RSA_size() fails in window

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

RSA_size() fails in window

d947207
Hi everybody, I use openssl-0.9.7i to write a small program
on winxp, VC6.0
-----------------------------------------------------------
#include <stdio.h>
#include <openssl/rsa.h>

int  main( int argc, char* argv[] )
{
        RSA  *rsa_obj ;
        int   size ;

        CRYPTO_malloc_init() ;
        rsa_obj = RSA_new();
       
        size = RSA_size( rsa_obj ) ;
       
        RSA_free(rsa_obj) ;

        return 0 ;
}
-------------------------------------------------------
I have change library option as  MD, but error occurs when
calling RSA_size(),

execution error is
    Unhandled exception in main.exe(LIBEAY32.DLL):0xC0000005:Access Violation
   
What this message means ?

Thnaks

                                            Lung Sheng Chien
                                            Tsing Hua university, R.O.C




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: RSA_size() fails in window

Alain Damiral
Hi,

 From http://www.openssl.org/docs/crypto/RSA_size.html:
rsa->n must not be NULL.

In your code, it probably is. RSA_new initializes the structure but
doesn't generate a key. Try calling RSA_generate_key() before RSA_size():
http://www.openssl.org/docs/crypto/RSA_generate_key.html

Hope it helps !
**

[hidden email] wrote:

>Hi everybody, I use openssl-0.9.7i to write a small program
>on winxp, VC6.0
>-----------------------------------------------------------
>#include <stdio.h>
>#include <openssl/rsa.h>
>
>int  main( int argc, char* argv[] )
>{
> RSA  *rsa_obj ;
> int   size ;
>
> CRYPTO_malloc_init() ;
> rsa_obj = RSA_new();
>
> size = RSA_size( rsa_obj ) ;
>
> RSA_free(rsa_obj) ;
>
> return 0 ;
>}
>-------------------------------------------------------
>I have change library option as  MD, but error occurs when
>calling RSA_size(),
>
>execution error is
>    Unhandled exception in main.exe(LIBEAY32.DLL):0xC0000005:Access Violation
>    
>What this message means ?
>
>Thnaks
>
>                                            Lung Sheng Chien
>                                            Tsing Hua university, R.O.C
>
>
>
>
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [hidden email]
>Automated List Manager                           [hidden email]
>  
>


--
Alain Damiral,

I hope this message makes me look like a very intelligent person

Université Catholique de Louvain - student
alain.damiral'at'student.info.ucl.ac.be

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

SSL_connect fails with SSL_ERROR_SSL

Ambarish Mitra
Dear all,

Using openssl (openssl 0.9.7), I have set up a CA and this CA has issued 2
certs - one for client and the other for the server. I have checked that
these certificates are ok.

I am attempting to write a SSL client-server program.

SSL Server:- Java. It has a keystore, which contains the server cert and the
CA cert.

SSL Client: C. In the program, using appropraite openssl calls, I have added
the cleint certificate, the private key and the CA cert to the context.
Please see the code snippet.

/* code snippet starts - all error handling removed for readability */
                SSLeay_add_ssl_algorithms();
                meth = SSLv3_client_method();
                SSL_load_error_strings();

                ctx = SSL_CTX_new (meth);
                err = SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM);
                err = SSL_CTX_use_PrivateKey_file(ctx, PvtKeyFile, SSL_FILETYPE_PEM);
                SSL_CTX_check_private_key(ctx)

                SSL_CTX_load_verify_locations(ctx, TrustedCACertFile, NULL);

/* code snippet ends - all error handling removed for readability */


Initialization is successful, but the handshake fails. We first create TCP
socket and then "connect" as shown below. Then, we call SSL_connect, which
fails with SSL_ERROR_SSL. At this point, the Java server outputs
SSLException "No Trusted certificate".

        sd = socket(AF_INET, SOCK_STREAM, 0);
        int c = connect(sd, (struct sockaddr*) &host_id , sizeof(host_id));

// By now, the SSL context is initialized and the TCP sockets are created.
// Now, SSLize the TCP sockets.

        ssl = SSL_new(ctx); // create SSL objects from the SSL context.
        r = SSL_set_fd (ssl, sd); // Associate the network connection with the SSL
object.

        int err = SSL_connect (ssl); // Initiate the SSL handshake *********FAILS
HERE ************
        if (err <= 0)
        {
                int errcode = SSL_get_error(ssl, err);
                switch(errcode)
                {
                        /* other cases */
                        case SSL_ERROR_SSL: LogMesg(logger, LOGFATAL, "SSL connect: Protocol
Error."); break;
                }
        }


Can anyone please tell me what is happenning?


Best regards,
Ambarish.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SSL_connect fails with SSL_ERROR_SSL

Samy Thiyagarajan






Dear all,

Using openssl (openssl 0.9.7), I have set up a CA and this CA has issued 2
certs - one for client and the other for the server. I have checked that
these certificates are ok.

I am attempting to write a SSL client-server program.

SSL Server:- Java. It has a keystore, which contains the server cert and the
CA cert.

SSL Client: C. In the program, using appropraite openssl calls, I have added
the cleint certificate, the private key and the CA cert to the context.
Please see the code snippet.


...
Initialization is successful, but the handshake fails. We first create TCP
socket and then "connect" as shown below. Then, we call SSL_connect, which
fails with SSL_ERROR_SSL. At this point, the Java server outputs
SSLException "No Trusted certificate".


>> If you want client authentication, you need to explicitly state this at the server side(ie., you should ask
the client to send the certificate.) So to verify the authenticity of the certifiacte you shud have the CA( who signed the cert)in your list of " trusted CAs ".

I believe you need the following function..
SSL_CTX_set_verify()

I somewhere found that java does not support .pem format keystore( but im not sure). If I am right and if you are using .pem that might also be a reason.

Hope this helps,
Samy











                sd = socket(AF_INET, SOCK_STREAM, 0);
                int c = connect(sd, (struct sockaddr*) &host_id , sizeof(host_id));

// By now, the SSL context is initialized and the TCP sockets are created.
// Now, SSLize the TCP sockets.

                ssl = SSL_new(ctx);                                                   // create SSL objects from the SSL context.
                r = SSL_set_fd (ssl, sd);                                  // Associate the network connection with the SSL
object.

                int err = SSL_connect (ssl);                 // Initiate the SSL handshake *********FAILS
HERE ************
                if (err <= 0)
                {
                                 int errcode = SSL_get_error(ssl, err);
                                 switch(errcode)
                                 {
                                                  /* other cases */
                                                  case SSL_ERROR_SSL: LogMesg(logger, LOGFATAL, "SSL connect: Protocol
Error."); break;
                                 }
                }


Can anyone please tell me what is happenning?


Best regards,
Ambarish.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: SSL_connect fails with SSL_ERROR_SSL

Ambarish Mitra
Samy,
 
Thanks for your reply. On the server side (Java), I have explictly set client authentication to true.
 
ks.load(new FileInputStream(KEYSTORE_FILE), passphrase);
 
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
ssf = ctx.getServerSocketFactory();
 
sSocket = (SSLServerSocket)ssf.createServerSocket(tcpPort, 10);    //Creation of Server Socket

sSocket.setNeedClientAuth(true);    //Needs successful client authentication
 
<snip>
So to verify the authenticity of the certifiacte you shud have the CA(who signed the cert)in your list of "trusted CAs ".
</snip>
That CA cert is in the keystore file already of the server side.
 
 
Also, I am not using .PEM certificates, I am using what the keytool created, got the CSR signed.
 
 
 
 -----Original Message-----
From: [hidden email] [mailto:[hidden email]]On Behalf Of Samy Thiyagarajan
Sent: Tuesday, January 31, 2006 4:03 PM
To: [hidden email]
Subject: Re: SSL_connect fails with SSL_ERROR_SSL







Dear all,

Using openssl (openssl 0.9.7), I have set up a CA and this CA has issued 2
certs - one for client and the other for the server. I have checked that
these certificates are ok.

I am attempting to write a SSL client-server program.

SSL Server:- Java. It has a keystore, which contains the server cert and the
CA cert.

SSL Client: C. In the program, using appropraite openssl calls, I have added
the cleint certificate, the private key and the CA cert to the context.
Please see the code snippet.


...
Initialization is successful, but the handshake fails. We first create TCP
socket and then "connect" as shown below. Then, we call SSL_connect, which
fails with SSL_ERROR_SSL. At this point, the Java server outputs
SSLException "No Trusted certificate".


>> If you want client authentication, you need to explicitly state this at the server side(ie., you should ask
the client to send the certificate.) So to verify the authenticity of the certifiacte you shud have the CA( who signed the cert)in your list of " trusted CAs ".

I believe you need the following function..
SSL_CTX_set_verify()

I somewhere found that java does not support .pem format keystore( but im not sure). If I am right and if you are using .pem that might also be a reason.

Hope this helps,
Samy











                sd = socket(AF_INET, SOCK_STREAM, 0);
                int c = connect(sd, (struct sockaddr*) &host_id , sizeof(host_id));

// By now, the SSL context is initialized and the TCP sockets are created.
// Now, SSLize the TCP sockets.

                ssl = SSL_new(ctx);                                                   // create SSL objects from the SSL context.
                r = SSL_set_fd (ssl, sd);                                  // Associate the network connection with the SSL
object.

                int err = SSL_connect (ssl);                 // Initiate the SSL handshake *********FAILS
HERE ************
                if (err <= 0)
                {
                                 int errcode = SSL_get_error(ssl, err);
                                 switch(errcode)
                                 {
                                                  /* other cases */
                                                  case SSL_ERROR_SSL: LogMesg(logger, LOGFATAL, "SSL connect: Protocol
Error."); break;
                                 }
                }


Can anyone please tell me what is happenning?


Best regards,
Ambarish.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: SSL_connect fails with SSL_ERROR_SSL

Kyle Hamilton
Okay.  The question is:

You have a CA.  Did you encode the "CA:true" attribute in it?
You created a server certificate signed by that CA.  How?
You created a client certificate signed by that CA.  How?
You have loaded the CA certificate into the server's keystore, and
marked it 'trusted'.  Have you verified that it exists correctly in
the server's keystore?
You have loaded the CA certificate into the client's keystore, and
marked it 'trusted'.  Have you verified that it exists correctly in
the client's keystore?
Have you verified that the serial numbers on the certificates are not the same?

How did you verify that the certificates were okay?

Are there any requirements in Java's SSL implementation for specific
OIDs/extensions to be in the client certificate for it to be
recognized as such?

Do your certificates have 'version=3' properly encoded?

-Kyle H

On 1/31/06, Ambarish Mitra <[hidden email]> wrote:

>
>
> Samy,
>
> Thanks for your reply. On the server side (Java), I have explictly set
> client authentication to true.
>
> ks.load(new FileInputStream(KEYSTORE_FILE), passphrase);
>
> kmf.init(ks, passphrase);
> ctx.init(kmf.getKeyManagers(), null, null);
> ssf = ctx.getServerSocketFactory();
>
> sSocket = (SSLServerSocket)ssf.createServerSocket(tcpPort,
> 10);    //Creation of Server Socket
>
> sSocket.setNeedClientAuth(true);    //Needs successful client authentication
>
>
> <snip>
> So to verify the authenticity of the certifiacte you shud have the CA(who
> signed the cert)in your list of "trusted CAs ".
>
> </snip>
> That CA cert is in the keystore file already of the server side.
>
>
> Also, I am not using .PEM certificates, I am using what the keytool created,
> got the CSR signed.
>
>
>
>  -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]On Behalf Of Samy Thiyagarajan
> Sent: Tuesday, January 31, 2006 4:03 PM
> To: [hidden email]
> Subject: Re: SSL_connect fails with SSL_ERROR_SSL
>
>
>
>
>
>
>
> Dear all,
>
> Using openssl (openssl 0.9.7), I have set up a CA and this CA has issued 2
> certs - one for client and the other for the server. I have checked that
> these certificates are ok.
>
> I am attempting to write a SSL client-server program.
>
> SSL Server:- Java. It has a keystore, which contains the server cert and the
> CA cert.
>
> SSL Client: C. In the program, using appropraite openssl calls, I have added
> the cleint certificate, the private key and the CA cert to the context.
> Please see the code snippet.
>
> ...
> Initialization is successful, but the handshake fails. We first create TCP
> socket and then "connect" as shown below. Then, we call SSL_connect, which
> fails with SSL_ERROR_SSL. At this point, the Java server outputs
> SSLException "No Trusted certificate".
>
> >> If you want client authentication, you need to explicitly state this at
> the server side(ie., you should ask
> the client to send the certificate.) So to verify the authenticity of the
> certifiacte you shud have the CA( who signed the cert)in your list of "
> trusted CAs ".
>
> I believe you need the following function..
> SSL_CTX_set_verify()
>
> I somewhere found that java does not support .pem format keystore( but im
> not sure). If I am right and if you are using .pem that might also be a
> reason.
>
> Hope this helps,
> Samy
>
>
>
>
>
>
>
>
>
>
>
>                 sd = socket(AF_INET, SOCK_STREAM, 0);
>                 int c = connect(sd, (struct sockaddr*) &host_id ,
> sizeof(host_id));
>
> // By now, the SSL context is initialized and the TCP sockets are created.
> // Now, SSLize the TCP sockets.
>
>                 ssl = SSL_new(ctx);
>          // create SSL objects from the SSL context.
>                 r = SSL_set_fd (ssl, sd);
> // Associate the network connection with the SSL
> object.
>
>                 int err = SSL_connect (ssl);                 // Initiate the
> SSL handshake *********FAILS
> HERE ************
>                 if (err <= 0)
>                 {
>                                  int errcode = SSL_get_error(ssl, err);
>                                  switch(errcode)
>                                  {
>                                                   /* other cases */
>                                                   case SSL_ERROR_SSL:
> LogMesg(logger, LOGFATAL, "SSL connect: Protocol
> Error."); break;
>                                  }
>                 }
>
>
> Can anyone please tell me what is happenning?
>
>
> Best regards,
> Ambarish.
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: SSL_connect fails with SSL_ERROR_SSL

Ambarish Mitra
Kyle,

How to check "CA:true" attribute?

The server cert was signed by using the openssl utility sign-server-cert. It
is provided in the openssl link. Same for client cert. The server cert and
the CA cert was loaded into the keystore and using keytool utility, we
checked that it is okay.

On the client side, there is no keytool, but since it is in C, it is loaded
into the context programatically.

The cert serial numbers and the dates are verified to be okay. version = 3.

Ambarish.

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Kyle Hamilton
Sent: Tuesday, January 31, 2006 4:32 PM
To: [hidden email]
Subject: Re: SSL_connect fails with SSL_ERROR_SSL


Okay.  The question is:

You have a CA.  Did you encode the "CA:true" attribute in it?
You created a server certificate signed by that CA.  How?
You created a client certificate signed by that CA.  How?
You have loaded the CA certificate into the server's keystore, and
marked it 'trusted'.  Have you verified that it exists correctly in
the server's keystore?
You have loaded the CA certificate into the client's keystore, and
marked it 'trusted'.  Have you verified that it exists correctly in
the client's keystore?
Have you verified that the serial numbers on the certificates are not the
same?

How did you verify that the certificates were okay?

Are there any requirements in Java's SSL implementation for specific
OIDs/extensions to be in the client certificate for it to be
recognized as such?

Do your certificates have 'version=3' properly encoded?

-Kyle H

On 1/31/06, Ambarish Mitra <[hidden email]> wrote:

>
>
> Samy,
>
> Thanks for your reply. On the server side (Java), I have explictly set
> client authentication to true.
>
> ks.load(new FileInputStream(KEYSTORE_FILE), passphrase);
>
> kmf.init(ks, passphrase);
> ctx.init(kmf.getKeyManagers(), null, null);
> ssf = ctx.getServerSocketFactory();
>
> sSocket = (SSLServerSocket)ssf.createServerSocket(tcpPort,
> 10);    //Creation of Server Socket
>
> sSocket.setNeedClientAuth(true);    //Needs successful client
authentication

>
>
> <snip>
> So to verify the authenticity of the certifiacte you shud have the CA(who
> signed the cert)in your list of "trusted CAs ".
>
> </snip>
> That CA cert is in the keystore file already of the server side.
>
>
> Also, I am not using .PEM certificates, I am using what the keytool
created,

> got the CSR signed.
>
>
>
>  -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]On Behalf Of Samy Thiyagarajan
> Sent: Tuesday, January 31, 2006 4:03 PM
> To: [hidden email]
> Subject: Re: SSL_connect fails with SSL_ERROR_SSL
>
>
>
>
>
>
>
> Dear all,
>
> Using openssl (openssl 0.9.7), I have set up a CA and this CA has issued 2
> certs - one for client and the other for the server. I have checked that
> these certificates are ok.
>
> I am attempting to write a SSL client-server program.
>
> SSL Server:- Java. It has a keystore, which contains the server cert and
the
> CA cert.
>
> SSL Client: C. In the program, using appropraite openssl calls, I have
added

> the cleint certificate, the private key and the CA cert to the context.
> Please see the code snippet.
>
> ...
> Initialization is successful, but the handshake fails. We first create TCP
> socket and then "connect" as shown below. Then, we call SSL_connect, which
> fails with SSL_ERROR_SSL. At this point, the Java server outputs
> SSLException "No Trusted certificate".
>
> >> If you want client authentication, you need to explicitly state this at
> the server side(ie., you should ask
> the client to send the certificate.) So to verify the authenticity of the
> certifiacte you shud have the CA( who signed the cert)in your list of "
> trusted CAs ".
>
> I believe you need the following function..
> SSL_CTX_set_verify()
>
> I somewhere found that java does not support .pem format keystore( but im
> not sure). If I am right and if you are using .pem that might also be a
> reason.
>
> Hope this helps,
> Samy
>
>
>
>
>
>
>
>
>
>
>
>                 sd = socket(AF_INET, SOCK_STREAM, 0);
>                 int c = connect(sd, (struct sockaddr*) &host_id ,
> sizeof(host_id));
>
> // By now, the SSL context is initialized and the TCP sockets are created.
> // Now, SSLize the TCP sockets.
>
>                 ssl = SSL_new(ctx);
>          // create SSL objects from the SSL context.
>                 r = SSL_set_fd (ssl, sd);
> // Associate the network connection with the SSL
> object.
>
>                 int err = SSL_connect (ssl);                 // Initiate
the

> SSL handshake *********FAILS
> HERE ************
>                 if (err <= 0)
>                 {
>                                  int errcode = SSL_get_error(ssl, err);
>                                  switch(errcode)
>                                  {
>                                                   /* other cases */
>                                                   case SSL_ERROR_SSL:
> LogMesg(logger, LOGFATAL, "SSL connect: Protocol
> Error."); break;
>                                  }
>                 }
>
>
> Can anyone please tell me what is happenning?
>
>
> Best regards,
> Ambarish.
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]