Re: [openssl-users] Win32 - PEM_read_PrivateKey crash
Thanks, The problem is solved when compiled and linked with "applink.c" On Thu, Feb 11, 2016 at 5:05 PM, Lloyd wrote: > Hi, > > I have downloaded prebuilt version of openssl for windows. I am running on > Windows 7 64bit, Using Visual Studio 2010, generating 32bit binary. > > When I run a simple application which calling "PEM_read_PrivateKey" it > crashes with error "OPENSSL_Uplink(505D6000,08): no OPENSSL_Applink" > > What could be the reason for this? Any hint is greatly appreciated. > > Thanks, > Lloyd > > The following is my code - > > int main() { >EVP_PKEY *privkey; >FILE *fp; >RSA *rsakey; > >OpenSSL_add_all_algorithms(); > >privkey = EVP_PKEY_new(); >fp = fopen ("G:\\temp\\mykey.pem", "r"); //File exists and it opens >PEM_read_PrivateKey( fp, &privkey, NULL, NULL); //CRASH > >fclose(fp); > > ... > > } > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Win32 - PEM_read_PrivateKey crash
Hi, I have downloaded prebuilt version of openssl for windows. I am running on Windows 7 64bit, Using Visual Studio 2010, generating 32bit binary. When I run a simple application which calling "PEM_read_PrivateKey" it crashes with error "OPENSSL_Uplink(505D6000,08): no OPENSSL_Applink" What could be the reason for this? Any hint is greatly appreciated. Thanks, Lloyd The following is my code - int main() { EVP_PKEY *privkey; FILE *fp; RSA *rsakey; OpenSSL_add_all_algorithms(); privkey = EVP_PKEY_new(); fp = fopen ("G:\\temp\\mykey.pem", "r"); //File exists and it opens PEM_read_PrivateKey( fp, &privkey, NULL, NULL); //CRASH fclose(fp); ... } -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: PEM_read_PrivateKey using ECDSA PEMS
First of all let me correct this I am using ECDSA to create and verify a signature for a document. I apparently cannot use the ecdsa.PEM *directory* and so here is my question. to this I am using ECDSA to create and verify a signature for a document. I apparently cannot use the ecdsa.PEM *directly* and so here is my question. I have no idea why the directly got typed as a directory, it happens. I will look at the usage of the PEM directly thank you in advance. -- View this message in context: http://openssl.6102.n7.nabble.com/PEM-read-PrivateKey-using-ECDSA-PEMS-tp43438p43492.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: PEM_read_PrivateKey using ECDSA PEMS
> From: owner-openssl-us...@openssl.org On Behalf Of redpath > Sent: Friday, 01 February, 2013 14:55 > I am using ECDSA to create and verify a signature for a document. > I apparently cannot use the ecdsa.PEM directory and so here > is my question. > Nit: ecdsa.pem is a file, containing (parameters and) a key, not a directory. > Below I have abstraction code for my question. The keys > created are with the > openssl > commands shown below. > > openssl ecparam -out *ecdsa.pem *-name secp224r1 -genkey > openssl req -newkey ec:ecdsa.pem -x509 -nodes -days 731 -keyout > *ecdsapriv.pem* -out *ecdsapublic.x509* > > > The artifacts generated by these commands are > * ecdsa.pem >ecdsapriv.pem >ecdsapublic.x509* > > > > I then create an ECDSA using the ecdsapriv.pem > > m= getdata("*mydocument*",&len); //orignal document > result=sha256((char *)m,len); > > fp =fopen("*ecdsapriv.pem*", "rb"); */*marked*/* > pevpkey= PEM_read_PrivateKey(fp, &pevpkey, NULL, NULL); > > peckey= EVP_PKEY_get1_EC_KEY(pevpkey); > EC_KEY_set_group(peckey,EC_GROUP_new_by_curve_name( > NID_secp224r1) ); > This isn't needed, an ECC key read from a PEM file already has the correct group. In fact if the key in the file is for a different (wrong?) group this will screw it up totally. > unsigned int siglen = ECDSA_size(peckey); > printf("Max signature length is %d \n",siglen); > siglen = ECDSA_size(peckey); > unsigned char *ptr = OPENSSL_malloc(siglen); > unsigned char *save= ptr; > ECDSA_SIG *sig; > ret= ECDSA_sign(0 ,result, SHA256_DIGEST_LENGTH, ptr, > &siglen, peckey); > You don't need to set siglen twice, you don't need two pointers here, and you don't use sig at all. In real code you should check (at least) file opens and mallocs for null before using them, but for posting I'll ignore that. > > outfp = fopen("*mysignatureEC*","wb"); > fwrite(save, 1, siglen, outfp); > fclose(fp); > > **then I verify it reading the X509* > AND ALL WORKS WELL but *why can't I use the *ecdsa.pem* > directly instead I had to use the ecdsapriv.pem? > Your ecparam command generated a key(pair) in ecdsa.pem. Your req -newkey -x509 command generated a *different* key(pair) in ecdsapriv.pem and a cert for *that* key in ecdsapublic.x509. The cert matches the key in ecdsapriv.pem and can verify signatures using that key. The cert does not match the key in ecdsa.pem which is a different key and cannot verify signatures using that key. > You would think the name of this function PEM_read_PrivateKey(**) > means it reads a PEM that might have the public and private > key and gets the private but apparently not? > Yes it does read the privatekey representation, which for OpenSSL always includes the publickey value(s), from the file you specify. (For DSA and ECC/ECDSA the standard privatekey structure includes the public value. For RSA a naive privatekey does not include the public exponent, but OpenSSL uses the CRT form which does.) If you have two files containing different keys, reading those files gives you different keys. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PEM_read_PrivateKey using ECDSA PEMS
I am using ECDSA to create and verify a signature for a document. I apparently cannot use the ecdsa.PEM directory and so here is my question. Below I have abstraction code for my question. The keys created are with the openssl commands shown below. openssl ecparam -out *ecdsa.pem *-name secp224r1 -genkey openssl req -newkey ec:ecdsa.pem -x509 -nodes -days 731 -keyout *ecdsapriv.pem* -out *ecdsapublic.x509* The artifacts generated by these commands are * ecdsa.pem ecdsapriv.pem ecdsapublic.x509* I then create an ECDSA using the ecdsapriv.pem m= getdata("*mydocument*",&len); //orignal document result=sha256((char *)m,len); fp =fopen("*ecdsapriv.pem*", "rb"); */*marked*/* pevpkey= PEM_read_PrivateKey(fp, &pevpkey, NULL, NULL); peckey= EVP_PKEY_get1_EC_KEY(pevpkey); EC_KEY_set_group(peckey,EC_GROUP_new_by_curve_name( NID_secp224r1) ); unsigned int siglen = ECDSA_size(peckey); printf("Max signature length is %d \n",siglen); siglen = ECDSA_size(peckey); unsigned char *ptr = OPENSSL_malloc(siglen); unsigned char *save= ptr; ECDSA_SIG *sig; ret= ECDSA_sign(0 ,result, SHA256_DIGEST_LENGTH, ptr, &siglen, peckey); outfp = fopen("*mysignatureEC*","wb"); fwrite(save, 1, siglen, outfp); fclose(fp); **then I verify it reading the X509* m= getdata("*mydocument*",&len); //get original document data result=sha256((char *)m,len); sig= getdata("*mysignatureEC*",&siglen); //get signature file data fp =fopen("ecdsapublic.x509", "rb"); //open x509 and get public key x509 = PEM_read_X509(fp,&x509, NULL, NULL); evpkey= X509_get_pubkey(x509); pubeckey = EVP_PKEY_get1_EC_KEY(evpkey); ret = ECDSA_verify(0, result,SHA256_DIGEST_LENGTH, sig, siglen, pubeckey); if (ret == -1){ printf("signature error in verify\n"); } else if (ret == 0){ printf(" incorrect signature \n"); } else /* ret == 1 */{ printf("signature ok \n"); } * AND ALL WORKS WELL but *why can't I use the *ecdsa.pem* directly instead I had to use the ecdsapriv.pem? if I switched the filename fp =fopen("ecdsapriv.pem", "rb"); * /*marked*/* to this fp =fopen("ecdsa.pem", "rb"); * /*marked*/* The verify will not work. You would think the name of this function PEM_read_PrivateKey(**) means it reads a PEM that might have the public and private key and gets the private but apparently not? *So let me know anything different* unsigned char *sha256(char *data, int length) { static unsigned char hash[SHA256_DIGEST_LENGTH]; printf("**SHA2 digest follows length=%d:\n",length); SHA256_CTX sha256; SHA256_Init(&sha256); SHA256_Update(&sha256, data, length); SHA256_Final(hash, &sha256); // for curiosity // int i = 0; // for(i = 0; i < SHA256_DIGEST_LENGTH; i++) // printf("%02x", hash[i]); // printf("\n"); return hash; } -- View this message in context: http://openssl.6102.n7.nabble.com/PEM-read-PrivateKey-using-ECDSA-PEMS-tp43438.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RE: PEM_read_PrivateKey
Solved! Thanks, Steve. Leonardo -Mensagem original- De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Em nome de Dr. Stephen Henson Enviada em: terça-feira, 30 de outubro de 2012 20:04 Para: openssl-users@openssl.org Assunto: Re: RES: PEM_read_PrivateKey On Tue, Oct 30, 2012, Leonardo Laface de Almeida wrote: > Hi, > > The code for my project example is attached. The error code is as well. > > The error remains. For generating Key, the callback is called. For getting > Private Key, the callback is not called. > > What's wrong here? > > I really appreciate any help. > The Applink error seems unrelated. Is this the cause: http://www.openssl.org/support/faq.html#PROG8 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: RES: PEM_read_PrivateKey
On Tue, Oct 30, 2012, Leonardo Laface de Almeida wrote: > Hi, > > The code for my project example is attached. The error code is as well. > > The error remains. For generating Key, the callback is called. For getting > Private Key, the callback is not called. > > What's wrong here? > > I really appreciate any help. > The Applink error seems unrelated. Is this the cause: http://www.openssl.org/support/faq.html#PROG8 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RES: PEM_read_PrivateKey
Hi, The code for my project example is attached. The error code is as well. The error remains. For generating Key, the callback is called. For getting Private Key, the callback is not called. What's wrong here? I really appreciate any help. Thanks. Leonardo <>#include using namespace std; #include "openssl/bio.h" #include "openssl/err.h" #include "openssl/bn.h" #include "openssl/rsa.h" #include "openssl/evp.h" #include "openssl/x509.h" #include "openssl/pem.h" #include "openssl/rand.h" #include #include #include #include typedef struct pw_cb_data { const void *password; const char *prompt_info; } PW_CB_DATA; static int rsa_cb(char *buf, int size, int rwflag, void *u) { int len; PW_CB_DATA *cb_data = (PW_CB_DATA *)u; len = strlen((char *)cb_data->password); if (len <= 0) return 0; /* if too long, truncate */ if (len > size) len = size; memcpy(buf, cb_data->password, len); return len; } bool genRSAKpr(char *passwd, char *path_Kpr, int bits) { PW_CB_DATA cb_data; RSA *rsa; const EVP_CIPHER *enc; BIO *bio; BIGNUM *bn; unsigned long f4; int ret = 1; bn = BN_new(); if (bn == NULL) ret = 0; if (ret) bio = BIO_new(BIO_s_file()); if (bio == NULL) ret = 0; if (ret && !BIO_write_filename(bio,path_Kpr)) ret = 0; if (ret) rsa = RSA_new(); if (rsa == NULL) ret = 0; f4 = RSA_F4; if (ret && !BN_set_word(bn, f4)) ret = 0; if (ret && RSA_generate_key_ex(rsa, bits, bn, NULL)<0) ret = 0; if (passwd != '\0') { enc=EVP_aes_256_cbc(); if (enc == NULL) ret = 0; } cb_data.password = passwd; cb_data.prompt_info = path_Kpr; if (ret && !PEM_write_bio_RSAPrivateKey(bio,rsa,enc,NULL,0,(pem_password_cb *)rsa_cb, &cb_data)) ret = 0; if (enc != NULL) { enc = NULL; } if (rsa != NULL) { RSA_free(rsa); rsa = NULL; } if (bio != NULL) { BIO_free_all(bio); bio = NULL; } if (bn != NULL) { BN_free(bn); bn = NULL; } if (ret != 0) return true; return false; } bool genRSAKpu(char *passwd, char *path_Kpr, char *path_Kpu) { PW_CB_DATA cb_data; RSA *rsa; BIO *bio; EVP_PKEY *pkey; int ret = 1; FILE *file; //KPU if (ret) bio = BIO_new(BIO_s_file()); if (bio == NULL) ret = 0; if (ret && !BIO_read_filename(bio,path_Kpr)) ret = 0; cb_data.password = passwd; cb_data.prompt_info = path_Kpr; if (ret) pkey=PEM_read_bio_PrivateKey(bio,NULL,(pem_password_cb *)rsa_cb, &cb_data); if (pkey != NULL) rsa = EVP_PKEY_get1_RSA(pkey); else { ret = 0; file=fopen("Err_openssl.log","a+"); if (file!=NULL) { ERR_print_errors_fp(file); fclose(file); } } if (rsa == NULL) ret = 0; if (ret && !BIO_write_filename(bio,path_Kpu)) ret = 0; if (ret && !PEM_write_bio_RSA_PUBKEY(bio,rsa)) ret = 0; if (rsa != NULL) { RSA_free(rsa); rsa = NULL; } if (pkey != NULL) { EVP_PKEY_free(pkey); pkey = NULL; } if (bio != NULL) { BIO_free_all(bio); bio = NULL; } if (!ret) return false; return true; } int main() { cout << SSLeay_version(SSLEAY_VERSION) << endl; if (genRSAKpr("passwd","C:\\log\\Kpr.pem",1024)) cout << "Kpr Generated!" << endl; else cout << "Error generationg Kpr!" << endl; if (genRSAKpu("passwd","C:\\log\\Kpr.pem","C:\\log\\Kpu.pem")) cout << "Kpu Generated!" << endl; else cout << "Error generationg Kpu!" << endl; return 0; }
RES: PEM_read_PrivateKey
Dave, The Page: http://www.openssl.org/docs/crypto/pem.html Actually, the code is not equal I've reported here. In fact, I will create a project only for this callback problem. The password problem was copy-paste error. I'm sorry about it. I'm going to take the the error code, then I reply here. Anyway, from DOS prompt I can check and get private key. The original code generates the key pair and save the private Key. Then, get the key again to save the public key. Without password and encryption, it works. :) -Mensagem original- De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Em nome de Dave Thompson Enviada em: segunda-feira, 29 de outubro de 2012 19:25 Para: openssl-users@openssl.org Assunto: RE: PEM_read_PrivateKey > From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de Almeida > Sent: Monday, 29 October, 2012 16:20 > The problem I've got is quite simple. The callback I pass > throught this > function is not called. > Someone could please help me figure out why? I've wrote as > OpenSSL page > tells. Am I doing something wrong? Is thera a best way for > doing this? > What page is that? Your posted code is quite unlike any OpenSSL example (or actual) code I've seen. > EVP_PKEY *pkey; > BIO *bio; > There's no reason (this) bio variable should be global, and pkey maybe not. > typedef struct pw_cb_data > { > const void *password; > const char *prompt_info; > } PW_CB_DATA; > > static int rsa_cb(char *buf, int size, int rwflag, void *u) > { > int len; > PW_CB_DATA *cb_data = (PW_CB_DATA *)u; > > //Programm doesn't enter here!! > len = strlen((char *)cb_data->password); > > if (len <= 0) > return 0; > > /* if too long, truncate */ > if (len > size) > len = size; > > memcpy(buf, cb_data->password, len); > > return len; > } > Using a callback to set a caller-supplied C-style string is a waste of time. You can _read*PrivateKey(,,NULL,password). > int main() > { > PW_CB_DATA cb_data; > int ret = 1; > > (...) > memcpy(&kprPath[0],"path_to_Kpr",pathlen); > kprPath[pathlen] = '\0'; > > memcpy(&kprPath[0],"Kpr_password",passlen); > kprPath[passlen] = '\0'; > > if (ret) > bio = BIO_new(BIO_s_file()); > > if (bio == NULL) > ret = 0; > > if (ret && !BIO_read_filename(bio,&kprPath[0])) > ret = 0; > The code above set kprPath to "Kpr_password" which I doubt is the correct filename. > cb_data.password = &passwd[0]; > cb_data.prompt_info = &kprPath[0]; > It might be the correct "prompt", but your callback doesn't use the .prompt_info . It does use .password, and your code doesn't set .password to anything valid at all. > if (ret) > > pkey=PEM_read_bio_PrivateKey(bio,NULL,(pem_password_cb *)rsa_cb, > &cb_data); > > if (pkey != NULL) > ret = 0; > If pretty much any OpenSSL routine returns an error indicateion, and here read*PrivateKey == NULL is an error indication, you should look at the error queue: http://www.openssl.org/support/faq.html#PROG6 I bet you'll see that you didn't give it the correct filename. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PEM_read_PrivateKey
Dear Steve, Thank you very much for the prompt and exhaustive reply. Gerardo On 10/29/12 7:06 PM, Dr. Stephen Henson wrote: > On Mon, Oct 29, 2012, Gerardo Ganis wrote: > >> Dear OpenSSL Users, >> >> Could someone confirm that when loading private keys in memory using >> PEM_read_PrivateKey >> >> EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0); >> >> the full key is filled in, i.e. evpp points to a complete >> (public+private) key? >> By analyzing the structure after the call it looks so, but since it >> is not documented, I was wondering >> whether it is something on which I can count on; if not what is the >> advised way to load a complete >> key in memory? >> > Yes. The data read in either contains the public key components (RSAPrivateKey > for example) or the public key components are calculated (e.g. DSA > and PKCS#8). > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org -- +--+ Gerardo GANISCERN, PH Dept, SFT group, CH 1211 Geneve 23 room: 32-RC-017, tel: +41 22 7676439 email: gerardo.ga...@cern.ch, fax: +41 22 7669133 +--+ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: PEM_read_PrivateKey
> From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de Almeida > Sent: Monday, 29 October, 2012 16:20 > The problem I've got is quite simple. The callback I pass > throught this > function is not called. > Someone could please help me figure out why? I've wrote as > OpenSSL page > tells. Am I doing something wrong? Is thera a best way for > doing this? > What page is that? Your posted code is quite unlike any OpenSSL example (or actual) code I've seen. > EVP_PKEY *pkey; > BIO *bio; > There's no reason (this) bio variable should be global, and pkey maybe not. > typedef struct pw_cb_data > { > const void *password; > const char *prompt_info; > } PW_CB_DATA; > > static int rsa_cb(char *buf, int size, int rwflag, void *u) > { > int len; > PW_CB_DATA *cb_data = (PW_CB_DATA *)u; > > //Programm doesn't enter here!! > len = strlen((char *)cb_data->password); > > if (len <= 0) > return 0; > > /* if too long, truncate */ > if (len > size) > len = size; > > memcpy(buf, cb_data->password, len); > > return len; > } > Using a callback to set a caller-supplied C-style string is a waste of time. You can _read*PrivateKey(,,NULL,password). > int main() > { > PW_CB_DATA cb_data; > int ret = 1; > > (...) > memcpy(&kprPath[0],"path_to_Kpr",pathlen); > kprPath[pathlen] = '\0'; > > memcpy(&kprPath[0],"Kpr_password",passlen); > kprPath[passlen] = '\0'; > > if (ret) > bio = BIO_new(BIO_s_file()); > > if (bio == NULL) > ret = 0; > > if (ret && !BIO_read_filename(bio,&kprPath[0])) > ret = 0; > The code above set kprPath to "Kpr_password" which I doubt is the correct filename. > cb_data.password = &passwd[0]; > cb_data.prompt_info = &kprPath[0]; > It might be the correct "prompt", but your callback doesn't use the .prompt_info . It does use .password, and your code doesn't set .password to anything valid at all. > if (ret) > > pkey=PEM_read_bio_PrivateKey(bio,NULL,(pem_password_cb *)rsa_cb, > &cb_data); > > if (pkey != NULL) > ret = 0; > If pretty much any OpenSSL routine returns an error indicateion, and here read*PrivateKey == NULL is an error indication, you should look at the error queue: http://www.openssl.org/support/faq.html#PROG6 I bet you'll see that you didn't give it the correct filename. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RES: PEM_read_PrivateKey
@Gerardo, I'm having a problem with this function and I will use your thread for some support. @All The problem I've got is quite simple. The callback I pass throught this function is not called. I inserted a breakpoint into cb and it's not called at all. I'm using OpenSSL 1.0.1c. I'm sure about it (My App gets OpenSSL version, now). Someone could please help me figure out why? I've wrote as OpenSSL page tells. Am I doing something wrong? Is thera a best way for doing this? Thanks, Leonardo My code (c++): #include "openssl/bio.h" #include "openssl/err.h" #include "openssl/evp.h" #include "openssl/pem.h" EVP_PKEY *pkey; BIO *bio; typedef struct pw_cb_data { const void *password; const char *prompt_info; } PW_CB_DATA; static int rsa_cb(char *buf, int size, int rwflag, void *u) { int len; PW_CB_DATA *cb_data = (PW_CB_DATA *)u; //Programm doesn't enter here!! len = strlen((char *)cb_data->password); if (len <= 0) return 0; /* if too long, truncate */ if (len > size) len = size; memcpy(buf, cb_data->password, len); return len; } int main() { PW_CB_DATA cb_data; int ret = 1; (...) memcpy(&kprPath[0],"path_to_Kpr",pathlen); kprPath[pathlen] = '\0'; memcpy(&kprPath[0],"Kpr_password",passlen); kprPath[passlen] = '\0'; if (ret) bio = BIO_new(BIO_s_file()); if (bio == NULL) ret = 0; if (ret && !BIO_read_filename(bio,&kprPath[0])) ret = 0; cb_data.password = &passwd[0]; cb_data.prompt_info = &kprPath[0]; if (ret) pkey=PEM_read_bio_PrivateKey(bio,NULL,(pem_password_cb *)rsa_cb, &cb_data); if (pkey != NULL) ret = 0; //ret is equal 0 and pkey is NULL here. (...) return ret; } __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PEM_read_PrivateKey
On Mon, Oct 29, 2012, Gerardo Ganis wrote: > > Dear OpenSSL Users, > > Could someone confirm that when loading private keys in memory using > PEM_read_PrivateKey > > EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0); > > the full key is filled in, i.e. evpp points to a complete > (public+private) key? > By analyzing the structure after the call it looks so, but since it > is not documented, I was wondering > whether it is something on which I can count on; if not what is the > advised way to load a complete > key in memory? > Yes. The data read in either contains the public key components (RSAPrivateKey for example) or the public key components are calculated (e.g. DSA and PKCS#8). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PEM_read_PrivateKey
Dear OpenSSL Users, Could someone confirm that when loading private keys in memory using PEM_read_PrivateKey EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0); the full key is filled in, i.e. evpp points to a complete (public+private) key? By analyzing the structure after the call it looks so, but since it is not documented, I was wondering whether it is something on which I can count on; if not what is the advised way to load a complete key in memory? Thank you in advance for any advise. Gerardo Ganis -- +--+ Gerardo GANISCERN, PH Dept, SFT group, CH 1211 Geneve 23 room: 32-RC-017, tel: +41 22 7676439 email: gerardo.ga...@cern.ch, fax: +41 22 7669133 +--+ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Calls to PEM_read_PrivateKey fail after incorrect password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh jeez, I am! What was I *thinking*?! Wow do I feel *extra* goofy! Heh. Obviously, that fixed it. Thanks much! - Aubrey On Wed, Nov 12, 2008 at 02:55:16PM -0500, Victor Duchovni wrote: > No, you are passing an open file handle. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iEYEARECAAYFAkkbOhYACgkQhOVIaXo9kJtYjgCguGkK4MZMli05OkjXhpDZoH2F 7SYAn0YYZKg8fMTyJ65rD3J/kwCMxcC8 =nB8s -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Calls to PEM_read_PrivateKey fail after incorrect password
On Wed, Nov 12, 2008 at 02:26:49PM -0500, Aubrey Eddleson wrote: > Rewind the key file? But how? I didn't open it; I'm just passing its name to > PEM_read_PrivateKey. Am I totally missing something really obvious here? EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); No, you are passing an open file handle. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Calls to PEM_read_PrivateKey fail after incorrect password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rewind the key file? But how? I didn't open it; I'm just passing its name to PEM_read_PrivateKey. Am I totally missing something really obvious here? On Wed, Nov 12, 2008 at 02:12:03PM -0500, Victor Duchovni wrote: > Rewinding the input file might be a good idea... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iEYEARECAAYFAkkbLfkACgkQhOVIaXo9kJv6RACeJw1+goND7CvuMFRvI5ZMkfG8 LMoAoI59L07mKzJilccPTCcGzAet9EXu =CLAI -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Calls to PEM_read_PrivateKey fail after incorrect password
On Wed, Nov 12, 2008 at 02:03:59PM -0500, Aubrey Eddleson wrote: > Greetings! > > I'm working on a proof-of-concept SSH key cracker: my code reads in password > guesses from standard input and for each guess, calls PEM_read_PrivateKey. If > that returns a valid pointer, that indicates that the password was correct. > (I > think I'm right so far.) This works just fine IF the first call to > PEM_read_PrivateKey is with the correct password, but if it isn't, any > subsequent calls fail, even if the correct password is given. > Rewinding the input file might be a good idea... -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Calls to PEM_read_PrivateKey fail after incorrect password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings! I'm working on a proof-of-concept SSH key cracker: my code reads in password guesses from standard input and for each guess, calls PEM_read_PrivateKey. If that returns a valid pointer, that indicates that the password was correct. (I think I'm right so far.) This works just fine IF the first call to PEM_read_PrivateKey is with the correct password, but if it isn't, any subsequent calls fail, even if the correct password is given. Any advice would be greatly appreciated! If this isn't the right place to ask this, or if my project is inappropriate discussion material, I sincerely apologise. Thank you, Aubrey Eddleson For reference, my code: - -- ssh-crack.c -- #include #include #include #include #include #include #define BUFSIZE 64 int main(int argc, char **argv) { FILE *f; EVP_PKEY *pk; char *p; char *pass; pass = malloc(sizeof(char) * BUFSIZE); if (! pass) { fprintf(stderr, "malloc error!\n"); return 2; } f = fopen(argv[1], "r"); if (f == NULL) { fprintf(stderr, "Couldn't open '%s'!\n", argv[1]); return 2; } SSL_library_init(); for (;;) { if (fgets(pass, BUFSIZE, stdin) == NULL) { fprintf(stderr, "End of wordlist!\n"); return 1; } p = strchr(pass, '\n'); if (p) *p = '\0'; fprintf(stderr, "Trying key '%s'.\n", pass); pk = PEM_read_PrivateKey(f, NULL, NULL, (char *) pass); if (pk) { printf("Key is '%s'.\n", pass); break; } } return 0; } -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iEYEARECAAYFAkkbKJ8ACgkQhOVIaXo9kJvmwgCfUV6tnLnfaH5S+/ytsVsUoKKq k4IAn1IKMvLdmvicQrMnPMc4v0umGPau =zNaC -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PEM_read_PrivateKey does not return private key
On Wed, Oct 17, 2007 at 12:43:03PM -0700, Jim Fox wrote: > > >I have a private CA certificate created using openssl command line. The > >issue is that the certificate expires on 19th Oct, 2007. The question is > >that "Is it possible to extend the expiry of this certificate without > >changing any other fields in the certificate?" Basically, I want to > >continue > >using this CA Cert to sign end-user certs for a longer time. > >Any help will be appreciated. Thanks. > > > > Use the same key and the same DN and the cert will continue > to act as a valid CA for any other certs you have signed. Also the same serial number and authority identifier in v3 extensions if present in the expiring CA cert, for example: ... Serial Number: c5:30:80:16:44:78:d9:12 ... X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: F1:EF:77:42:18:C4:D6:E2:6D:1C:3D:A8:02:BE:E2:F3:E4:6E:50:40 X509v3 Authority Key Identifier: keyid:F1:EF:77:42:18:C4:D6:E2:6D:1C:3D:A8:02:BE:E2:F3:E4:6E:50:40 DirName: serial:C5:30:80:16:44:78:D9:12 ... If any of this information changes, certificates will fail verification. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PEM_read_PrivateKey does not return private key
I have a private CA certificate created using openssl command line. The issue is that the certificate expires on 19th Oct, 2007. The question is that "Is it possible to extend the expiry of this certificate without changing any other fields in the certificate?" Basically, I want to continue using this CA Cert to sign end-user certs for a longer time. Any help will be appreciated. Thanks. Use the same key and the same DN and the cert will continue to act as a valid CA for any other certs you have signed. However, any site that has cached your CA cert will have to get the new one. Theirs will expire soon. Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PEM_read_PrivateKey does not return private key
Hi, I have a private CA certificate created using openssl command line. The issue is that the certificate expires on 19th Oct, 2007. The question is that "Is it possible to extend the expiry of this certificate without changing any other fields in the certificate?" Basically, I want to continue using this CA Cert to sign end-user certs for a longer time. Any help will be appreciated. Thanks.
PEM_read_PrivateKey does not return private key
Hi, I searched for this function on net and got lot of threads, but couldn't solve my problem. My problem is as follows.. I have generated a RSA key using OenSSL and stored it in a PEM file. When i try to read it using above function , the structure returned to me by PEM_read_PrivateKey is NULL( i mean it does not contain anything). Anybody having any idea about this issue?? I tried even the DER format, tried to convert it into binary format and read using d2i_RSA_PUBKEY, but no luck. Any help is highly appreciated. Thanks & Regards Shalmi -- View this message in context: http://www.nabble.com/PEM_read_PrivateKey-does-not-return-private-key-tf4633115.html#a13230138 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
孙 金龙 wrote: > thanks! i only want to read ec privatekey > my ec privatekey is below > -BEGIN EC PRIVATE KEY- > MGACAQEEGAu0lmj+Fgurl8m7Tpwi4+wZk9GRSgdyjKALBgkqgRzXYwEBAgGhNAMy > AQS0/wY++sZk+W3QERcmJ+5m1l+PKkaFhJelGBfWaDN4vmSZg7ltf8YtRaUVvyaS > m1I= > -END EC PRIVATE KEY- > so i use EVP_PKEY *prikey; > FILE *keyfp; > if (!(prikey = PEM_read_PrivateKey(keyfp, NULL, NULL, NULL))) > return 0; > return 1; > it always return 0,by the way the my ec curve is not in openssl ec curve > list. the above ec private key specifies uses an OID to specify the ec group used but if openssl doesn't know the group it can't create a private key object. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
PEM_read_PrivateKey call PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) { if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) return NULL; p = data; if (strcmp(nm,PEM_STRING_RSA) == 0) ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len); else if (strcmp(nm,PEM_STRING_DSA) == 0) ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len); else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0) ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len); } the cert nm find -BEGIN EC PRIVATE KEY- then call ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len); id d2i_PrivateKey() #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, (const unsigned char **)pp, length)) == NULL) { //ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err; } break; #endif so last it's call d2i_ECPrivateKey but my ec curve is not in openssl curve list so it's error to read private key From: "Rajeshwar Singh Jenwar" <[EMAIL PROTECTED]> Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: Re: i am confused in PEM_read_PrivateKey Date: Wed, 14 Jun 2006 09:49:04 +0530 Hi Girish, Can u explain how d2i is indeed getting resolve to d2i_RSAPrivateKey() ? RSJ On 6/13/06, Girish Venkatachalam <[EMAIL PROTECTED]> wrote: Sorry I was wrong. d2i indeed resolves to d2i_RSAPrivateKey() which takes 3 parameters and passes the first type parameter to d2i_PrivateKey() which takes 4 parameters. But it beats me why I cannot find the definition of d2i_RSAPrivateKey() anywhere. --- Rajeshwar Singh Jenwar <[EMAIL PROTECTED]> wrote: > how come ? plz explain. > > On 6/13/06, Girish Venkatachalam > <[EMAIL PROTECTED]> wrote: > > > > bcoz d2i resolves to d2i_X509() , not to > > d2i_PrivateKey > > > > --- 锟斤拷 锟斤拷锟斤拷 <[EMAIL PROTECTED]> > wrote: > > > > > when i use PEM_read_PrivateKey find it work > error > > > ,so i look into > > > PEM_read_PrivateKey to find the reason. > > > first i find in > > > #define PEM_read_PrivateKey(fp,x,cb,u) > (EVP_PKEY > > > *)PEM_ASN1_read( \ > > > (char > > > > *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char > > > **)x,cb,u) > > > next i find in > > > void *PEM_ASN1_read(d2i_of_void *d2i, const char > > > *name, FILE *fp, void **x, > > > pem_password_cb *cb, void *u) > > > { > > > BIO *b; > > > void *ret; > > > > > > if ((b=BIO_new(BIO_s_file())) == NULL) > > > { > > > > PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); > > > return(0); > > > } > > > BIO_set_fp(b,fp,BIO_NOCLOSE); > > > > ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); > > > BIO_free(b); > > > return(ret); > > > } > > > then i goto > > > void *PEM_ASN1_read_bio(d2i_of_void *d2i, const > char > > > *name, BIO *bp, void > > > **x, > > > pem_password_cb *cb, void > *u) > > > { > > > const unsigned char *p=NULL; > > > unsigned char *data=NULL; > > > long len; > > > char *ret=NULL; > > > > > > if (!PEM_bytes_read_bio(&data, &len, NULL, > name, > > > bp, cb, u)) > > > return NULL; > > > p = data; > > > ret=d2i(x,&p,len); > > > if (ret == NULL) > > > > PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); > > > OPENSSL_free(data); > > > return(ret); > > > } > > > i found the ret=d2i(x,&p,len); > > > but the function is > > > EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, > > > const unsigned char **pp, > > >long length) > > > i think d2i must have 4 parameter but is only > > > three,why? Thanks a lot! > > > > > > > > > _ > > > 锟斤拷锟斤拷锟斤拷锟?MSN Explorer: > > > http://explorer.msn.com/lccn/ > > > > > > > > > __ > > > OpenSSL Project > > > http://www.openssl.org > > > User Support Mailing List > > > o
Re: i am confused in PEM_read_PrivateKey
Hi Girish, Can u explain how d2i is indeed getting resolve to d2i_RSAPrivateKey() ? RSJ On 6/13/06, Girish Venkatachalam <[EMAIL PROTECTED]> wrote: Sorry I was wrong. d2i indeed resolves tod2i_RSAPrivateKey() which takes 3 parameters andpasses the first type parameter to d2i_PrivateKey() which takes 4 parameters.But it beats me why I cannot find the definition ofd2i_RSAPrivateKey() anywhere.--- Rajeshwar Singh Jenwar <[EMAIL PROTECTED]> wrote: > how come ? plz explain.>> On 6/13/06, Girish Venkatachalam> <[EMAIL PROTECTED]> wrote:> >> > bcoz d2i resolves to d2i_X509() , not to > > d2i_PrivateKey> >> > --- �� <[EMAIL PROTECTED]>> wrote:> >> > > when i use PEM_read_PrivateKey find it work > error> > > ,so i look into> > > PEM_read_PrivateKey to find the reason.> > > first i find in> > > #define PEM_read_PrivateKey(fp,x,cb,u)> (EVP_PKEY > > > *)PEM_ASN1_read( \> > > (char> > >> *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char> > > **)x,cb,u)> > > next i find in> > > void *PEM_ASN1_read(d2i_of_void *d2i, const char > > > *name, FILE *fp, void **x,> > > pem_password_cb *cb, void *u)> > > {> > > BIO *b;> > > void *ret;> > > > > > if ((b=BIO_new(BIO_s_file())) == NULL)> > > {> > >> PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);> > > return(0);> > > } > > > BIO_set_fp(b,fp,BIO_NOCLOSE);> > >> ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);> > > BIO_free(b);> > > return(ret);> > > } > > > then i goto> > > void *PEM_ASN1_read_bio(d2i_of_void *d2i, const> char> > > *name, BIO *bp, void> > > **x,> > > pem_password_cb *cb, void > *u)> > > {> > > const unsigned char *p=NULL;> > > unsigned char *data="">> > > long len;> > > char *ret=NULL;> > > > > > if (!PEM_bytes_read_bio(&data, &len, NULL,> name,> > > bp, cb, u))> > > return NULL;> > > p = data;> > > ret=d2i(x,&p,len); > > > if (ret == NULL)> > >> PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);> > > OPENSSL_free(data);> > > return(ret);> > > } > > > i found the ret=d2i(x,&p,len);> > > but the function is> > > EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a,> > > const unsigned char **pp,> > >long length) > > > i think d2i must have 4 parameter but is only> > > three,why? Thanks a lot!> > >> > >> >>_ > > > ��� MSN Explorer:> > > http://explorer.msn.com/lccn/> > >> > >> >>__ > > > OpenSSL Project> > > http://www.openssl.org> > > User Support Mailing List> > > openssl-users@openssl.org > > > Automated List Manager> > > [EMAIL PROTECTED]> > >> >> >> > __ > > Do You Yahoo!?> > Tired of spam? Yahoo! Mail has the best spam> protection around> > http://mail.yahoo.com> >>__ > > OpenSSL Project> http://www.openssl.org> > User Support Mailing List> openssl-users@openssl.org > > Automated List Manager> [EMAIL PROTECTED]> >>>>> --> Njoy> RSJ> "When life does not find a singer to sing her heart, > she produces a philosopher to speak her mind.">__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com__OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED] -- NjoyRSJ"When life does not find a singer to sing her heart, she produces a philosopher to speak her mind."
Re: i am confused in PEM_read_PrivateKey
thanks! i only want to read ec privatekey my ec privatekey is below -BEGIN EC PRIVATE KEY- MGACAQEEGAu0lmj+Fgurl8m7Tpwi4+wZk9GRSgdyjKALBgkqgRzXYwEBAgGhNAMy AQS0/wY++sZk+W3QERcmJ+5m1l+PKkaFhJelGBfWaDN4vmSZg7ltf8YtRaUVvyaS m1I= -END EC PRIVATE KEY- so i use EVP_PKEY *prikey; FILE *keyfp; if (!(prikey = PEM_read_PrivateKey(keyfp, NULL, NULL, NULL))) return 0; return 1; it always return 0,by the way the my ec curve is not in openssl ec curve list. From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: Re: i am confused in PEM_read_PrivateKey Date: Tue, 13 Jun 2006 19:31:57 +0200 On Tue, Jun 13, 2006, ?? wrote: > when i use PEM_read_PrivateKey find it work error ,so i look into > PEM_read_PrivateKey to find the reason. Printing out the error code in human readable form might help more (see FAQ) assuming you haven't done that already. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] _ 免费下载 MSN Explorer: http://explorer.msn.com/lccn/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
On Tue, Jun 13, 2006, ?? wrote: > when i use PEM_read_PrivateKey find it work error ,so i look into > PEM_read_PrivateKey to find the reason. Printing out the error code in human readable form might help more (see FAQ) assuming you haven't done that already. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
On Tue, Jun 13, 2006, ?? wrote: > when i use PEM_read_PrivateKey find it work error ,so i look into > PEM_read_PrivateKey to find the reason. > first i find in > #define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ > (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) > next i find in Well you may find it there but it is #if 0'ed out. This function is a special case in pem_pkey.c Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
On Tue, 13 Jun 2006, Girish Venkatachalam wrote: > Sorry I was wrong. d2i indeed resolves to > d2i_RSAPrivateKey() which takes 3 parameters and > passes the first type parameter to d2i_PrivateKey() > which takes 4 parameters. > > But it beats me why I cannot find the definition of > d2i_RSAPrivateKey() anywhere. Isn't it always a pleasure to try finding where something is defined in OpenSSL? It is in crypto/rsa/rsa_asn1.c, defined through a macro IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname (I think the easies way to find these things is to build the library and then look for the object file where the function is defined) > > --- Rajeshwar Singh Jenwar <[EMAIL PROTECTED]> wrote: > > > how come ? plz explain. > > > > On 6/13/06, Girish Venkatachalam > > <[EMAIL PROTECTED]> wrote: > > > > > > bcoz d2i resolves to d2i_X509() , not to > > > d2i_PrivateKey > > > > > > --- ?? <[EMAIL PROTECTED]> > > wrote: > > > > > > > when i use PEM_read_PrivateKey find it work > > error > > > > ,so i look into > > > > PEM_read_PrivateKey to find the reason. > > > > first i find in > > > > #define PEM_read_PrivateKey(fp,x,cb,u) > > (EVP_PKEY > > > > *)PEM_ASN1_read( \ > > > > (char > > > > > > *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char > > > > **)x,cb,u) > > > > next i find in > > > > void *PEM_ASN1_read(d2i_of_void *d2i, const char > > > > *name, FILE *fp, void **x, > > > > pem_password_cb *cb, void *u) > > > > { > > > > BIO *b; > > > > void *ret; > > > > > > > > if ((b=BIO_new(BIO_s_file())) == NULL) > > > > { > > > > > > PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); > > > > return(0); > > > > } > > > > BIO_set_fp(b,fp,BIO_NOCLOSE); > > > > > > ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); > > > > BIO_free(b); > > > > return(ret); > > > > } > > > > then i goto > > > > void *PEM_ASN1_read_bio(d2i_of_void *d2i, const > > char > > > > *name, BIO *bp, void > > > > **x, > > > > pem_password_cb *cb, void > > *u) > > > > { > > > > const unsigned char *p=NULL; > > > > unsigned char *data=NULL; > > > > long len; > > > > char *ret=NULL; > > > > > > > > if (!PEM_bytes_read_bio(&data, &len, NULL, > > name, > > > > bp, cb, u)) > > > > return NULL; > > > > p = data; > > > > ret=d2i(x,&p,len); > > > > if (ret == NULL) > > > > > > PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); > > > > OPENSSL_free(data); > > > > return(ret); > > > > } > > > > i found the ret=d2i(x,&p,len); > > > > but the function is > > > > EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, > > > > const unsigned char **pp, > > > >long length) > > > > i think d2i must have 4 parameter but is only > > > > three,why? Thanks a lot! > > > > > > > > > > > > > > _ > > > > ? MSN Explorer: > > > > http://explorer.msn.com/lccn/ > > > > > > > > > > > > > > __ > > > > OpenSSL Project > > > > http://www.openssl.org > > > > User Support Mailing List > > > > openssl-users@openssl.org > > > > Automated List Manager > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > __ > > > Do You Yahoo!? > > > Tired of spam? Yahoo! Mail has the best spam > > protection around > > > http://mail.yahoo.com > > > > > > __ > > > OpenSSL Project > > http://www.openssl.org > > > User Support Mailing List > > openssl-users@openssl.org > > > Automated List Manager > > [EMAIL PROTECTED] > > > > > > > > > > > -- > > Njoy > > RSJ > > "When life does not find a singer to sing her heart, > > she produces a philosopher to speak her mind." > > > > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
Sorry I was wrong. d2i indeed resolves to d2i_RSAPrivateKey() which takes 3 parameters and passes the first type parameter to d2i_PrivateKey() which takes 4 parameters. But it beats me why I cannot find the definition of d2i_RSAPrivateKey() anywhere. --- Rajeshwar Singh Jenwar <[EMAIL PROTECTED]> wrote: > how come ? plz explain. > > On 6/13/06, Girish Venkatachalam > <[EMAIL PROTECTED]> wrote: > > > > bcoz d2i resolves to d2i_X509() , not to > > d2i_PrivateKey > > > > --- �� ���� <[EMAIL PROTECTED]> > wrote: > > > > > when i use PEM_read_PrivateKey find it work > error > > > ,so i look into > > > PEM_read_PrivateKey to find the reason. > > > first i find in > > > #define PEM_read_PrivateKey(fp,x,cb,u) > (EVP_PKEY > > > *)PEM_ASN1_read( \ > > > (char > > > > *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char > > > **)x,cb,u) > > > next i find in > > > void *PEM_ASN1_read(d2i_of_void *d2i, const char > > > *name, FILE *fp, void **x, > > > pem_password_cb *cb, void *u) > > > { > > > BIO *b; > > > void *ret; > > > > > > if ((b=BIO_new(BIO_s_file())) == NULL) > > > { > > > > PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); > > > return(0); > > > } > > > BIO_set_fp(b,fp,BIO_NOCLOSE); > > > > ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); > > > BIO_free(b); > > > return(ret); > > > } > > > then i goto > > > void *PEM_ASN1_read_bio(d2i_of_void *d2i, const > char > > > *name, BIO *bp, void > > > **x, > > > pem_password_cb *cb, void > *u) > > > { > > > const unsigned char *p=NULL; > > > unsigned char *data=NULL; > > > long len; > > > char *ret=NULL; > > > > > > if (!PEM_bytes_read_bio(&data, &len, NULL, > name, > > > bp, cb, u)) > > > return NULL; > > > p = data; > > > ret=d2i(x,&p,len); > > > if (ret == NULL) > > > > PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); > > > OPENSSL_free(data); > > > return(ret); > > > } > > > i found the ret=d2i(x,&p,len); > > > but the function is > > > EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, > > > const unsigned char **pp, > > >long length) > > > i think d2i must have 4 parameter but is only > > > three,why? Thanks a lot! > > > > > > > > > _ > > > ������� MSN Explorer: > > > http://explorer.msn.com/lccn/ > > > > > > > > > __ > > > OpenSSL Project > > > http://www.openssl.org > > > User Support Mailing List > > > openssl-users@openssl.org > > > Automated List Manager > > > [EMAIL PROTECTED] > > > > > > > > > __ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > > __ > > OpenSSL Project > http://www.openssl.org > > User Support Mailing List > openssl-users@openssl.org > > Automated List Manager > [EMAIL PROTECTED] > > > > > > -- > Njoy > RSJ > "When life does not find a singer to sing her heart, > she produces a philosopher to speak her mind." > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
how come ? plz explain. On 6/13/06, Girish Venkatachalam <[EMAIL PROTECTED]> wrote: bcoz d2i resolves to d2i_X509() , not tod2i_PrivateKey--- �� < [EMAIL PROTECTED]> wrote:> when i use PEM_read_PrivateKey find it work error> ,so i look into> PEM_read_PrivateKey to find the reason.> first i find in> #define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY > *)PEM_ASN1_read( \> (char> *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char> **)x,cb,u)> next i find in> void *PEM_ASN1_read(d2i_of_void *d2i, const char> *name, FILE *fp, void **x, > pem_password_cb *cb, void *u)> {> BIO *b;> void *ret;>> if ((b=BIO_new(BIO_s_file())) == NULL)> {> PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); > return(0);> }> BIO_set_fp(b,fp,BIO_NOCLOSE);> ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);> BIO_free(b);> return(ret); > }> then i goto> void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char> *name, BIO *bp, void> **x,> pem_password_cb *cb, void *u)> {> const unsigned char *p=NULL; > unsigned char *data="">> long len;> char *ret=NULL;>> if (!PEM_bytes_read_bio(&data, &len, NULL, name,> bp, cb, u))> return NULL; > p = data;> ret=d2i(x,&p,len);> if (ret == NULL)> PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);> OPENSSL_free(data);> return(ret); > }> i found the ret=d2i(x,&p,len);> but the function is> EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a,> const unsigned char **pp,>long length)> i think d2i must have 4 parameter but is only > three,why? Thanks a lot!>>_> ��� MSN Explorer:> http://explorer.msn.com/lccn/ >>__> OpenSSL Project> http://www.openssl.org> User Support Mailing List > openssl-users@openssl.org> Automated List Manager> [EMAIL PROTECTED]>__ Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection aroundhttp://mail.yahoo.com__ OpenSSL Project http://www.openssl.orgUser Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]-- NjoyRSJ"When life does not find a singer to sing her heart, she produces a philosopher to speak her mind."
Re: i am confused in PEM_read_PrivateKey
bcoz d2i resolves to d2i_X509() , not to d2i_PrivateKey --- �� ���� <[EMAIL PROTECTED]> wrote: > when i use PEM_read_PrivateKey find it work error > ,so i look into > PEM_read_PrivateKey to find the reason. > first i find in > #define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY > *)PEM_ASN1_read( \ > (char > *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char > **)x,cb,u) > next i find in > void *PEM_ASN1_read(d2i_of_void *d2i, const char > *name, FILE *fp, void **x, > pem_password_cb *cb, void *u) > { > BIO *b; > void *ret; > > if ((b=BIO_new(BIO_s_file())) == NULL) > { > PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); > return(0); > } > BIO_set_fp(b,fp,BIO_NOCLOSE); > ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); > BIO_free(b); > return(ret); > } > then i goto > void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char > *name, BIO *bp, void > **x, > pem_password_cb *cb, void *u) > { > const unsigned char *p=NULL; > unsigned char *data=NULL; > long len; > char *ret=NULL; > > if (!PEM_bytes_read_bio(&data, &len, NULL, name, > bp, cb, u)) > return NULL; > p = data; > ret=d2i(x,&p,len); > if (ret == NULL) > PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); > OPENSSL_free(data); > return(ret); > } > i found the ret=d2i(x,&p,len); > but the function is > EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, > const unsigned char **pp, >long length) > i think d2i must have 4 parameter but is only > three,why? Thanks a lot! > > _ > ������� MSN Explorer: > http://explorer.msn.com/lccn/ > > __ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > [EMAIL PROTECTED] > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
i am confused in PEM_read_PrivateKey
when i use PEM_read_PrivateKey find it work error ,so i look into PEM_read_PrivateKey to find the reason. first i find in #define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) next i find in void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, pem_password_cb *cb, void *u) { BIO *b; void *ret; if ((b=BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); BIO_free(b); return(ret); } then i goto void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, pem_password_cb *cb, void *u) { const unsigned char *p=NULL; unsigned char *data=NULL; long len; char *ret=NULL; if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u)) return NULL; p = data; ret=d2i(x,&p,len); if (ret == NULL) PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); OPENSSL_free(data); return(ret); } i found the ret=d2i(x,&p,len); but the function is EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) i think d2i must have 4 parameter but is only three,why? Thanks a lot! _ 免费下载 MSN Explorer: http://explorer.msn.com/lccn/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: PEM_read_PrivateKey() wont work on Windows (visual)
It works fine with a code similar to this: EVP_PKEY *key; BIO *bio; char *file; //Init file with the appropriate path to the private key file. char *password; //Init the password. bio = BIO_new( BIO_s_file() ); BIO_read_filename( bio, file ); key = PEM_read_bio_PrivateKey( bio, NULL, NULL, password ); Note that I am not providing a password callback and that I am using the bio version of the PEM_read_PrivateKey. I hope it helps. Marc-Andre -Original Message- From: Roberto Rodrigues - McLean [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 4:55 PM To: '[EMAIL PROTECTED]' Subject: PEM_read_PrivateKey() wont work on Windows (visual) hi, I basically copied the code from sign.c, I call it like this: PEM_read_PrivateKey(fp, NULL, pass_cb, password); it crashes complaining about memory access. Has anyone make it work on Windows ? Is there any other way of loading a Private Key from a file (into a EVP obj) ? Thank you, roberto. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PEM_read_PrivateKey() wont work on Windows (visual)
hi, I basically copied the code from sign.c, I call it like this: PEM_read_PrivateKey(fp, NULL, pass_cb, password); it crashes complaining about memory access. Has anyone make it work on Windows ? Is there any other way of loading a Private Key from a file (into a EVP obj) ? Thank you, roberto. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Reading encrypted RSA key with PEM_read_PrivateKey
Hello When I make an RSA key with openssl genrsa -out key.pem 1024 I can read it fine with FILE* fp = ...; EVP_PKEY* pkey; pkey = PEM_read_PrivateKey(fp, 0, 0, 0); and use pkey to sign data. If I try the same with DES3 encryption openssl genrsa -out key.pem -des3 1024 the same code gives an error error:0906B072:PEM routines:PEM_get_EVP_CIPHER_INFO:unsupported encryption The pass phrase usage in apps/rsa.c suggests pkey = PEM_read_PrivateKey(fp, 0, 0, "passphrase"); could work. It doesn't, but gives the same error. Does anyone know a way read encrypted RSA keys to EVP_PKEY* variable? Or maybe RSA keys are not meant to be used this way? This refers to openssl-0.9.6c on a RH 7.2. Thanks, Jari Lappalainen __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: About "PEM_read_privatekey, PEM_read_X509, etc" Problem
Title: Message This document is in INSTALL.W32. If you don't use the multithreaded DLL runtime library (/MD option) yourprogram will almost certainly crash because malloc gets confused -- theOpenSSL DLLs are statically linked to one version, the application mustnot use a different one. You might be able to work around such problemsby adding CRYPTO_malloc_init() to your program before any calls to theOpenSSL libraries: This tells the OpenSSL libraries to use the samemalloc(), free() and realloc() as the application. However there are manystandard library functions used by OpenSSL that call malloc() internally(e.g. fopen()), and OpenSSL cannot change these; so in general you cannotrely on CYRPTO_malloc_init() solving your problem, and you shouldconsistently use the multithreaded library. If you want to build your openssl application on Win32 with VC++, Add '/MD' option on your project.
About "PEM_read_privatekey, PEM_read_X509, etc" Problem
Title: Message This document is in INSTALL.W32. If you don't use the multithreaded DLL runtime library (/MD option) yourprogram will almost certainly crash because malloc gets confused -- theOpenSSL DLLs are statically linked to one version, the application mustnot use a different one. You might be able to work around such problemsby adding CRYPTO_malloc_init() to your program before any calls to theOpenSSL libraries: This tells the OpenSSL libraries to use the samemalloc(), free() and realloc() as the application. However there are manystandard library functions used by OpenSSL that call malloc() internally(e.g. fopen()), and OpenSSL cannot change these; so in general you cannotrely on CYRPTO_malloc_init() solving your problem, and you shouldconsistently use the multithreaded library. If you want to build your openssl application on Win32 with VC++, Add '/MD' option on your project.
PEM_read_privatekey
Title: Message I'm having some difficulty using PEM_read_privatekey. When I link my application with the debug dll ms runtime PEM_read_privateKey works, but if I link against the release dll ms runtime then PEM_read_PrivateKey exceptions out.. Anyone have a clue why this is? -Andrew T. FinnellSoftware EngineereSecurity Inc(321) 394-2485
PEM_read_PrivateKey - Memory to Memory
Is there some magic function within OpenSSL where the contents of a private RSA/DSA file can be passed via memory to the equivalent of the PEM_read_PrivateKey function? Ken __ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-560-9170 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]