/decoding. When it links against libcrypto.0.9 it works fine. However when I rebuild it against libcrypto.0.9.7 it doesn't work. It encrypts but when I got to decrypt, it tells me the decrypt failed. Can anyone see the problem. I'm desparate. I've spent hours trying to figure this out. Thank you for any and all help. - typedef enum { myenc_DECRYPT = 0, myenc_ENCRYPT = 1 } myenc_t; //Caller must free the returned string. //Returns null on error. char* base64DESEncrypt(myenc_t enc, const char *pass, const char *data, int *dataSize) { IFDEBUG(printf(base64DESEncrypt begin %s\n, pass)); static const char magic[]=Salted__; char mbuf[8]; /* should be 1 smaller than magic */ unsigned char *buff=NULL; int bsize=BSIZE; char* ret=NULL; int inl; unsigned char key[24],iv[MD5_DIGEST_LENGTH]; unsigned char salt[PKCS5_SALT_LEN]; char *hkey=NULL,*hiv=NULL; int base64=0; int nosalt=0; const EVP_CIPHER *cipher=NULL; BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; IFDEBUG( BIO *bio_err=NULL; if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); ) //nosalt = 1; base64 = 1; if(!MYENC_IS_INITED) { //only add the algorithms once //SSLeay_add_all_algorithms(); SSLeay_add_all_ciphers(); MYENC_IS_INITED = 1; } cipher=EVP_get_cipherbyname(des); buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize)); in=BIO_new(BIO_s_mem()); BIO_write(in, data, *dataSize); out=BIO_new(BIO_s_mem()); if((in == NULL) || (out == NULL)) { IFDEBUG(ERR_print_errors(bio_err);) goto end; } rbio=in; wbio=out; if(base64) { if((b64=BIO_new(BIO_f_base64())) == NULL) goto end; if(enc == myenc_ENCRYPT) wbio=BIO_push(b64,wbio); else rbio=BIO_push(b64,rbio); } if(cipher != NULL) { if(pass != NULL) { /* Salt handling: if encrypting generate a salt and * write to output BIO. If decrypting read salt from * input BIO. */ unsigned char *sptr; if(nosalt) sptr = NULL; else { if(enc == myenc_ENCRYPT) { if(RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) 0) goto end; /* If -P option then don't bother writing */ if((BIO_write(wbio,magic, sizeof magic-1) != sizeof magic-1 || BIO_write(wbio, (char *)salt, PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) { IFDEBUG(BIO_printf(bio_err,error writing output file\n);) goto end; } } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf || BIO_read(rbio, (unsigned char *)salt, PKCS5_SALT_LEN) != PKCS5_SALT_LEN) { IFDEBUG(BIO_printf(bio_err,error reading input file\n);) goto end; } else if(memcmp(mbuf,magic,sizeof magic-1)) { IFDEBUG(BIO_printf(bio_err,bad magic number\n);) goto end; } sptr = salt; } EVP_BytesToKey(cipher,EVP_md5(),sptr, (unsigned char *)pass, strlen(pass),1,key,iv); } if ((hiv != NULL) !set_hex
Re: Base64 encoding with BIO_new_mem_buf
One other issue though the base64 encoded string contains new line character at the end. is there a way through the api to not include it. From: k b [EMAIL PROTECTED] Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: Re: Base64 encoding with BIO_new_mem_buf Date: Thu, 12 Jul 2007 12:20:46 -0700 that was indeed the problem, a read only buffer. Thanks Jim ! From: Jim Fox [EMAIL PROTECTED] Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: Re: Base64 encoding with BIO_new_mem_buf Date: Thu, 12 Jul 2007 11:21:28 -0700 (PDT) And yeah even with the correct size it still doesn't work. The BIO_new_mem_buf creates a read-only buffer. If you want to write to memory use bio = BIO_new(BIO_s_mem()); and use BIO_get_mem_ptr to get a pointer to the buffer. Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] _ Local listings, incredible imagery, and driving directions - all in one place! http://maps.live.com/?wip=69FORM=MGAC01 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] _ http://newlivehotmail.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Base64 encoding with BIO_new_mem_buf
One other issue though the base64 encoded string contains new line character at the end. is there a way through the api to not include it. It is characteristic of openssl to insert linebreaks in both base64 and PEM encodings --- and to require them when it decodes data. If for some reason you don't want the newlines you may have to delete them all, not just the one at the end. Ditto for PEM data. Remember thought that if want to decode either with openssl you'll have to put the newlines back. Anyone consuming PEM or base64 will be more interoperative if they handle encoded data both with and without linebreaks. Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Base64 encoding with BIO_new_mem_buf
Hi, I'm trying to use BIO to do base64 encoding. but here's the problem in the sample code below, if I comment out like 1 (which uses mem bio) and uncomment 2 (one that uses file bio) everything works and the encoded string is written the std out. Which is good as it tells me that things are working fine. But what i really want is the encoded string in a char buffer. And so i comment out 2 and use 1 instead. As its suppose to write the encoded string into a buffer, but the problem here is pEncBuf is empty even though bytesWritten says it wrote 4 bytes. And i can't explain why it won't work. So to sum it up file Bio works and mem bio doesn't. If any one of you have any ideas please let me know. thanks ! /// code int b64encode(const char *pPlainText, int pSize, char *pEncBuf, unsigned int *pEncSize); int main(int argc, char *argv[]) { char ch[] = adsf; char enc[128]; int encSize= 0; b64encode(ch, strlen(ch), enc, encSize); printf([%s], enc); } int b64encode(const char *pPlainText, int pSize, char *pEncBuf, unsigned int *pEncSize) { BIO *bio, *b64; b64 = BIO_new(BIO_f_base64 ()); bio = BIO_new_mem_buf(pEncBuf, *pEncSize); 1 //bio = BIO_new_fp (stdout, BIO_NOCLOSE); 2 BIO_push (b64, bio); int bytesWritten = BIO_write(b64, pPlainText, pSize); printf(Bytes Written %d, %s\n, bytesWritten, *pEncBuf); BIO_flush (bio); BIO_free_all (bio); return bytesWritten; } /// code ends _ http://newlivehotmail.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Base64 encoding with BIO_new_mem_buf
But what i really want is the encoded string in a char buffer. And so i comment out 2 and use 1 instead. As its suppose to write the encoded string into a buffer, but the problem here is pEncBuf is empty even though bytesWritten says it wrote 4 bytes. And i can't explain why it won't work. Your code is creating a mem buf of zero length. The second argument to BIO_new_mem_buf is the actual length of the buffer. Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Base64 encoding with BIO_new_mem_buf
Thanks for pointing it out Jim, actually that was a error in creating the sample code for the post the actual code looks more like the one show below int main(int argc, char *argv[]) { char ch[] = adsf; char enc[128]; int encSize= 128; b64encode(ch, strlen(ch), enc, encSize); printf([%s]\n, enc); } And yeah even with the correct size it still doesn't work. here's the output i get from all the printfs $./a.out Bytes Written 4, (null) [] $ From: Jim Fox [EMAIL PROTECTED] Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: Re: Base64 encoding with BIO_new_mem_buf Date: Thu, 12 Jul 2007 10:40:31 -0700 (PDT) But what i really want is the encoded string in a char buffer. And so i comment out 2 and use 1 instead. As its suppose to write the encoded string into a buffer, but the problem here is pEncBuf is empty even though bytesWritten says it wrote 4 bytes. And i can't explain why it won't work. Your code is creating a mem buf of zero length. The second argument to BIO_new_mem_buf is the actual length of the buffer. Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] _ http://liveearth.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Base64 encoding with BIO_new_mem_buf
And yeah even with the correct size it still doesn't work. The BIO_new_mem_buf creates a read-only buffer. If you want to write to memory use bio = BIO_new(BIO_s_mem()); and use BIO_get_mem_ptr to get a pointer to the buffer. Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Base64 encoding with BIO_new_mem_buf
that was indeed the problem, a read only buffer. Thanks Jim ! From: Jim Fox [EMAIL PROTECTED] Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: Re: Base64 encoding with BIO_new_mem_buf Date: Thu, 12 Jul 2007 11:21:28 -0700 (PDT) And yeah even with the correct size it still doesn't work. The BIO_new_mem_buf creates a read-only buffer. If you want to write to memory use bio = BIO_new(BIO_s_mem()); and use BIO_get_mem_ptr to get a pointer to the buffer. Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] _ Local listings, incredible imagery, and driving directions - all in one place! http://maps.live.com/?wip=69FORM=MGAC01 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl base64 routines
Hi all, Is there some API functions to base64 encode and decode strings? I saw that base64 command is supported in openssl, (openssl base64 [options]), but I could not find any functions that I can call in my C, C++ application programs. Please guide. Best regards, Ambarish. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl base64 routines
On Wed, Nov 22, 2006, Ambarish Mitra wrote: Hi all, Is there some API functions to base64 encode and decode strings? I saw that base64 command is supported in openssl, (openssl base64 [options]), but I could not find any functions that I can call in my C, C++ application programs. Please guide. The base 64 BIO is used by the OpenSSL applications. That is documented in the BIO_f_base64() manual page. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
base64 encode of sha1
Hi, I tried to get the base64 encoded result of a SHA1 digest. But the result is not compatible with the same operation in Java. Also I tried to use a javascript function. It is matching with the result of the Java implementation but not with the openssl result. So I guess there is something wrong with openssl implementation. Here I'll write my approaches. (A) Openssl echo abcde | openssl dgst -sha1 -binary | openssl base64 (B) Java implementation. -- MessageDigest md = MessageDigest.getInstance(SHA1); md.reset(); md.update(abcde.getBytes()); System.out.println(Base64.encode(md.digest())); (C) Javascript var res= b64_sha1(abcde); [Have to include the script file script type=text/javascript src=http://pajhome.org.uk/crypt/md5/sha1.js;/script] Also I tried this with SHA1() function in openssl/sha1 and it produces another result.(Let's say approach D) If I summarize the results. Approach A,B produces the same result. (A95sVwv+JL/DKMzXyka3bq2vQzQ=) Approach C,D produces different results. Thanks, Kaushalye __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: base64 encode of sha1
On Thu, Oct 19, 2006 at 12:14:55PM +0530, Kaushalye Kapuruge wrote: Hi, I tried to get the base64 encoded result of a SHA1 digest. But the result is not compatible with the same operation in Java. Also I tried to use a javascript function. It is matching with the result of the Java implementation but not with the openssl result. So I guess there is something wrong with openssl implementation. Here I'll write my approaches. (A) Openssl echo abcde | openssl dgst -sha1 -binary | openssl base64 echo -n abcde | openssl dgst -sha1 -binary | openssl base64 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]