[PATCHes] OpenSSL 0.9.6g: OBJ_txt2obj, EVP reinitialisation

2002-08-29 Thread Reddie, Steven
I've included two patches which fix issues introduced in OpenSSL 0.9.6e/f/g (I found them when upgrading from d to g). The first patch is a single character change that resolves ticket#260. The bug is that in EVP_txt2obj() the content length rather than the length of the tag+length+content is be

RE: [openssl.org #260] OBJ_txt2nid not working after upgrading to 0.9.6g

2002-08-29 Thread Reddie, Steven
in ASN1_get_object which had previously been indef'd out had been disabled due to this bug, ie. the symptom "fixed" rather than the cause. Steven -Original Message- From: Reddie, Steven Sent: Friday, 30 August 2002 11:09 AM To: [EMAIL PROTECTED] Subject: RE: [openssl.org #260]

RE: [openssl.org #260] OBJ_txt2nid not working after upgrading to 0.9.6g

2002-08-29 Thread Reddie, Steven
I've traced this down to ASN1_get_object. It fails at line 128 which had previously been ifdef'd out: if (*plength > (omax - (p - *pp))) { ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); /* Set this so that even if things are not long enou

Differences between BSAFE keys and OpenSSL keys

2001-08-30 Thread Reddie, Steven
I'm not clear on the problem here (I'm asking on behalf of someone). They claim that keys created with OpenSSL are not useable with BSAFE. They are also calling them BER keys. My understanding is that DER, being a subset of BER, is used for encoding all keys. Therefore a DER file is a BER file

RE: PKCS#11 engine support

2001-05-03 Thread Reddie, Steven
--Original Message- > From: Erwann ABALEA [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, May 03, 2001 6:58 PM > To: [EMAIL PROTECTED] > Subject: RE: PKCS#11 engine support > > On Thu, 3 May 2001, Reddie, Steven wrote: > > > Zoran, I'd be happy to test your impleme

RE: PKCS#11 engine support

2001-05-03 Thread Reddie, Steven
Zoran, I'd be happy to test your implementation. The PKCS#11 devices that I have at my disposal are: Eracom CSA7001/7002 nCipher nFast SCSI HSM GemPlus PC410 smartcard reader Litronic Netsignia 210 smartcard reader and I think there may be a Rainbow HSM and Rainbow

RE: Engine/pkcs#11: are the mod_exp functions required?

2001-03-12 Thread Reddie, Steven
I haven't implemented these in the context of an ENGINE, but have for earlier versions of OpenSSL via RSA_METHOD. I assume that the ENGINE is similar to RSA_METHOD. I left these mod_exp function pointers NULL since rsa_eay.c checks if it is non-NULL before calling it. If it is NULL, it uses the

RE: Encryption Problem

2001-02-08 Thread Reddie, Steven
I don't know of rsautl, but for RSA encryption in general the data being encrypted must be shorter than the key length (modulus length). For PKCS1 padding, the data length must be at least 11 bytes shorted than the key length. It's of course possible to encrypt consecutive blocks until all data

RE: smartcard / openssl integration +PKCS11

2001-01-18 Thread Reddie, Steven
You're code looks correct. To be accurate, there is no "public modulus". The modulus is the same for both the public and private key, and is therefore simply referred to as the modulus. I assume that you've also set: template[0].type = CKA_MODULUS; template[1].type = CKA_PUBLIC_

RE: cvs commit: openssl/crypto/rsa rsa_eay.c

2000-12-19 Thread Reddie, Steven
f Thorpe [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, December 20, 2000 7:38 AM > To: [EMAIL PROTECTED] > Subject: RE: cvs commit: openssl/crypto/rsa rsa_eay.c > > Hi, > > On Wed, 20 Dec 2000, Reddie, Steven wrote: > > > The problem with only locking during the

RE: cvs commit: openssl/crypto/rsa rsa_eay.c

2000-12-19 Thread Reddie, Steven
The problem with only locking during the assignment is that potentially mutliple threads will be doing [extensive] work that will be thrown away when they discover that another thread beat them to it. The result could be that the lock is held for less time, but all threads do more work and theref

RE: My patch to rsa_eay.c didn't seem to get accepted

2000-12-14 Thread Reddie, Steven
L PROTECTED] > Subject: Re: My patch to rsa_eay.c didn't seem to get accepted > > On Thu, 14 Dec 2000, Richard Levitte - VMS Whacker wrote: > > > From: "Reddie, Steven" <[EMAIL PROTECTED]> > > > > Steven.Reddie> I've come acros

My patch to rsa_eay.c didn't seem to get accepted

2000-12-13 Thread Reddie, Steven
Hi core team, On 4th October I submitted a patch to crypto/rsa/rsa_eay.c to fix some multithreaded race conditions. Nobody replied to my message at the time, and I've just noticed that the latest snapshot doesn't include these fixes. Did this just get overlooked, or was it purposely rejected?

RE: RSA encryption. How to use xxx_PADDING.

2000-11-16 Thread Reddie, Steven
Sounds a little confusing. If there's no easy way to tell at decryption time which blocks use which padding type then you've got a problem. If you don't mind potentially having an extra block, perhaps you should use PKCS1_PADDING for all blocks (ie. encrypt the first "key size - 11 bytes", then

RE: openssl on windows CE environment?

2000-10-26 Thread Reddie, Steven
though, but soon. Steven > -Original Message- > From: Ben Laurie [SMTP:[EMAIL PROTECTED]] > Sent: Friday, October 27, 2000 5:12 PM > To: [EMAIL PROTECTED] > Subject: Re: openssl on windows CE environment? > > "Reddie, Steven" wrote: > > > > I

RE: Still having recv socket problems on NT, but not Unix

2000-10-26 Thread Reddie, Steven
It sounds like you've observed too things: (1) In your previous thread, you mentioned that you had a nonblocking socket and were getting WSAEWOULDBLOCK returned on a recv. This means that there was no data ready for reading. There may have been some data just about to arrive, but at the time of

RE: openssl on windows CE environment?

2000-10-22 Thread Reddie, Steven
I've been doing this outside of work. I'll post some patches soon (within the next week if I get the time). The biggest problem with Windows CE is that there's no C runtime library, and it doesn't support the full Win32 API. Steven (Note: contact me on this list or my external email address, [

RE: RSA_private_decrypt produces garbage, sometimes

2000-10-15 Thread Reddie, Steven
Not all values that fit into a 128-byte buffer can be encrypted/decrypted. RSA doesn't treat the message merely as a buffer, but rather as a big number. The integer value of the message must be less than the integer value of the modulus. This is why PKCS#1 padding uses leading values of 0x00, 0x

RE: [BUG?] BIO_sock_should_retry() on Win32

2000-10-09 Thread Reddie, Steven
I've determined the exact cause of my trouble. It is a result of using OpenSSL in conjunction with the pthreads-win32 library, and implementing id_callback as a call to pthread_self, and may be a gotcha for other Win32 developers. The pthreads-win32 library implements pthread_self, and other fun

[BUG?] BIO_sock_should_retry() on Win32

2000-10-04 Thread Reddie, Steven
[Firstly, I'm working with 0.9.5a, but the relevant 0.9.6 source seems to be unchanged.] This may be a bigger problem than just my specific case, but here is what I've found: We are using BIO_do_handshake() to accept socket connections, which results in a call to BIO_accept(). Calling BIO_accep

[PATCH] Multithreaded race conditions in RSA crypto (rsa_eay.c)

2000-10-03 Thread Reddie, Steven
I've come across four race conditions in the following functions in rsa_eay.c: RSA_public_encrypt RSA_public_decrypt RSA_eay_mod_exp (x2) These can cause unexpected failure of the RSA_eay_ encryption/decryption functions for both public and private key operations. The pro

RE: extern private key, smart cards, RSA_METHOD_FLAG_NO_CHECK

2000-02-25 Thread Reddie, Steven
I create my own RSA_METHOD structure which contains pointers to my RSA public/private encrypt/decrypt functions. It also contains a flags member which is where I set RSA_METHOD_FLAG_NO_CHECK. I have the private key stored on the Hardware Security Module (HSM) and the certificate is available to

RE: Current state of PKCS#11 support in OpenSSL?

2000-02-24 Thread Reddie, Steven
Greg, I'm not sure about the state of PKCS#11 support in relation to the latest snapshot, however I can give you some answers in relation to the latest release, OpenSSL 0.9.4. Firstly, I work for a US company and I am unsure about the current state of the export restrictions, and therefore whethe

RE: Trying to use PKCS#11 from within SSL

2000-01-21 Thread Reddie, Steven
Thank you for the reply. The news about OpenSSL 0.9.5 dev is pleasing; thanks. Your comments about doing RSA private encrypt via PKCS#11 confuse me. Perhaps I am reading two points as one? How do I use the C_Sign() and C_VerifyRecover()? I'm a bit confused about what that paragraph means. Is