this!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christophe Devine
Sent: Saturday, April 21, 2007 2:03 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
Edward Chan <[EMAIL PROTECTED]> wrote:
> But I think this always returned me 128 b
On Sat, Apr 21, 2007 at 07:45:24AM -0700, Edward Chan wrote:
> Excuse my ignorance, but isn't TLS a protocol, whereas DH an algorithm?
Exactly, so the protocol has known on-the-wire characteristics, but the
algorithm is a building block, and you have to build the protocol yourself,
and in some ra
D]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Friday, April 20, 2007 9:31 PM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Fri, Apr 20, 2007 at 03:43:41PM -0700, Edward Chan wrote:
> I apologize for the confusion. I thought I had stated the problem
> before
I thought I tried this, but let me try again.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christophe Devine
Sent: Saturday, April 21, 2007 2:03 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
Edward Chan <[EMAIL PROTECTED]> wrote:
Edward Chan <[EMAIL PROTECTED]> wrote:
> But I think this always returned me 128 bytes. So am I supposed to
> bzero the output buffer first?
Here's how I fixed the bug (not very elegant, it was a quick hack)
int i, ret = DH_compute_key(secret, pkey, m_dh);
if( ret > 0 && ret < 128 )
On Fri, Apr 20, 2007 at 03:43:41PM -0700, Edward Chan wrote:
> I apologize for the confusion. I thought I had stated the problem
> before. I'm basically trying to do a DH key exchange between different
> crypto libraries.
Why an explicit DH key exchange and not TLS, which is interoperable, and
11:00 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Fri, Apr 20, 2007 at 10:34:55AM -0700, Edward Chan wrote:
> I think the issue is with on the wire interoperability. Let me
> summarize my tests so far.
>
> Openssl to openssl - this works 100%
> CAP to CAPI -
But I think this always returned me 128 bytes. So am I supposed to
bzero the output buffer first?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christophe Devine
Sent: Friday, April 20, 2007 12:00 PM
To: openssl-users@openssl.org
Subject: Re: BIGNUM
> So the error was not in OpenSSL or CAPI, but rather in the incorrect
> use of the function DH_generate_key (the return value was not taken
> into account properly when setting up the shared secret). A simple
> fix is to add zero padding when the secret is less than 128 bytes.
My mistake, it's th
Edward Chan <[EMAIL PROTECTED]> wrote:
> Openssl to openssl - this works 100%
> CAP to CAPI - works 100%
> OpenSSL to CAPI - sporadic failures
> XySSL to CAPI - sporadic failures
> OpenSSL to XySSL - works 100%
I noted earlier that when your testcode failed, OpenSSL's secret
always begins with 0x
On Fri, Apr 20, 2007 at 10:34:55AM -0700, Edward Chan wrote:
> I think the issue is with on the wire interoperability. Let me
> summarize my tests so far.
>
> Openssl to openssl - this works 100%
> CAP to CAPI - works 100%
> OpenSSL to CAPI - sporadic failures
> XySSL to CAPI - sporadic failures
7:53 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Fri, Apr 20, 2007 at 01:12:29PM +0530, jimmy wrote:
> Edward Chan wrote:
> > I have more info on this now. I just tried openssl with bsafe
crypto-c
> > me. Again, I get sporadic failures. When I compare the 2 computed
On Fri, Apr 20, 2007 at 01:12:29PM +0530, jimmy wrote:
> Edward Chan wrote:
> > I have more info on this now. I just tried openssl with bsafe crypto-c
> > me. Again, I get sporadic failures. When I compare the 2 computed
> > shared secrets, I see that they are actually the same, except that bsa
Edward Chan wrote:
> I have more info on this now. I just tried openssl with bsafe crypto-c
> me. Again, I get sporadic failures. When I compare the 2 computed
> shared secrets, I see that they are actually the same, except that bsafe
> has some zero padded bytes at the beginning, even though it
n the ASN.1 format for BIGNUM's over
the wire?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Thursday, April 19, 2007 3:14 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Wed, Apr 18, 2007, Edward Chan wrote
On Wed, Apr 18, 2007, Edward Chan wrote:
> I was talking to the MS support guy who wrote that article. He said he
> has spoken with the engineers and assures me that it is not possible
> with DH keys.
>
> But if someone knows otherwise, I'd really love some sample code.
>
Well the alternativ
EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Tuesday, April 17, 2007 4:40 PM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Tue, Apr 17, 2007, Edward Chan wrote:
> The problem with CryptoAPI is that it doesn't give you direct access
to
> the shared secret. But I sus
On Tue, Apr 17, 2007, Edward Chan wrote:
> The problem with CryptoAPI is that it doesn't give you direct access to
> the shared secret. But I suspect it is wrong since the
> encryption/decryption fails (I encrypt something, and decrypt it, to
> make sure it is the same as the original).
>
It do
--Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Tuesday, April 17, 2007 11:38 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Tue, Apr 17, 2007 at 02:31:50PM -0400, Victor Duchovni wrote:
> On Tue, Apr 17, 2007 at 11:
On Tue, Apr 17, 2007 at 02:31:50PM -0400, Victor Duchovni wrote:
> On Tue, Apr 17, 2007 at 11:15:23AM -0700, Edward Chan wrote:
>
> > BN_bn2bin(dh->pub_key, buf);
> > ReverseBytes(buf, size); // MS CAPI requires this in little-endian
>
> Reversing the BER encoded bytes of a big endian integer do
Hmm, that's interesting. Then why does this seem to work most of the
time?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Tuesday, April 17, 2007 11:32 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Tue, A
On Tue, Apr 17, 2007 at 11:15:23AM -0700, Edward Chan wrote:
> BN_bn2bin(dh->pub_key, buf);
> ReverseBytes(buf, size); // MS CAPI requires this in little-endian
Reversing the BER encoded bytes of a big endian integer does not yield
the BER encoding of the correspoding little-endian integer.
--
L PROTECTED] On Behalf Of Edward Chan
Sent: Tuesday, April 17, 2007 11:15 AM
To: openssl-users@openssl.org
Subject: RE: BIGNUM library
The problem with CryptoAPI is that it doesn't give you direct access to
the shared secret. But I suspect it is wrong since the
encryption/decryption fails
;ll let you
know what I find. Thanks!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Tuesday, April 17, 2007 11:03 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Tue, Apr 17, 2007, Edward Chan wrote:
> Right
Hello,
> First I call DH_new() to get a new DH object.
>
> Then I fill in the p & g members of the DH obj with pre-generated prime
> and generator.
>
> Then I call DH_generate_key() which generates the pub_key and priv_key
> pair.
>
> I then do a BN_bn2bin() on the pub_key member to get a byte
On Tue, Apr 17, 2007, Edward Chan wrote:
> Right, I see what you're saying. I realize I'm not actually passing a
> BIGNUM. Let me clarify, this is what I'm doing.
>
> First I call DH_new() to get a new DH object.
>
> Then I fill in the p & g members of the DH obj with pre-generated prime
> and
Behalf Of Victor Duchovni
Sent: Tuesday, April 17, 2007 8:49 AM
To: openssl-users@openssl.org
Subject: Re: BIGNUM library
On Tue, Apr 17, 2007 at 08:42:12AM -0700, Edward Chan wrote:
> Thanks for the reply. So I'm a bit confused as to how different
crypto
> packages interoperate. I&#
whereas openssl doesn't.
Christophe
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
> Sent: Tuesday, April 17, 2007 1:55 AM
> To: openssl-users@openssl.org
> Subject: RE: BIGNUM library
>
> Hello,
&g
On Tue, Apr 17, 2007 at 08:42:12AM -0700, Edward Chan wrote:
> Thanks for the reply. So I'm a bit confused as to how different crypto
> packages interoperate. I've been having a problem with MS CryptoAPI
> doing a DH key exchange with OpenSSL. There are some quirks such as
> byte order, and a c
, April 17, 2007 1:55 AM
To: openssl-users@openssl.org
Subject: RE: BIGNUM library
Hello,
> Is there a specification on the format of a BIGNUM that someone can
> point me to?
Probably headers files.
> Is there a standard encoding/format that everyone adheres to?
Probably not.
> Or wou
Hello,
> Is there a specification on the format of a BIGNUM that someone can
> point me to?
Probably headers files.
> Is there a standard encoding/format that everyone adheres to?
Probably not.
> Or would different libraries have their own encodings? I hope not.
Most bignum libraries use thei
Is there a specification on the format of a BIGNUM that someone can
point me to? Is there a standard encoding/format that everyone adheres
to? Or would different libraries have their own encodings? I hope not.
Thanks,
Ed
From: [EMAIL PROTECTED]
[mailto:
32 matches
Mail list logo
