[openssl-users] Win32 - PEM_read_PrivateKey crash
Hi,
I have downloaded prebuilt version of openssl for windows. I am running on
Windows 7 64bit, Using Visual Studio 2010, generating 32bit binary.
When I run a simple application which calling "PEM_read_PrivateKey" it
crashes with error "OPENSSL_Uplink(505D6000,08): no OPENSSL_Applink"
What could be the reason for this? Any hint is greatly appreciated.
Thanks,
Lloyd
The following is my code -
int main() {
EVP_PKEY *privkey;
FILE *fp;
RSA *rsakey;
OpenSSL_add_all_algorithms();
privkey = EVP_PKEY_new();
fp = fopen ("G:\\temp\\mykey.pem", "r"); //File exists and it opens
PEM_read_PrivateKey( fp, , NULL, NULL); //CRASH
fclose(fp);
...
}
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Win32 - PEM_read_PrivateKey crash
Thanks, The problem is solved when compiled and linked with "applink.c"
On Thu, Feb 11, 2016 at 5:05 PM, Lloyd <lloydkl.t...@gmail.com> wrote:
> Hi,
>
> I have downloaded prebuilt version of openssl for windows. I am running on
> Windows 7 64bit, Using Visual Studio 2010, generating 32bit binary.
>
> When I run a simple application which calling "PEM_read_PrivateKey" it
> crashes with error "OPENSSL_Uplink(505D6000,08): no OPENSSL_Applink"
>
> What could be the reason for this? Any hint is greatly appreciated.
>
> Thanks,
> Lloyd
>
> The following is my code -
>
> int main() {
>EVP_PKEY *privkey;
>FILE *fp;
>RSA *rsakey;
>
>OpenSSL_add_all_algorithms();
>
> privkey = EVP_PKEY_new();
>fp = fopen ("G:\\temp\\mykey.pem", "r"); //File exists and it opens
>PEM_read_PrivateKey( fp, , NULL, NULL); //CRASH
>
>fclose(fp);
>
> ...
>
> }
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
RE: PEM_read_PrivateKey using ECDSA PEMS
From: owner-openssl-us...@openssl.org On Behalf Of redpath Sent: Friday, 01 February, 2013 14:55 I am using ECDSA to create and verify a signature for a document. I apparently cannot use the ecdsa.PEM directory and so here is my question. Nit: ecdsa.pem is a file, containing (parameters and) a key, not a directory. Below I have abstraction code for my question. The keys created are with the openssl commands shown below. openssl ecparam -out *ecdsa.pem *-name secp224r1 -genkey openssl req -newkey ec:ecdsa.pem -x509 -nodes -days 731 -keyout *ecdsapriv.pem* -out *ecdsapublic.x509* The artifacts generated by these commands are * ecdsa.pem ecdsapriv.pem ecdsapublic.x509* I then create an ECDSA using the ecdsapriv.pem m= getdata(*mydocument*,len); //orignal document result=sha256((char *)m,len); fp =fopen(*ecdsapriv.pem*, rb); */*marked*/* pevpkey= PEM_read_PrivateKey(fp, pevpkey, NULL, NULL); peckey= EVP_PKEY_get1_EC_KEY(pevpkey); EC_KEY_set_group(peckey,EC_GROUP_new_by_curve_name( NID_secp224r1) ); This isn't needed, an ECC key read from a PEM file already has the correct group. In fact if the key in the file is for a different (wrong?) group this will screw it up totally. unsigned int siglen = ECDSA_size(peckey); printf(Max signature length is %d \n,siglen); siglen = ECDSA_size(peckey); unsigned char *ptr = OPENSSL_malloc(siglen); unsigned char *save= ptr; ECDSA_SIG *sig; ret= ECDSA_sign(0 ,result, SHA256_DIGEST_LENGTH, ptr, siglen, peckey); You don't need to set siglen twice, you don't need two pointers here, and you don't use sig at all. In real code you should check (at least) file opens and mallocs for null before using them, but for posting I'll ignore that. outfp = fopen(*mysignatureEC*,wb); fwrite(save, 1, siglen, outfp); fclose(fp); **then I verify it reading the X509* snip AND ALL WORKS WELL but *why can't I use the *ecdsa.pem* directly instead I had to use the ecdsapriv.pem? Your ecparam command generated a key(pair) in ecdsa.pem. Your req -newkey -x509 command generated a *different* key(pair) in ecdsapriv.pem and a cert for *that* key in ecdsapublic.x509. The cert matches the key in ecdsapriv.pem and can verify signatures using that key. The cert does not match the key in ecdsa.pem which is a different key and cannot verify signatures using that key. You would think the name of this function PEM_read_PrivateKey(**) means it reads a PEM that might have the public and private key and gets the private but apparently not? Yes it does read the privatekey representation, which for OpenSSL always includes the publickey value(s), from the file you specify. (For DSA and ECC/ECDSA the standard privatekey structure includes the public value. For RSA a naive privatekey does not include the public exponent, but OpenSSL uses the CRT form which does.) If you have two files containing different keys, reading those files gives you different keys. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PEM_read_PrivateKey using ECDSA PEMS
First of all let me correct this I am using ECDSA to create and verify a signature for a document. I apparently cannot use the ecdsa.PEM *directory* and so here is my question. to this I am using ECDSA to create and verify a signature for a document. I apparently cannot use the ecdsa.PEM *directly* and so here is my question. I have no idea why the directly got typed as a directory, it happens. I will look at the usage of the PEM directly thank you in advance. -- View this message in context: http://openssl.6102.n7.nabble.com/PEM-read-PrivateKey-using-ECDSA-PEMS-tp43438p43492.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PEM_read_PrivateKey using ECDSA PEMS
I am using ECDSA to create and verify a signature for a document.
I apparently cannot use the ecdsa.PEM directory and so here is my question.
Below I have abstraction code for my question. The keys created are with the
openssl
commands shown below.
openssl ecparam -out *ecdsa.pem *-name secp224r1 -genkey
openssl req -newkey ec:ecdsa.pem -x509 -nodes -days 731 -keyout
*ecdsapriv.pem* -out *ecdsapublic.x509*
The artifacts generated by these commands are
* ecdsa.pem
ecdsapriv.pem
ecdsapublic.x509*
I then create an ECDSA using the ecdsapriv.pem
m= getdata(*mydocument*,len); //orignal document
result=sha256((char *)m,len);
fp =fopen(*ecdsapriv.pem*, rb); */*marked*/*
pevpkey= PEM_read_PrivateKey(fp, pevpkey, NULL, NULL);
peckey= EVP_PKEY_get1_EC_KEY(pevpkey);
EC_KEY_set_group(peckey,EC_GROUP_new_by_curve_name( NID_secp224r1) );
unsigned int siglen = ECDSA_size(peckey);
printf(Max signature length is %d \n,siglen);
siglen = ECDSA_size(peckey);
unsigned char *ptr = OPENSSL_malloc(siglen);
unsigned char *save= ptr;
ECDSA_SIG *sig;
ret= ECDSA_sign(0 ,result, SHA256_DIGEST_LENGTH, ptr, siglen, peckey);
outfp = fopen(*mysignatureEC*,wb);
fwrite(save, 1, siglen, outfp);
fclose(fp);
**then I verify it reading the X509*
m= getdata(*mydocument*,len); //get original document data
result=sha256((char *)m,len);
sig= getdata(*mysignatureEC*,siglen); //get signature file data
fp =fopen(ecdsapublic.x509, rb); //open x509 and get public key
x509 = PEM_read_X509(fp,x509, NULL, NULL);
evpkey= X509_get_pubkey(x509);
pubeckey = EVP_PKEY_get1_EC_KEY(evpkey);
ret = ECDSA_verify(0, result,SHA256_DIGEST_LENGTH, sig, siglen,
pubeckey);
if (ret == -1){
printf(signature error in verify\n);
}
else if (ret == 0){
printf( incorrect signature \n);
}
else /* ret == 1 */{
printf(signature ok \n);
}
*
AND ALL WORKS WELL but *why can't I use the *ecdsa.pem* directly instead I
had to use the ecdsapriv.pem?
if I switched the filename
fp =fopen(ecdsapriv.pem, rb); * /*marked*/*
to this
fp =fopen(ecdsa.pem, rb); * /*marked*/*
The verify will not work. You would think the name of this function
PEM_read_PrivateKey(**)
means it reads a PEM that might have the public and private key and gets
the private but apparently not?
*So let me know anything different*
unsigned char *sha256(char *data, int length)
{
static unsigned char hash[SHA256_DIGEST_LENGTH];
printf(**SHA2 digest follows length=%d:\n,length);
SHA256_CTX sha256;
SHA256_Init(sha256);
SHA256_Update(sha256, data, length);
SHA256_Final(hash, sha256);
// for curiosity
// int i = 0;
// for(i = 0; i SHA256_DIGEST_LENGTH; i++)
// printf(%02x, hash[i]);
// printf(\n);
return hash;
}
--
View this message in context:
http://openssl.6102.n7.nabble.com/PEM-read-PrivateKey-using-ECDSA-PEMS-tp43438.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: RE: PEM_read_PrivateKey
Solved! Thanks, Steve. Leonardo -Mensagem original- De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Em nome de Dr. Stephen Henson Enviada em: terça-feira, 30 de outubro de 2012 20:04 Para: openssl-users@openssl.org Assunto: Re: RES: PEM_read_PrivateKey On Tue, Oct 30, 2012, Leonardo Laface de Almeida wrote: Hi, The code for my project example is attached. The error code is as well. The error remains. For generating Key, the callback is called. For getting Private Key, the callback is not called. What's wrong here? I really appreciate any help. The Applink error seems unrelated. Is this the cause: http://www.openssl.org/support/faq.html#PROG8 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PEM_read_PrivateKey
Dear Steve, Thank you very much for the prompt and exhaustive reply. Gerardo On 10/29/12 7:06 PM, Dr. Stephen Henson wrote: On Mon, Oct 29, 2012, Gerardo Ganis wrote: Dear OpenSSL Users, Could someone confirm that when loading private keys in memory using PEM_read_PrivateKey EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0); the full key is filled in, i.e. evpp points to a complete (public+private) key? By analyzing the structure after the call it looks so, but since it is not documented, I was wondering whether it is something on which I can count on; if not what is the advised way to load a complete key in memory? Yes. The data read in either contains the public key components (RSAPrivateKey for example) or the public key components are calculated (e.g. DSA and PKCS#8). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- +--+ Gerardo GANISCERN, PH Dept, SFT group, CH 1211 Geneve 23 room: 32-RC-017, tel: +41 22 7676439 email: gerardo.ga...@cern.ch, fax: +41 22 7669133 +--+ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RES: PEM_read_PrivateKey
Dave,
The Page:
http://www.openssl.org/docs/crypto/pem.html
Actually, the code is not equal I've reported here. In fact, I will create a
project only for this callback problem.
The password problem was copy-paste error. I'm sorry about it.
I'm going to take the the error code, then I reply here.
Anyway, from DOS prompt I can check and get private key. The original code
generates the key pair and save the private Key. Then, get the key again to
save the public key.
Without password and encryption, it works.
:)
-Mensagem original-
De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
Em nome de Dave Thompson
Enviada em: segunda-feira, 29 de outubro de 2012 19:25
Para: openssl-users@openssl.org
Assunto: RE: PEM_read_PrivateKey
From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de
Almeida
Sent: Monday, 29 October, 2012 16:20
The problem I've got is quite simple. The callback I pass
throught this
function is not called. snip
Someone could please help me figure out why? I've wrote as
OpenSSL page
tells. Am I doing something wrong? Is thera a best way for
doing this?
What page is that? Your posted code is quite unlike any
OpenSSL example (or actual) code I've seen.
snip
EVP_PKEY *pkey;
BIO *bio;
There's no reason (this) bio variable should be global,
and pkey maybe not.
typedef struct pw_cb_data
{
const void *password;
const char *prompt_info;
} PW_CB_DATA;
static int rsa_cb(char *buf, int size, int rwflag, void *u)
{
int len;
PW_CB_DATA *cb_data = (PW_CB_DATA *)u;
//Programm doesn't enter here!!
len = strlen((char *)cb_data-password);
if (len = 0)
return 0;
/* if too long, truncate */
if (len size)
len = size;
memcpy(buf, cb_data-password, len);
return len;
}
Using a callback to set a caller-supplied C-style string is
a waste of time. You can _read*PrivateKey(,,NULL,password).
int main()
{
PW_CB_DATA cb_data;
int ret = 1;
(...)
memcpy(kprPath[0],path_to_Kpr,pathlen);
kprPath[pathlen] = '\0';
memcpy(kprPath[0],Kpr_password,passlen);
kprPath[passlen] = '\0';
if (ret)
bio = BIO_new(BIO_s_file());
if (bio == NULL)
ret = 0;
if (ret !BIO_read_filename(bio,kprPath[0]))
ret = 0;
The code above set kprPath to Kpr_password
which I doubt is the correct filename.
cb_data.password = passwd[0];
cb_data.prompt_info = kprPath[0];
It might be the correct prompt, but
your callback doesn't use the .prompt_info .
It does use .password, and your code doesn't
set .password to anything valid at all.
if (ret)
pkey=PEM_read_bio_PrivateKey(bio,NULL,(pem_password_cb *)rsa_cb,
cb_data);
if (pkey != NULL)
ret = 0;
If pretty much any OpenSSL routine returns an error indicateion,
and here read*PrivateKey == NULL is an error indication, you should
look at the error queue: http://www.openssl.org/support/faq.html#PROG6
I bet you'll see that you didn't give it the correct filename.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RES: PEM_read_PrivateKey
Hi,
The code for my project example is attached. The error code is as well.
The error remains. For generating Key, the callback is called. For getting
Private Key, the callback is not called.
What's wrong here?
I really appreciate any help.
Thanks.
Leonardo
attachment: openssl_error.JPG#include iostream
using namespace std;
#include openssl/bio.h
#include openssl/err.h
#include openssl/bn.h
#include openssl/rsa.h
#include openssl/evp.h
#include openssl/x509.h
#include openssl/pem.h
#include openssl/rand.h
#include stdio.h
#include string.h
#include time.h
#include stdarg.h
typedef struct pw_cb_data
{
const void *password;
const char *prompt_info;
} PW_CB_DATA;
static int rsa_cb(char *buf, int size, int rwflag, void *u)
{
int len;
PW_CB_DATA *cb_data = (PW_CB_DATA *)u;
len = strlen((char *)cb_data-password);
if (len = 0)
return 0;
/* if too long, truncate */
if (len size)
len = size;
memcpy(buf, cb_data-password, len);
return len;
}
bool genRSAKpr(char *passwd,
char *path_Kpr,
int bits)
{
PW_CB_DATA cb_data;
RSA *rsa;
const EVP_CIPHER *enc;
BIO *bio;
BIGNUM *bn;
unsigned long f4;
int ret = 1;
bn = BN_new();
if (bn == NULL)
ret = 0;
if (ret)
bio = BIO_new(BIO_s_file());
if (bio == NULL)
ret = 0;
if (ret !BIO_write_filename(bio,path_Kpr))
ret = 0;
if (ret)
rsa = RSA_new();
if (rsa == NULL)
ret = 0;
f4 = RSA_F4;
if (ret !BN_set_word(bn, f4))
ret = 0;
if (ret RSA_generate_key_ex(rsa, bits, bn, NULL)0)
ret = 0;
if (passwd != '\0')
{
enc=EVP_aes_256_cbc();
if (enc == NULL)
ret = 0;
}
cb_data.password = passwd;
cb_data.prompt_info = path_Kpr;
if (ret !PEM_write_bio_RSAPrivateKey(bio,rsa,enc,NULL,0,(pem_password_cb
*)rsa_cb, cb_data))
ret = 0;
if (enc != NULL)
{
enc = NULL;
}
if (rsa != NULL)
{
RSA_free(rsa);
rsa = NULL;
}
if (bio != NULL)
{
BIO_free_all(bio);
bio = NULL;
}
if (bn != NULL)
{
BN_free(bn);
bn = NULL;
}
if (ret != 0)
return true;
return false;
}
bool genRSAKpu(char *passwd,
char *path_Kpr,
char *path_Kpu)
{
PW_CB_DATA cb_data;
RSA *rsa;
BIO *bio;
EVP_PKEY *pkey;
int ret = 1;
FILE *file;
//KPU
if (ret)
bio = BIO_new(BIO_s_file());
if (bio == NULL)
ret = 0;
if (ret !BIO_read_filename(bio,path_Kpr))
ret = 0;
cb_data.password = passwd;
cb_data.prompt_info = path_Kpr;
if (ret)
pkey=PEM_read_bio_PrivateKey(bio,NULL,(pem_password_cb *)rsa_cb,
cb_data);
if (pkey != NULL)
rsa = EVP_PKEY_get1_RSA(pkey);
else
{
ret = 0;
file=fopen(Err_openssl.log,a+);
if (file!=NULL)
{
ERR_print_errors_fp(file);
fclose(file);
}
}
if (rsa == NULL)
ret = 0;
if (ret !BIO_write_filename(bio,path_Kpu))
ret = 0;
if (ret !PEM_write_bio_RSA_PUBKEY(bio,rsa))
ret = 0;
if (rsa != NULL)
{
RSA_free(rsa);
rsa = NULL;
}
if (pkey != NULL)
{
EVP_PKEY_free(pkey);
pkey = NULL;
}
if (bio != NULL)
{
BIO_free_all(bio);
bio = NULL;
}
if (!ret)
return false;
return true;
}
int main()
{
cout SSLeay_version(SSLEAY_VERSION) endl;
if (genRSAKpr(passwd,C:\\log\\Kpr.pem,1024))
cout Kpr Generated! endl;
else
cout Error generationg Kpr! endl;
if (genRSAKpu(passwd,C:\\log\\Kpr.pem,C:\\log\\Kpu.pem))
cout Kpu Generated! endl;
else
cout Error generationg Kpu! endl;
return 0;
}
Re: RES: PEM_read_PrivateKey
On Tue, Oct 30, 2012, Leonardo Laface de Almeida wrote: Hi, The code for my project example is attached. The error code is as well. The error remains. For generating Key, the callback is called. For getting Private Key, the callback is not called. What's wrong here? I really appreciate any help. The Applink error seems unrelated. Is this the cause: http://www.openssl.org/support/faq.html#PROG8 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PEM_read_PrivateKey
Dear OpenSSL Users, Could someone confirm that when loading private keys in memory using PEM_read_PrivateKey EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0); the full key is filled in, i.e. evpp points to a complete (public+private) key? By analyzing the structure after the call it looks so, but since it is not documented, I was wondering whether it is something on which I can count on; if not what is the advised way to load a complete key in memory? Thank you in advance for any advise. Gerardo Ganis -- +--+ Gerardo GANISCERN, PH Dept, SFT group, CH 1211 Geneve 23 room: 32-RC-017, tel: +41 22 7676439 email: gerardo.ga...@cern.ch, fax: +41 22 7669133 +--+ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PEM_read_PrivateKey
On Mon, Oct 29, 2012, Gerardo Ganis wrote: Dear OpenSSL Users, Could someone confirm that when loading private keys in memory using PEM_read_PrivateKey EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0); the full key is filled in, i.e. evpp points to a complete (public+private) key? By analyzing the structure after the call it looks so, but since it is not documented, I was wondering whether it is something on which I can count on; if not what is the advised way to load a complete key in memory? Yes. The data read in either contains the public key components (RSAPrivateKey for example) or the public key components are calculated (e.g. DSA and PKCS#8). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RES: PEM_read_PrivateKey
@Gerardo,
I'm having a problem with this function and I will use your thread for some
support.
@All
The problem I've got is quite simple. The callback I pass throught this
function is not called. I inserted a breakpoint into cb and it's not called
at all.
I'm using OpenSSL 1.0.1c. I'm sure about it (My App gets OpenSSL version,
now).
Someone could please help me figure out why? I've wrote as OpenSSL page
tells. Am I doing something wrong? Is thera a best way for doing this?
Thanks,
Leonardo
My code (c++):
#include openssl/bio.h
#include openssl/err.h
#include openssl/evp.h
#include openssl/pem.h
EVP_PKEY *pkey;
BIO *bio;
typedef struct pw_cb_data
{
const void *password;
const char *prompt_info;
} PW_CB_DATA;
static int rsa_cb(char *buf, int size, int rwflag, void *u)
{
int len;
PW_CB_DATA *cb_data = (PW_CB_DATA *)u;
//Programm doesn't enter here!!
len = strlen((char *)cb_data-password);
if (len = 0)
return 0;
/* if too long, truncate */
if (len size)
len = size;
memcpy(buf, cb_data-password, len);
return len;
}
int main()
{
PW_CB_DATA cb_data;
int ret = 1;
(...)
memcpy(kprPath[0],path_to_Kpr,pathlen);
kprPath[pathlen] = '\0';
memcpy(kprPath[0],Kpr_password,passlen);
kprPath[passlen] = '\0';
if (ret)
bio = BIO_new(BIO_s_file());
if (bio == NULL)
ret = 0;
if (ret !BIO_read_filename(bio,kprPath[0]))
ret = 0;
cb_data.password = passwd[0];
cb_data.prompt_info = kprPath[0];
if (ret)
pkey=PEM_read_bio_PrivateKey(bio,NULL,(pem_password_cb *)rsa_cb,
cb_data);
if (pkey != NULL)
ret = 0;
//ret is equal 0 and pkey is NULL here.
(...)
return ret;
}
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: PEM_read_PrivateKey
From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de
Almeida
Sent: Monday, 29 October, 2012 16:20
The problem I've got is quite simple. The callback I pass
throught this
function is not called. snip
Someone could please help me figure out why? I've wrote as
OpenSSL page
tells. Am I doing something wrong? Is thera a best way for
doing this?
What page is that? Your posted code is quite unlike any
OpenSSL example (or actual) code I've seen.
snip
EVP_PKEY *pkey;
BIO *bio;
There's no reason (this) bio variable should be global,
and pkey maybe not.
typedef struct pw_cb_data
{
const void *password;
const char *prompt_info;
} PW_CB_DATA;
static int rsa_cb(char *buf, int size, int rwflag, void *u)
{
int len;
PW_CB_DATA *cb_data = (PW_CB_DATA *)u;
//Programm doesn't enter here!!
len = strlen((char *)cb_data-password);
if (len = 0)
return 0;
/* if too long, truncate */
if (len size)
len = size;
memcpy(buf, cb_data-password, len);
return len;
}
Using a callback to set a caller-supplied C-style string is
a waste of time. You can _read*PrivateKey(,,NULL,password).
int main()
{
PW_CB_DATA cb_data;
int ret = 1;
(...)
memcpy(kprPath[0],path_to_Kpr,pathlen);
kprPath[pathlen] = '\0';
memcpy(kprPath[0],Kpr_password,passlen);
kprPath[passlen] = '\0';
if (ret)
bio = BIO_new(BIO_s_file());
if (bio == NULL)
ret = 0;
if (ret !BIO_read_filename(bio,kprPath[0]))
ret = 0;
The code above set kprPath to Kpr_password
which I doubt is the correct filename.
cb_data.password = passwd[0];
cb_data.prompt_info = kprPath[0];
It might be the correct prompt, but
your callback doesn't use the .prompt_info .
It does use .password, and your code doesn't
set .password to anything valid at all.
if (ret)
pkey=PEM_read_bio_PrivateKey(bio,NULL,(pem_password_cb *)rsa_cb,
cb_data);
if (pkey != NULL)
ret = 0;
If pretty much any OpenSSL routine returns an error indicateion,
and here read*PrivateKey == NULL is an error indication, you should
look at the error queue: http://www.openssl.org/support/faq.html#PROG6
I bet you'll see that you didn't give it the correct filename.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Calls to PEM_read_PrivateKey fail after incorrect password
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings!
I'm working on a proof-of-concept SSH key cracker: my code reads in password
guesses from standard input and for each guess, calls PEM_read_PrivateKey. If
that returns a valid pointer, that indicates that the password was correct. (I
think I'm right so far.) This works just fine IF the first call to
PEM_read_PrivateKey is with the correct password, but if it isn't, any
subsequent calls fail, even if the correct password is given.
Any advice would be greatly appreciated! If this isn't the right place to ask
this, or if my project is inappropriate discussion material, I sincerely
apologise.
Thank you,
Aubrey Eddleson
For reference, my code:
- -- ssh-crack.c --
#include openssl/ssl.h
#include openssl/err.h
#include openssl/evp.h
#include openssl/pem.h
#include stdio.h
#include string.h
#define BUFSIZE 64
int main(int argc, char **argv)
{
FILE *f;
EVP_PKEY *pk;
char *p;
char *pass;
pass = malloc(sizeof(char) * BUFSIZE);
if (! pass) {
fprintf(stderr, malloc error!\n);
return 2;
}
f = fopen(argv[1], r);
if (f == NULL) {
fprintf(stderr, Couldn't open '%s'!\n, argv[1]);
return 2;
}
SSL_library_init();
for (;;) {
if (fgets(pass, BUFSIZE, stdin) == NULL) {
fprintf(stderr, End of wordlist!\n);
return 1;
}
p = strchr(pass, '\n');
if (p)
*p = '\0';
fprintf(stderr, Trying key '%s'.\n, pass);
pk = PEM_read_PrivateKey(f, NULL, NULL, (char *) pass);
if (pk) {
printf(Key is '%s'.\n, pass);
break;
}
}
return 0;
}
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
iEYEARECAAYFAkkbKJ8ACgkQhOVIaXo9kJvmwgCfUV6tnLnfaH5S+/ytsVsUoKKq
k4IAn1IKMvLdmvicQrMnPMc4v0umGPau
=zNaC
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Calls to PEM_read_PrivateKey fail after incorrect password
On Wed, Nov 12, 2008 at 02:03:59PM -0500, Aubrey Eddleson wrote: Greetings! I'm working on a proof-of-concept SSH key cracker: my code reads in password guesses from standard input and for each guess, calls PEM_read_PrivateKey. If that returns a valid pointer, that indicates that the password was correct. (I think I'm right so far.) This works just fine IF the first call to PEM_read_PrivateKey is with the correct password, but if it isn't, any subsequent calls fail, even if the correct password is given. Rewinding the input file might be a good idea... -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Calls to PEM_read_PrivateKey fail after incorrect password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rewind the key file? But how? I didn't open it; I'm just passing its name to PEM_read_PrivateKey. Am I totally missing something really obvious here? On Wed, Nov 12, 2008 at 02:12:03PM -0500, Victor Duchovni wrote: Rewinding the input file might be a good idea... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iEYEARECAAYFAkkbLfkACgkQhOVIaXo9kJv6RACeJw1+goND7CvuMFRvI5ZMkfG8 LMoAoI59L07mKzJilccPTCcGzAet9EXu =CLAI -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Calls to PEM_read_PrivateKey fail after incorrect password
On Wed, Nov 12, 2008 at 02:26:49PM -0500, Aubrey Eddleson wrote: Rewind the key file? But how? I didn't open it; I'm just passing its name to PEM_read_PrivateKey. Am I totally missing something really obvious here? EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); No, you are passing an open file handle. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Calls to PEM_read_PrivateKey fail after incorrect password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh jeez, I am! What was I *thinking*?! Wow do I feel *extra* goofy! Heh. Obviously, that fixed it. Thanks much! - Aubrey On Wed, Nov 12, 2008 at 02:55:16PM -0500, Victor Duchovni wrote: No, you are passing an open file handle. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iEYEARECAAYFAkkbOhYACgkQhOVIaXo9kJtYjgCguGkK4MZMli05OkjXhpDZoH2F 7SYAn0YYZKg8fMTyJ65rD3J/kwCMxcC8 =nB8s -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
PEM_read_PrivateKey does not return private key
Hi, I searched for this function on net and got lot of threads, but couldn't solve my problem. My problem is as follows.. I have generated a RSA key using OenSSL and stored it in a PEM file. When i try to read it using above function , the structure returned to me by PEM_read_PrivateKey is NULL( i mean it does not contain anything). Anybody having any idea about this issue?? I tried even the DER format, tried to convert it into binary format and read using d2i_RSA_PUBKEY, but no luck. Any help is highly appreciated. Thanks Regards Shalmi -- View this message in context: http://www.nabble.com/PEM_read_PrivateKey-does-not-return-private-key-tf4633115.html#a13230138 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PEM_read_PrivateKey does not return private key
Hi, I have a private CA certificate created using openssl command line. The issue is that the certificate expires on 19th Oct, 2007. The question is that Is it possible to extend the expiry of this certificate without changing any other fields in the certificate? Basically, I want to continue using this CA Cert to sign end-user certs for a longer time. Any help will be appreciated. Thanks.
Re: PEM_read_PrivateKey does not return private key
I have a private CA certificate created using openssl command line. The issue is that the certificate expires on 19th Oct, 2007. The question is that Is it possible to extend the expiry of this certificate without changing any other fields in the certificate? Basically, I want to continue using this CA Cert to sign end-user certs for a longer time. Any help will be appreciated. Thanks. Use the same key and the same DN and the cert will continue to act as a valid CA for any other certs you have signed. However, any site that has cached your CA cert will have to get the new one. Theirs will expire soon. Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PEM_read_PrivateKey does not return private key
On Wed, Oct 17, 2007 at 12:43:03PM -0700, Jim Fox wrote: I have a private CA certificate created using openssl command line. The issue is that the certificate expires on 19th Oct, 2007. The question is that Is it possible to extend the expiry of this certificate without changing any other fields in the certificate? Basically, I want to continue using this CA Cert to sign end-user certs for a longer time. Any help will be appreciated. Thanks. Use the same key and the same DN and the cert will continue to act as a valid CA for any other certs you have signed. Also the same serial number and authority identifier in v3 extensions if present in the expiring CA cert, for example: ... Serial Number: c5:30:80:16:44:78:d9:12 ... X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: F1:EF:77:42:18:C4:D6:E2:6D:1C:3D:A8:02:BE:E2:F3:E4:6E:50:40 X509v3 Authority Key Identifier: keyid:F1:EF:77:42:18:C4:D6:E2:6D:1C:3D:A8:02:BE:E2:F3:E4:6E:50:40 DirName:CA DN serial:C5:30:80:16:44:78:D9:12 ... If any of this information changes, certificates will fail verification. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
PEM_read_PrivateKey
call
PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void
*u)
{
if (!PEM_bytes_read_bio(data, len, nm, PEM_STRING_EVP_PKEY, bp, cb, u))
return NULL;
p = data;
if (strcmp(nm,PEM_STRING_RSA) == 0)
ret=d2i_PrivateKey(EVP_PKEY_RSA,x,p,len);
else if (strcmp(nm,PEM_STRING_DSA) == 0)
ret=d2i_PrivateKey(EVP_PKEY_DSA,x,p,len);
else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
ret=d2i_PrivateKey(EVP_PKEY_EC,x,p,len);
}
the cert nm find -BEGIN EC PRIVATE KEY-
then call
ret=d2i_PrivateKey(EVP_PKEY_EC,x,p,len);
id d2i_PrivateKey()
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
if ((ret-pkey.ec = d2i_ECPrivateKey(NULL,
(const unsigned char **)pp, length)) == NULL)
{
//ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
goto err;
}
break;
#endif
so last it's call
d2i_ECPrivateKey
but my ec curve is not in openssl curve list so it's error to read private
key
From: Rajeshwar Singh Jenwar [EMAIL PROTECTED]
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: i am confused in PEM_read_PrivateKey
Date: Wed, 14 Jun 2006 09:49:04 +0530
Hi Girish,
Can u explain how d2i is indeed getting resolve to
d2i_RSAPrivateKey() ?
RSJ
On 6/13/06, Girish Venkatachalam [EMAIL PROTECTED] wrote:
Sorry I was wrong. d2i indeed resolves to
d2i_RSAPrivateKey() which takes 3 parameters and
passes the first type parameter to d2i_PrivateKey()
which takes 4 parameters.
But it beats me why I cannot find the definition of
d2i_RSAPrivateKey() anywhere.
--- Rajeshwar Singh Jenwar [EMAIL PROTECTED] wrote:
how come ? plz explain.
On 6/13/06, Girish Venkatachalam
[EMAIL PROTECTED] wrote:
bcoz d2i resolves to d2i_X509() , not to
d2i_PrivateKey
--- 锟斤拷 锟斤拷锟斤拷 [EMAIL PROTECTED]
wrote:
when i use PEM_read_PrivateKey find it work
error
,so i look into
PEM_read_PrivateKey to find the reason.
first i find in
#define PEM_read_PrivateKey(fp,x,cb,u)
(EVP_PKEY
*)PEM_ASN1_read( \
(char
*(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char
**)x,cb,u)
next i find in
void *PEM_ASN1_read(d2i_of_void *d2i, const char
*name, FILE *fp, void **x,
pem_password_cb *cb, void *u)
{
BIO *b;
void *ret;
if ((b=BIO_new(BIO_s_file())) == NULL)
{
PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
return(0);
}
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
BIO_free(b);
return(ret);
}
then i goto
void *PEM_ASN1_read_bio(d2i_of_void *d2i, const
char
*name, BIO *bp, void
**x,
pem_password_cb *cb, void
*u)
{
const unsigned char *p=NULL;
unsigned char *data=NULL;
long len;
char *ret=NULL;
if (!PEM_bytes_read_bio(data, len, NULL,
name,
bp, cb, u))
return NULL;
p = data;
ret=d2i(x,p,len);
if (ret == NULL)
PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
OPENSSL_free(data);
return(ret);
}
i found the ret=d2i(x,p,len);
but the function is
EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a,
const unsigned char **pp,
long length)
i think d2i must have 4 parameter but is only
three,why? Thanks a lot!
_
锟斤拷锟斤拷锟斤拷锟?MSN Explorer:
http://explorer.msn.com/lccn/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
--
Njoy
RSJ
When life does not find a singer to sing her heart,
she produces a philosopher to speak her mind.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
--
Njoy
RSJ
When life does not find a singer to sing
Re: i am confused in PEM_read_PrivateKey
孙 金龙 wrote: thanks! i only want to read ec privatekey my ec privatekey is below -BEGIN EC PRIVATE KEY- MGACAQEEGAu0lmj+Fgurl8m7Tpwi4+wZk9GRSgdyjKALBgkqgRzXYwEBAgGhNAMy AQS0/wY++sZk+W3QERcmJ+5m1l+PKkaFhJelGBfWaDN4vmSZg7ltf8YtRaUVvyaS m1I= -END EC PRIVATE KEY- so i use EVP_PKEY *prikey; FILE *keyfp; if (!(prikey = PEM_read_PrivateKey(keyfp, NULL, NULL, NULL))) return 0; return 1; it always return 0,by the way the my ec curve is not in openssl ec curve list. the above ec private key specifies uses an OID to specify the ec group used but if openssl doesn't know the group it can't create a private key object. Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
i am confused in PEM_read_PrivateKey
when i use PEM_read_PrivateKey find it work error ,so i look into
PEM_read_PrivateKey to find the reason.
first i find in
#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
next i find in
void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
pem_password_cb *cb, void *u)
{
BIO *b;
void *ret;
if ((b=BIO_new(BIO_s_file())) == NULL)
{
PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
return(0);
}
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
BIO_free(b);
return(ret);
}
then i goto
void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void
**x,
pem_password_cb *cb, void *u)
{
const unsigned char *p=NULL;
unsigned char *data=NULL;
long len;
char *ret=NULL;
if (!PEM_bytes_read_bio(data, len, NULL, name, bp, cb, u))
return NULL;
p = data;
ret=d2i(x,p,len);
if (ret == NULL)
PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
OPENSSL_free(data);
return(ret);
}
i found the ret=d2i(x,p,len);
but the function is
EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
long length)
i think d2i must have 4 parameter but is only three,why? Thanks a lot!
_
免费下载 MSN Explorer: http://explorer.msn.com/lccn/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
bcoz d2i resolves to d2i_X509() , not to
d2i_PrivateKey
--- �� ���� [EMAIL PROTECTED] wrote:
when i use PEM_read_PrivateKey find it work error
,so i look into
PEM_read_PrivateKey to find the reason.
first i find in
#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY
*)PEM_ASN1_read( \
(char
*(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char
**)x,cb,u)
next i find in
void *PEM_ASN1_read(d2i_of_void *d2i, const char
*name, FILE *fp, void **x,
pem_password_cb *cb, void *u)
{
BIO *b;
void *ret;
if ((b=BIO_new(BIO_s_file())) == NULL)
{
PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
return(0);
}
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
BIO_free(b);
return(ret);
}
then i goto
void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char
*name, BIO *bp, void
**x,
pem_password_cb *cb, void *u)
{
const unsigned char *p=NULL;
unsigned char *data=NULL;
long len;
char *ret=NULL;
if (!PEM_bytes_read_bio(data, len, NULL, name,
bp, cb, u))
return NULL;
p = data;
ret=d2i(x,p,len);
if (ret == NULL)
PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
OPENSSL_free(data);
return(ret);
}
i found the ret=d2i(x,p,len);
but the function is
EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a,
const unsigned char **pp,
long length)
i think d2i must have 4 parameter but is only
three,why? Thanks a lot!
_
������� MSN Explorer:
http://explorer.msn.com/lccn/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
how come ? plz explain.
On 6/13/06, Girish Venkatachalam [EMAIL PROTECTED] wrote:
bcoz d2i resolves to d2i_X509() , not tod2i_PrivateKey--- ��
[EMAIL PROTECTED] wrote: when i use PEM_read_PrivateKey find it work error ,so i look into PEM_read_PrivateKey to find the reason. first i find in #define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY
*)PEM_ASN1_read( \ (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) next i find in void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
pem_password_cb *cb, void *u) { BIO *b; void *ret; if ((b=BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); BIO_free(b); return(ret);
} then i goto void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, pem_password_cb *cb, void *u) { const unsigned char *p=NULL;
unsigned char *data=""> long len; char *ret=NULL; if (!PEM_bytes_read_bio(data, len, NULL, name, bp, cb, u)) return NULL;
p = data; ret=d2i(x,p,len); if (ret == NULL) PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); OPENSSL_free(data); return(ret);
} i found the ret=d2i(x,p,len); but the function is EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,long length) i think d2i must have 4 parameter but is only
three,why? Thanks a lot!_ ��� MSN Explorer: http://explorer.msn.com/lccn/
__ OpenSSL Project http://www.openssl.org User Support Mailing List
openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]__
Do You Yahoo!?Tired of spam?Yahoo! Mail has the best spam protection aroundhttp://mail.yahoo.com__
OpenSSL Project http://www.openssl.orgUser Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]-- NjoyRSJWhen life does not find a singer to sing her heart,
she produces a philosopher to speak her mind.
Re: i am confused in PEM_read_PrivateKey
Sorry I was wrong. d2i indeed resolves to
d2i_RSAPrivateKey() which takes 3 parameters and
passes the first type parameter to d2i_PrivateKey()
which takes 4 parameters.
But it beats me why I cannot find the definition of
d2i_RSAPrivateKey() anywhere.
--- Rajeshwar Singh Jenwar [EMAIL PROTECTED] wrote:
how come ? plz explain.
On 6/13/06, Girish Venkatachalam
[EMAIL PROTECTED] wrote:
bcoz d2i resolves to d2i_X509() , not to
d2i_PrivateKey
--- �� ���� [EMAIL PROTECTED]
wrote:
when i use PEM_read_PrivateKey find it work
error
,so i look into
PEM_read_PrivateKey to find the reason.
first i find in
#define PEM_read_PrivateKey(fp,x,cb,u)
(EVP_PKEY
*)PEM_ASN1_read( \
(char
*(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char
**)x,cb,u)
next i find in
void *PEM_ASN1_read(d2i_of_void *d2i, const char
*name, FILE *fp, void **x,
pem_password_cb *cb, void *u)
{
BIO *b;
void *ret;
if ((b=BIO_new(BIO_s_file())) == NULL)
{
PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
return(0);
}
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
BIO_free(b);
return(ret);
}
then i goto
void *PEM_ASN1_read_bio(d2i_of_void *d2i, const
char
*name, BIO *bp, void
**x,
pem_password_cb *cb, void
*u)
{
const unsigned char *p=NULL;
unsigned char *data=NULL;
long len;
char *ret=NULL;
if (!PEM_bytes_read_bio(data, len, NULL,
name,
bp, cb, u))
return NULL;
p = data;
ret=d2i(x,p,len);
if (ret == NULL)
PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
OPENSSL_free(data);
return(ret);
}
i found the ret=d2i(x,p,len);
but the function is
EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a,
const unsigned char **pp,
long length)
i think d2i must have 4 parameter but is only
three,why? Thanks a lot!
_
������� MSN Explorer:
http://explorer.msn.com/lccn/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
--
Njoy
RSJ
When life does not find a singer to sing her heart,
she produces a philosopher to speak her mind.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
On Tue, 13 Jun 2006, Girish Venkatachalam wrote:
Sorry I was wrong. d2i indeed resolves to
d2i_RSAPrivateKey() which takes 3 parameters and
passes the first type parameter to d2i_PrivateKey()
which takes 4 parameters.
But it beats me why I cannot find the definition of
d2i_RSAPrivateKey() anywhere.
Isn't it always a pleasure to try finding where something is defined in
OpenSSL?
It is in crypto/rsa/rsa_asn1.c, defined through a macro
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname
(I think the easies way to find these things is to build the library and
then look for the object file where the function is defined)
--- Rajeshwar Singh Jenwar [EMAIL PROTECTED] wrote:
how come ? plz explain.
On 6/13/06, Girish Venkatachalam
[EMAIL PROTECTED] wrote:
bcoz d2i resolves to d2i_X509() , not to
d2i_PrivateKey
--- ?? [EMAIL PROTECTED]
wrote:
when i use PEM_read_PrivateKey find it work
error
,so i look into
PEM_read_PrivateKey to find the reason.
first i find in
#define PEM_read_PrivateKey(fp,x,cb,u)
(EVP_PKEY
*)PEM_ASN1_read( \
(char
*(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char
**)x,cb,u)
next i find in
void *PEM_ASN1_read(d2i_of_void *d2i, const char
*name, FILE *fp, void **x,
pem_password_cb *cb, void *u)
{
BIO *b;
void *ret;
if ((b=BIO_new(BIO_s_file())) == NULL)
{
PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
return(0);
}
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
BIO_free(b);
return(ret);
}
then i goto
void *PEM_ASN1_read_bio(d2i_of_void *d2i, const
char
*name, BIO *bp, void
**x,
pem_password_cb *cb, void
*u)
{
const unsigned char *p=NULL;
unsigned char *data=NULL;
long len;
char *ret=NULL;
if (!PEM_bytes_read_bio(data, len, NULL,
name,
bp, cb, u))
return NULL;
p = data;
ret=d2i(x,p,len);
if (ret == NULL)
PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
OPENSSL_free(data);
return(ret);
}
i found the ret=d2i(x,p,len);
but the function is
EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a,
const unsigned char **pp,
long length)
i think d2i must have 4 parameter but is only
three,why? Thanks a lot!
_
? MSN Explorer:
http://explorer.msn.com/lccn/
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
--
Njoy
RSJ
When life does not find a singer to sing her heart,
she produces a philosopher to speak her mind.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
On Tue, Jun 13, 2006, ?? wrote: when i use PEM_read_PrivateKey find it work error ,so i look into PEM_read_PrivateKey to find the reason. first i find in #define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) next i find in Well you may find it there but it is #if 0'ed out. This function is a special case in pem_pkey.c Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
On Tue, Jun 13, 2006, ?? wrote: when i use PEM_read_PrivateKey find it work error ,so i look into PEM_read_PrivateKey to find the reason. Printing out the error code in human readable form might help more (see FAQ) assuming you haven't done that already. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
thanks! i only want to read ec privatekey my ec privatekey is below -BEGIN EC PRIVATE KEY- MGACAQEEGAu0lmj+Fgurl8m7Tpwi4+wZk9GRSgdyjKALBgkqgRzXYwEBAgGhNAMy AQS0/wY++sZk+W3QERcmJ+5m1l+PKkaFhJelGBfWaDN4vmSZg7ltf8YtRaUVvyaS m1I= -END EC PRIVATE KEY- so i use EVP_PKEY *prikey; FILE *keyfp; if (!(prikey = PEM_read_PrivateKey(keyfp, NULL, NULL, NULL))) return 0; return 1; it always return 0,by the way the my ec curve is not in openssl ec curve list. From: Dr. Stephen Henson [EMAIL PROTECTED] Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: Re: i am confused in PEM_read_PrivateKey Date: Tue, 13 Jun 2006 19:31:57 +0200 On Tue, Jun 13, 2006, ?? wrote: when i use PEM_read_PrivateKey find it work error ,so i look into PEM_read_PrivateKey to find the reason. Printing out the error code in human readable form might help more (see FAQ) assuming you haven't done that already. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] _ 免费下载 MSN Explorer: http://explorer.msn.com/lccn/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: i am confused in PEM_read_PrivateKey
Hi Girish,
Can u explain how d2i is indeed getting resolve to d2i_RSAPrivateKey() ?
RSJ
On 6/13/06, Girish Venkatachalam [EMAIL PROTECTED] wrote:
Sorry I was wrong. d2i indeed resolves tod2i_RSAPrivateKey() which takes 3 parameters andpasses the first type parameter to d2i_PrivateKey()
which takes 4 parameters.But it beats me why I cannot find the definition ofd2i_RSAPrivateKey() anywhere.--- Rajeshwar Singh Jenwar [EMAIL PROTECTED] wrote:
how come ? plz explain. On 6/13/06, Girish Venkatachalam [EMAIL PROTECTED] wrote: bcoz d2i resolves to d2i_X509() , not to
d2i_PrivateKey --- �� [EMAIL PROTECTED] wrote:when i use PEM_read_PrivateKey find it work
error ,so i look into PEM_read_PrivateKey to find the reason. first i find in #define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY
*)PEM_ASN1_read( \ (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) next i find in void *PEM_ASN1_read(d2i_of_void *d2i, const char
*name, FILE *fp, void **x, pem_password_cb *cb, void *u) { BIO *b; void *ret;
if ((b=BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); return(0); }
BIO_set_fp(b,fp,BIO_NOCLOSE); ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); BIO_free(b); return(ret); }
then i goto void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, pem_password_cb *cb, void
*u) { const unsigned char *p=NULL; unsigned char *data=""> long len; char *ret=NULL;
if (!PEM_bytes_read_bio(data, len, NULL, name, bp, cb, u)) return NULL; p = data; ret=d2i(x,p,len);
if (ret == NULL) PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); OPENSSL_free(data); return(ret); }
i found the ret=d2i(x,p,len); but the function is EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
i think d2i must have 4 parameter but is only three,why? Thanks a lot! _
��� MSN Explorer: http://explorer.msn.com/lccn/ __
OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED] __
Do You Yahoo!? Tired of spam?Yahoo! Mail has the best spam protection around http://mail.yahoo.com __
OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED] -- Njoy RSJ When life does not find a singer to sing her heart,
she produces a philosopher to speak her mind.__Do You Yahoo!?Tired of spam?Yahoo! Mail has the best spam protection around
http://mail.yahoo.com__OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED]
-- NjoyRSJWhen life does not find a singer to sing her heart,she produces a philosopher to speak her mind.
PEM_read_PrivateKey() wont work on Windows (visual)
hi, I basically copied the code from sign.c, I call it like this: PEM_read_PrivateKey(fp, NULL, pass_cb, password); it crashes complaining about memory access. Has anyone make it work on Windows ? Is there any other way of loading a Private Key from a file (into a EVP obj) ? Thank you, roberto. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: PEM_read_PrivateKey() wont work on Windows (visual)
It works fine with a code similar to this: EVP_PKEY *key; BIO *bio; char *file; //Init file with the appropriate path to the private key file. char *password; //Init the password. bio = BIO_new( BIO_s_file() ); BIO_read_filename( bio, file ); key = PEM_read_bio_PrivateKey( bio, NULL, NULL, password ); Note that I am not providing a password callback and that I am using the bio version of the PEM_read_PrivateKey. I hope it helps. Marc-Andre -Original Message- From: Roberto Rodrigues - McLean [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 4:55 PM To: '[EMAIL PROTECTED]' Subject: PEM_read_PrivateKey() wont work on Windows (visual) hi, I basically copied the code from sign.c, I call it like this: PEM_read_PrivateKey(fp, NULL, pass_cb, password); it crashes complaining about memory access. Has anyone make it work on Windows ? Is there any other way of loading a Private Key from a file (into a EVP obj) ? Thank you, roberto. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Reading encrypted RSA key with PEM_read_PrivateKey
Hello When I make an RSA key with openssl genrsa -out key.pem 1024 I can read it fine with FILE* fp = ...; EVP_PKEY* pkey; pkey = PEM_read_PrivateKey(fp, 0, 0, 0); and use pkey to sign data. If I try the same with DES3 encryption openssl genrsa -out key.pem -des3 1024 the same code gives an error error:0906B072:PEM routines:PEM_get_EVP_CIPHER_INFO:unsupported encryption The pass phrase usage in apps/rsa.c suggests pkey = PEM_read_PrivateKey(fp, 0, 0, passphrase); could work. It doesn't, but gives the same error. Does anyone know a way read encrypted RSA keys to EVP_PKEY* variable? Or maybe RSA keys are not meant to be used this way? This refers to openssl-0.9.6c on a RH 7.2. Thanks, Jari Lappalainen __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
About PEM_read_privatekey, PEM_read_X509, etc Problem
Title: Message This document is in INSTALL.W32. If you don't use the multithreaded DLL runtime library (/MD option) yourprogram will almost certainly crash because malloc gets confused -- theOpenSSL DLLs are statically linked to one version, the application mustnot use a different one. You might be able to work around such problemsby adding CRYPTO_malloc_init() to your program before any calls to theOpenSSL libraries: This tells the OpenSSL libraries to use the samemalloc(), free() and realloc() as the application. However there are manystandard library functions used by OpenSSL that call malloc() internally(e.g. fopen()), and OpenSSL cannot change these; so in general you cannotrely on CYRPTO_malloc_init() solving your problem, and you shouldconsistently use the multithreaded library. If you want to build your openssl application on Win32 with VC++, Add '/MD' option on your project.
Re: About PEM_read_privatekey, PEM_read_X509, etc Problem
Title: Message This document is in INSTALL.W32. If you don't use the multithreaded DLL runtime library (/MD option) yourprogram will almost certainly crash because malloc gets confused -- theOpenSSL DLLs are statically linked to one version, the application mustnot use a different one. You might be able to work around such problemsby adding CRYPTO_malloc_init() to your program before any calls to theOpenSSL libraries: This tells the OpenSSL libraries to use the samemalloc(), free() and realloc() as the application. However there are manystandard library functions used by OpenSSL that call malloc() internally(e.g. fopen()), and OpenSSL cannot change these; so in general you cannotrely on CYRPTO_malloc_init() solving your problem, and you shouldconsistently use the multithreaded library. If you want to build your openssl application on Win32 with VC++, Add '/MD' option on your project.
PEM_read_privatekey
Title: Message I'm having some difficulty using PEM_read_privatekey. When I link my application with the debug dll ms runtime PEM_read_privateKey works, but if I link against the release dll ms runtime then PEM_read_PrivateKey exceptions out.. Anyone have a clue why this is? -Andrew T. FinnellSoftware EngineereSecurity Inc(321) 394-2485
PEM_read_PrivateKey - Memory to Memory
Is there some magic function within OpenSSL where the contents of a private RSA/DSA file can be passed via memory to the equivalent of the PEM_read_PrivateKey function? Ken __ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-560-9170 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
