gmane.comp.encryption.cryptlib

cryptPopData() returns error -16 with TLS

Tamim — 2012-03-22T14:22:52

Hello,

I'm trying to establish a TLS session using the current version of cryptlib
under MSVS C++ Express 2010/Windows 7 as a client against a server application
which is TLS-enabled via stunnel! Sending messages using cryptPushData() seam to
work fine (according to the log entries of the server application) but
cryptPopData() returns -16 (CRYPT_INTERNAL_ERROR). The values of the attributes
CRYPT_ATTRIBUTE_ERRORTYPE and CRYPT_ATTRIBUTE_ERRORLOCUS after the error has
occured are 0. An attempt to get the value of the attribute
CRYPT_ATTRIBUTE_ERRORMESSAGE returns with the error code -43.

Here is the code:

CRYPT_SESSION cryptSession;
status = cryptInit();

if ( status == CRYPT_OK ) {

  /* Create the session */
  status = cryptCreateSession( &cryptSession, CRYPT_UNUSED, CRYPT_SESSION_SSL );
}

if ( status == CRYPT_OK ) {
  /* Add server name */
  int len = strlen(serverName);
  status = cryptSetAttributeString( cryptSession, CRYPT_SESSINFO_SERVER_NAME,
serverName, len );
}

if ( status == CRYPT_OK ) {
  /* A

SSH question

Mathias Spoerr — 2012-03-04T19:15:15

Hello,

 

is it somehow possible to read the pre-Authenticaion prompt when using SSH?
-> A device sends some data before authentication and I would need this
string for further analysis. 

At the moment I only get the receive data after authentication.

 

Thanks,

Mathias

 

 

_______________________________________________
Cryptlib mailing list
Cryptlib< at >mbsks.franken.deAdministration via Mail: cryptlib-request< at >mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Problem reading b64 encoded certificate

Geir Ståle Eidissen — 2012-02-02T12:52:26

I have narrowed it down to that it is the base64 decoding that reports CRYPT_ERROR_BADDATA when a certificate is base64encoded without linefeeds and there is no b64padding. 

 

IF the encoded certificate has b64 padding ( = or == at the end) it works fine:

 

-----BEGIN CERTIFICATE-----

MIIE [...]lxsaxft0Q==

-----END CERTIFICATE-----

 

When decoding this certificate, the last call to decodeBase64chunk results in outByteCount being 1 or 2 depending on the padding, so it returns OK_SPECIAL that tells base64decode() that end of data is reached. Note that there are no linefeeds in the base64encoded data.

 

But if there is no padding, the base64decode() function fails.

 

----- BEGIN CERTIFICATE -----

[...] p1TB3zKyHB1avxusOpgVxDM

-----END CERTIFICATE-----

 

Because in the last call to decodeBase64chunk() the outByteCount = 3, so base64decode continues to read and trigs the check in base64.c line 749 that allows only lines of 127 bytes or less. 

 

This was no problem in cryptlib 3.2, and the certif

cryptGetAttribute - what to use for cryptObjectparameter to get error information

Geir Ståle Eidissen — 2012-02-02T09:19:33

A call to cryptImportCert fails ( CRYPT_ERROR_BADDATA -32) and I want to get more information using CRYPT_ATTRIBUTE_ERRORLOCUS ect. 

 

The problem is that I have no valid object for cryptGetAttribute so the calls to get errorlocus, errortype and errormessage fails, returning -1 (CRYPT_ERROR_PARAM1. )

I have tried using CRYPT_UNUSED as the object, but that fails too. 

 

How can I find what's wrong with the certificate I try to import (pem-format, base64 encoded wrapped in ----- BEGIN CERTIFICATE-----,----- END CERTIFICATE----- ) .

 

Using Cryptlib 3.4.1

 

--

Geir S. Eidissen

_______________________________________________
Cryptlib mailing list
Cryptlib< at >mbsks.franken.deAdministration via Mail: cryptlib-request< at >mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

x

Florian Weimer — 2012-02-01T10:05:44

Error Sending TLS SMTP email to servers that are not GMail

Topwiz — 2012-01-31T01:18:31

My program is written in PowerBuilder and uses the latest copy of cl32.dll to
send email. It works perfectly with GMail but when used with other servers
that require TLS it fails. PowerBuilder is very similar to VB6 in how it
calls .dll functions so I went by the example for that.

The error is returned from the call to activate the session. The error is
-32 "Bad/unrecognised data format".

Here is the code, minus the error handling:

ll_RetVal = cryptInit()
ll_RetVal = cryptCreateSession(ll_Session, CRYPT_UNUSED, CRYPT_SESSION_SSL)
ll_RetVal = cryptSetAttributeString(ll_Session, CRYPT_SESSINFO_SERVER_NAME,
ls_server, Len(ls_server))
ll_RetVal = cryptSetAttribute(ll_Session, CRYPT_SESSINFO_SERVER_PORT,
lui_port)
ll_RetVal = cryptSetAttribute(ll_Session, CRYPT_SESSINFO_ACTIVE, 1)

The variables that start with ll_ are Long, ls_ are String and lui_ are
UnsignedInteger. Long is a signed 4 byte number and UnsignedInteger is a
unsigned 2 byte number.

Thanks in advance,
Roland

MySQL + ODBC Seg Fault

Graham Fenner — 2012-01-14T08:33:52

hello there i hope that you can help me.

I am using cryptlib with mysql and myodbc
 driver on linux.  I make a simple

certificate as described in the manual, 
I then open a ODBC database using

KeySetOpen .... i checked return errors 
and they are not returning bad , its

just that when i call 
AddPublicKey(keyset,cryptCertificate).

This is a high level function and it 
will connect to the database. Okay the

OPTION which is set on KeySetOpen is 
NONE because i want it to write.  Well,

when i call AddPublicKey i get a 
segmentation fault.  I used gdb to debug the

problem, it seems that mysqlclient is 
calling Escape function. Like so :

escape_string_for_mysql () from 
/usr/lib/libmysqlclient_r.so.16

This is where dbg found the segmentation
 fault signal.

I hope you can help me, i even recompiled
 the crypt source to try and figure

what is happening at a lower level.  I 
found that when odbc.c is calling

sqlStatus = SQLExecDirect( hStmt, query, 
queryLength ); that the fault happens.

I logged the p

PGP (gnupg) with cryptlib.dll

Wolfgang Gothier — 2011-12-07T00:08:27

Has anybody experience with encryption/decryption with PGP?
When I try to read a private key from secring.gpg, I always
get errorcode -22 (incorrect key used to decrypt data).
I had definitly the right password in cryptGetPrivateKey.

cryptGetPublicKey has errorcode = 0 when reading the same
key from secring.pgp or pubring.pgp
--
W. Gothier

_______________________________________________
Cryptlib mailing list
Cryptlib< at >mbsks.franken.deAdministration via Mail: cryptlib-request< at >mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

import PGP keys into keyset

Johannes Poehlmann — 2011-11-03T17:06:55

Hi.

Is ist possible to create a empty keyset and afterwards
import one/serveral PGP secret/public keys which are stored
in memory buffer/s ?

Is it possible to create a keyset without a correspondig file ?

Is someone providing Debian packages for cryptlib ?

Johannes Poehlmann — 2011-10-20T11:32:53

Hello,

I have one question:

Are there binary cryptlib packages  for debian
(or another major)  linux  available ?

In analogy to the pre-compiled windows libraries this would
make it easier to use cryptlib in a linux software project.


Johannes

Problems with simple enveloping

Александр Комратов — 2011-09-15T08:37:51

Hi people!

I'm using Cryltlib 3.4.0 both under WindowsXP SP3 and FreeBSD 8.2 (AMD64)

While creating envelopes in code beow I got an error.

  this->cl_err = 
cryptCreateEnvelope(&env,CRYPT_UNUSED,CRYPT_FORMAT_CRYPTLIB);
  if (this->cl_err) IRET(446);

  this->cl_err = cryptSetAttribute( env, CRYPT_ATTRIBUTE_BUFFERSIZE, 
src_size+16384);
  if (this->cl_err) IRET(449);

The last operation returns -2 i.e. CRYPT_ATTRIBUTE_BUFFERSIZE is a wrong 
attr for envelope.

real value for src_size was 32768, but might be aany one up to 32MB.

What's wrong?

PS  As a test one I tried to exclude buffer size definition from code 
but still using definition of raw data size. The result of data push was 
-30 (i.e. Data overflow).

_______________________________________________
Cryptlib mailing list
Cryptlib< at >mbsks.franken.deAdministration via Mail: cryptlib-request< at >mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed address

Cryptlib CMP CA must always be the same for one user?

zhou y — 2011-08-21T18:01:37

Hi,

I have a problem when setup the Cryptlib CMP CA and use CMP for automation.
I have to deploy two CAs, one is for a product production phase and use ir
to store the first cert in the product,  then when the product is deployed
in real world, I have to use another CA for a further cr process in order to
build trust with other services. However, I find the 2nd cryptlib CA cannot
auth the product at all, even you create a PKI user in that CA using the
same DN. It seems the cryptlib checks the certId and trying to trace back
all the way on that client till the first ir use its own database. If I am
not wrong, is there any other way or I have to turn to other CMP CA?

Many Thanks
Efl
_______________________________________________
Cryptlib mailing list
Cryptlib< at >mbsks.franken.deAdministration via Mail: cryptlib-request< at >mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam,

Linking against system libraries

Florian Weimer — 2011-08-09T11:17:02

As discussed in the other thread, cryptlib embeds code from other
sources.  The symbols have not been mangled, so there are symbol
clashes.  In other contexts, I've seen crashes because of zlib version
mismatches.  This can be avoided by linking against the system zlib,
which appears to be straightforward.

However, with OpenSSL's libcrypto, it's more difficult, and there
appears to be an actual ABI change in crypt/des.h: DES_key_schedule has
an additional member weak_key in the OpenSSL version.  (The wrapping
struct seems less of an issue at the ABI level.)  This is actually used
in a few places, including the random number generator.  Is this known
to cause problems in practice?

License clarifications

Florian Weimer — 2011-08-08T08:33:16

It seems that Cryptlib's license is not GPL-compatible at all, despite
what the web site says: the bignum implementation is licensed under the
OpenSSL license, which is considered GPL-incompatible for historic
reasons (it's similar to the four-clause BSD license).

Apparently, the Sleepycat license was amended to clarify its application
to SaaS configurations, in the spirit of the Affero GPL.  The GPL,
version 3, requires that licensees are permitted to redistribute covered
works to SaaS providers and subcontractors, provided that the recipients
do not receive any rights under copyright.  With a broad interpretation
of redistribution, the Sleepycat license would not allow this and thus
constitute a further restriction, making it incompatible with the GPLv3.
(This is a defect in the GPLv3, which is no longer a strong copyleft
license.)

I don't think those licensing aspects are that important because we're
still covered by the free license, but perhaps it's possible to clarify
the licensing situation in some

Tarball with UNIX-style line separators

Florian Weimer — 2011-08-08T08:12:04

Is there an official tarball which contains UNIX-style line separators
(LF instead of CRLF)?  Building from the ZIP sources fails for me
because the interpreter specified in the shebang cannot be found.

cryptlib 3.4.1 released

Peter Gutmann — 2011-07-27T15:29:07

It's now available via the usual link on the download page.  The main change
is a move from VS 2005 to VS 2010 for the Windows build, as well as the usual
raft of updates and minor changes.

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib< at >mbsks.franken.deAdministration via Mail: cryptlib-request< at >mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Setting up Pk11 token access

Family Bostrom — 2011-07-14T09:34:58

Hello everyone,

I have a strange behavior trying to connect and use the certificates
from a Spyrus LYNKS Series II HSM Pk#11 token.

Basically the problem boils down to the fact that registering the
driver to cryptlib by the code (snip) fails:

statusFromCL1 = cryptInit();
statusFromCL2 = cryptSetAttributeString ( CRYPT_UNUSED,
CRYPT_OPTION_DEVICE_PKCS11_DVR01, <path to driver in system32><length
of string>);
statusFromCL3 = cryptSetAttribute (
CRYPT_UNUSED,CRYPT_OPTION_CERT_VALIDITY, 2000 );
statusFromCL4 = cryptSetAttribute (
CRYPT_UNUSED,CRYPT_OPTION_CONFIGCHANGED, FALSE );

When calling the last function, there is an internal error in cryptlib
3.4 with reference to .\kernel\obj_acc.c, line 350 (this also applies
to version
3.3) HOWEVER, for cryptlib 3.2.X it works!

What can this be?!
Have someone seen this before?
I know that the token I call is old. I think it was released in
2005-2006 but it should still work in my opinion.

Thanks,
GB

_______________________________________________
Cryptlib mailing

Invitation to connect on LinkedIn

Ed Curren — 2011-07-11T23:35:14

LinkedIn
------------

   
Cryptlib,

I'd like to add you to my professional network on LinkedIn.

- Ed

Ed Curren
Software Architect at Department of Homeland Security 
Washington D.C. Metro Area

Confirm that you know Ed Curren
https://www.linkedin.com/e/w4ymsl-gq02l6sz-c/isd/3502466565/To8M3J0j/

TR : cross-compile cryptlib 3.4.0 with arm-linux-gcc

Ludo Brands — 2011-05-19T15:49:32

Replied by accident to sender directly. 


-----Message d'origine-----
De : Ludo Brands [mailto:ludo.brands< at >free.fr] 
Envoyé : jeudi 19 mai 2011 11:09
À : 'yuqm'
Objet : RE : [Cryptlib] cross-compile cryptlib 3.4.0 with arm-linux-gcc


You specified the compiler but not the target architecture. The target
architecture is the ubuntu one (arch=pentiumpro). 
The closest target I can find for android on ARM in the makefile is
target-uclinux. Try "make target-uclinux". 

Ludo



-----Message d'origine-----
De : cryptlib-bounces< at >mbsks.franken.de
[mailto:cryptlib-bounces< at >mbsks.franken.de] De la part de yuqm Envoyé : jeudi
19 mai 2011 10:09 À : cryptlib< at >mbsks.franken.de Objet : [Cryptlib]
cross-compile cryptlib 3.4.0 with arm-linux-gcc



Hi,
In my Android project,I need to used cryptlib statically-linked library.So
under Ubuntu, I used arm-linux-gcc to cross-compile the cryptlib project.But
it failed! 
I can not really read the makefile and donnot know if it support the arm
linux cross-compilation. Here is the

cross-compile cryptlib 3.4.0 with arm-linux-gcc

yuqm — 2011-05-19T08:09:16

Hi,
In my Android project,I need to used cryptlib statically-linked library.So
under Ubuntu, I used arm-linux-gcc to cross-compile the cryptlib project.But
it failed! 
I can not really read the makefile and donnot know if it support the arm
linux cross-compilation.
Here is the Error Message:

/***************************************************/
lcz< at >ubuntu:~/Desktop/cl340$ make CC=arm-linux-gcc
make[1]: Entering directory `/home/lcz/Desktop/cl340'
make[1]: Leaving directory `/home/lcz/Desktop/cl340'
make[1]: Entering directory `/home/lcz/Desktop/cl340'
make[1]: Leaving directory `/home/lcz/Desktop/cl340'
make[1]: Entering directory `/home/lcz/Desktop/cl340'
make[2]: Entering directory `/home/lcz/Desktop/cl340'
arm-linux-gcc -c -DNDEBUG -I. -DDATA_LITTLEENDIAN -DHAS_RECURSIVE_MUTEX
-DHAS_ROBUST_MUTEX -march=pentiumpro -O2 -Wno-pointer-sign
-Wno-strict-aliasing -std=gnu99 -fstack-protector -D_FORTIFY_SOURCE=2
-DOSVERSION=2 -DUSE_ASM -fomit-frame-pointer -D_REENTRANT -o
./static-obj/bn_add.o bn/bn_add.c
bn/bn_

Python examples of Cryptlib usage

Louis Cordier — 2011-05-11T08:52:30

Hi,

I am trying to develop / implement a Python OCSP server.
I am looking for any Python / Cryptlib examples that can help my in my
quest.

Regards, Louis.