Crypto Library question

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Crypto Library question

Friedline, Harold
Crypto Library question

I am attempting to write code to utilize the crypto(3) library that comes with openssl.  Specifically, I am using these functions

    OpenSSL_add_all_digests();
    md = EVP_get_digestbyname(dgst);
    EVP_DigestInit_ex(&mdctx, md, NULL);
    EVP_DigestInit(&mdctx, md);
    EVP_DigestUpdate(&mdctx, input_string, strlen(input_string));
    EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
    EVP_DigestFinal(&mdctx, md_value, &md_len);
    EVP_MD_CTX_cleanup(&mdctx)

The code compiles and links.  Using it, however, produces different results than using
        echo "some string" | openssl dgst -md5
Why are the results different and, am I utilizing the shared lib functions in a way that is causing bad results?

Thanks in advance!!

Harold Friedline
Barclaycard US

I think animal testing is a terrible idea; they get all nervous and give the wrong answers.





_______________________________________________________

Barclays
www.barclaycardus.com
_______________________________________________________

This e-mail and any files transmitted with it may contain confidential and/or proprietary information. It is intended solely for the use of the individual or entity who is the intended recipient. Unauthorized use of this information is prohibited. If you have received this in error, please contact the sender by replying to this message and delete this material from any system it may be on.
Reply | Threaded
Open this post in threaded view
|

Re: Crypto Library question

Marek.Marcola
Hello
> The code compiles and links.  Using it, however, produces different
> results than using
>         echo "some string" | openssl dgst -md5
Echo command adds "new line" characters.
Try someting like "echo -n" on linux or "\c" on hpux
to disable this.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Crypto Library question

Girish Venkatachalam
In reply to this post by Friedline, Harold
I tried your code and I had a suspicion that using the
*_ex() functions along with *() functions can cause
trouble. Which is what has happened in your case.

Here is the correct code for your reference. You are
supposed to stick to either Init_ex() , Final_ex()
functions or Init() ,Final() functions, you can't mix
the two.


#include <stdio.h>
#include <openssl/evp.h>
#include <openssl/ssl.h>

int main() {
        unsigned char
input_string[1024],md_value[1024];
        EVP_MD_CTX mdctx;
        const EVP_MD *md;
        int md_len,i;
        strcpy(input_string,"God is great");
        OpenSSL_add_all_digests();
        md = EVP_get_digestbyname("SHA1");
        EVP_DigestInit_ex(&mdctx, md, NULL);
        EVP_DigestUpdate(&mdctx, input_string,
strlen(input_string));
        EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
        EVP_MD_CTX_cleanup(&mdctx) ;
        for(i=0;i<md_len;i++)
                printf("%02X",md_value[i]);

}

This gives the same output as
echo -n "God is great"|openssl sha1

regards,
Girish

--- "Friedline, Harold" <[hidden email]>
wrote:

> I am attempting to write code to utilize the
> crypto(3) library that
> comes with openssl.  Specifically, I am using these
> functions
> OpenSSL_add_all_digests();
> md = EVP_get_digestbyname(dgst);
> EVP_DigestInit_ex(&mdctx, md, NULL);
> EVP_DigestInit(&mdctx, md);
> EVP_DigestUpdate(&mdctx, input_string,
> strlen(input_string));
> EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
> EVP_DigestFinal(&mdctx, md_value, &md_len);
> EVP_MD_CTX_cleanup(&mdctx)
> The code compiles and links.  Using it, however,
> produces different
> results than using
> echo "some string" | openssl dgst -md5
> Why are the results different and, am I utilizing
> the shared lib
> functions in a way that is causing bad results?
>
> Thanks in advance!!
>
> Harold Friedline
> Barclaycard US
>
> I think animal testing is a terrible idea; they get
> all nervous and give
> the wrong answers.
>
>
>
>
> Barclays             www.barclaycardus.com
>
> This e-mail and any files transmitted with it may
> contain confidential and/or proprietary information.
> It is intended solely for the use of the individual
> or entity who is the intended recipient.
> Unauthorized use of this information is prohibited.
> If you have received this in error, please contact
> the sender by replying to this message and delete
> this material from any system it may be on.
>
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Crypto Library question

Dr. Stephen Henson
In reply to this post by Friedline, Harold
On Mon, Mar 20, 2006, Friedline, Harold wrote:

> I am attempting to write code to utilize the crypto(3) library that
> comes with openssl.  Specifically, I am using these functions
> OpenSSL_add_all_digests();
> md = EVP_get_digestbyname(dgst);
> EVP_DigestInit_ex(&mdctx, md, NULL);
> EVP_DigestInit(&mdctx, md);
> EVP_DigestUpdate(&mdctx, input_string, strlen(input_string));
> EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
> EVP_DigestFinal(&mdctx, md_value, &md_len);
> EVP_MD_CTX_cleanup(&mdctx)
> The code compiles and links.  Using it, however, produces different
> results than using
> echo "some string" | openssl dgst -md5
> Why are the results different and, am I utilizing the shared lib
> functions in a way that is causing bad results?
>
>

Well other than the EOL which "echo" sends which has already been mentioned...

If you use the _ex() variants you have to initialize the context structure
first. That is you need an EVP_MD_CTX_init(&mdctx); better still is to use a
context pointer and create it with EVM_MD_CTX_create() and free it with
EVP_MD_CTX_destroy().

That is better because it maintains binary compatibility.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

X509_digest() help

vipin rathor
In reply to this post by Girish Venkatachalam

hi all,
    i need to fetch the thumbprint of the X509 cert. and for this i'm using X509_digest(). but it is throwing a segmentation fault. any idea how to fix this.....
  this is the code i'm using...
 
void print_thubprint(X509 *cert)
{
  const EVP_MD *md=NULL;
  unsigned char *buf=NULL;
  unsigned int len=0;
 
//md=EVP_get_digestbyname("SHA1");
/////////////////or
//md=EVP_sha1();
//both did not help....
 
  return=X509_digest(cert,md,buf,&len);  //throws SIGSEGV
....
//code to access buf [ ]
....
}
 
and the gdb output at this line shows:
"Program received signal SIGSEGV, segmentation fault
0x402215ed in SHA1_Final() from /usr/lib/libcrypto.so.0.9.7"
 
.........do i need to call EVP_init(),update(),final() explicitly???
 
Thanks in advance,
-vipin


Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze.
Reply | Threaded
Open this post in threaded view
|

Re: X509_digest() help

Girish Venkatachalam
Sorry if I sound too obvious.

Actually I think you need to allocate space for the
buffer, try with
unsigned char buf[4096] or something.

I am sure you have tried it ...

regards,
Girish

--- vipin rathor <[hidden email]> wrote:

>
> hi all,
>       i need to fetch the thumbprint of the X509
> cert. and for this i'm using X509_digest(). but it
> is throwing a segmentation fault. any idea how to
> fix this.....
>     this is the code i'm using...
>    
>   void print_thubprint(X509 *cert)
>   {
>     const EVP_MD *md=NULL;
>     unsigned char *buf=NULL;
>     unsigned int len=0;
>    
>   //md=EVP_get_digestbyname("SHA1");
>   /////////////////or
>   //md=EVP_sha1();
>   //both did not help....
>    
>     return=X509_digest(cert,md,buf,&len);  //throws
> SIGSEGV
>   ....
>   //code to access buf [ ]
>   ....
>   }
>    
>   and the gdb output at this line shows:
>   "Program received signal SIGSEGV, segmentation
> fault
>   0x402215ed in SHA1_Final() from
> /usr/lib/libcrypto.so.0.9.7"
>    
>   .........do i need to call
> EVP_init(),update(),final() explicitly???
>    
>   Thanks in advance,
>   -vipin
>
>
> ---------------------------------
> Yahoo! Mail
> Bring photos to life! New PhotoMail  makes sharing a
> breeze.


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Crypto Library question

Friedline, Harold
In reply to this post by Friedline, Harold
Thank you everyone for your help.  

Marek hit the nail on the head with his evaluation.  The issue was,
indeed, related to the "echo" command used in testing against the output
of the library function.  Solaris appends a newline (hex 'A' or octal
'012') to the echoed string which is subsequently evaluated by the
hashing algorithm.  The solution to this was to use 'printf "some
string" | openssl dgst -md5' as printf outputs only what is between the
quotes.


Harold Friedline
SA Analyst II
Credit & Risk Management
Barclaycard US
302.255.8062

What I am looking for is a blessing not in disguise.
        Jerome K. Jerome



-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Marek Marcola
Sent: Monday, March 20, 2006 4:28 PM
To: [hidden email]
Subject: Re: Crypto Library question

Hello
> The code compiles and links.  Using it, however, produces different
> results than using
>         echo "some string" | openssl dgst -md5
Echo command adds "new line" characters.
Try someting like "echo -n" on linux or "\c" on hpux
to disable this.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


Barclays             www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or proprietary information. It is intended solely for the use of the individual or entity who is the intended recipient. Unauthorized use of this information is prohibited. If you have received this in error, please contact the sender by replying to this message and delete this material from any system it may be on.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]