Re: OpenSSL 1.1.0 providing new OIDs to source code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This all sounds a bit mysterious...

would you mind sharing a test program that shows the problem, with
detailed step by step instructions (among others what libraries you're
running against each time)?  Preferably as a github issue, but here is
fine as well...

Cheers,
Richard

In message <DB6P195MB0182A9C918B5D06CF9A12FD8FBA90@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> on Mon, 10 Jul 2017 16:47:28 +0000, Matthias Ballreich <Matthias.Ballreich@xxxxxxxxxx> said:

Matthias.Ballreich> Yes, MY_NID is really NID_whatever. I tried it with putting
Matthias.Ballreich> OPENSSL_init_crypto(0, NULL); at start of my main().
Matthias.Ballreich> 
Matthias.Ballreich> Did not make any difference…
Matthias.Ballreich> 
Matthias.Ballreich> The Integer value of MY_NID will be printed out and is the correct
Matthias.Ballreich> integer value.
Matthias.Ballreich> 
Matthias.Ballreich> And i tried another thing. I replaced the two dll-libraries with the
Matthias.Ballreich> new created ones and then i run my Code and there all will be printed
Matthias.Ballreich> out correctly. BUT the whole time i used some older dll-libraries of
Matthias.Ballreich> openssl, (1.1.0f) and for development i used the latest 1.1.1-dev and
Matthias.Ballreich> then i build this, which has added a new x509 extension (Admission),
Matthias.Ballreich> which has a new OID (NID_extX509Admission, etc.) and there the short
Matthias.Ballreich> and long name will be printed out correctly after Building the Code.
Matthias.Ballreich> So this is a Little bit strange.
Matthias.Ballreich> 
Matthias.Ballreich> Or must i replace the dll-libraries every time i build the Code? But
Matthias.Ballreich> when, why has it worked with the old ones and the 1.1.1-dev (master
Matthias.Ballreich> branch)?
Matthias.Ballreich> 
Matthias.Ballreich> Best regards
Matthias.Ballreich> 
Matthias.Ballreich> Matthias
Matthias.Ballreich> 
Matthias.Ballreich> Von: Richard Levitte
Matthias.Ballreich> Gesendet: Montag, 10. Juli 2017 06:14
Matthias.Ballreich> An: openssl-users@xxxxxxxxxxx
Matthias.Ballreich> Betreff: Re:  OpenSSL 1.1.0 providing new OIDs to
Matthias.Ballreich> source code
Matthias.Ballreich> 
Matthias.Ballreich> In message
Matthias.Ballreich> <AM5P195MB018008B87ACD89D37B629CF3FBAB0@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Matthias.Ballreich> on Sat, 8 Jul 2017 23:31:00 +0000, Matthias Ballreich
Matthias.Ballreich> <matthias.ballreich@xxxxxxxxxx> said:
Matthias.Ballreich> 
Matthias.Ballreich> matthias.ballreich> Hi there,
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> i want to contribute some more OIDs. Therefore i
Matthias.Ballreich> added the OIDs inside
Matthias.Ballreich> matthias.ballreich> the „Objects.txt“ inside /crypto/objects
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> Then i run these commands:
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> perl objects.pl objects.txt obj_mac.num .
Matthias.Ballreich> matthias.ballreich> ./../include/openssl/obj_mac.h
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> perl obj_dat.pl ../../include/openssl/obj_mac.h
Matthias.Ballreich> obj_dat.h
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> perl objxref.pl obj_mac.num obj_xref.txt >
Matthias.Ballreich> obj_xref.h
Matthias.Ballreich> 
Matthias.Ballreich> Sure, that looks fine to me
Matthias.Ballreich> 
Matthias.Ballreich> matthias.ballreich> The files are generated / updated. Then i build
Matthias.Ballreich> the source which
Matthias.Ballreich> matthias.ballreich> builds fine without any exceptions. Then i tried
Matthias.Ballreich> to use the generated
Matthias.Ballreich> matthias.ballreich> NIDs in my Code. For test purposes i tried to
Matthias.Ballreich> print out the short and
Matthias.Ballreich> matthias.ballreich> Long Name of my new oid with OBJ_nid2sn(MY_NID)
Matthias.Ballreich> and OBJ_nid2(MY_NID).
Matthias.Ballreich> matthias.ballreich> But here it prints out an empty string.
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> When o try to use my NID with X509_get_ext_by_NID
Matthias.Ballreich> (cert, MY_NID, -1)
Matthias.Ballreich> matthias.ballreich> the Output is -2.
Matthias.Ballreich> matthias.ballreich>
Matthias.Ballreich> matthias.ballreich> So where is the Problem or what i’m doing wrong
Matthias.Ballreich> here? Thanks!
Matthias.Ballreich> 
Matthias.Ballreich> If you've come that far, MY_NID (which I assume is really
Matthias.Ballreich> NID_whatever) obviously exists, or your code wouldn't even have
Matthias.Ballreich> compiled. One possibility remains, that for some reason, libcrypto
Matthias.Ballreich> hasn't been initialised like it should. This can happen if you only
Matthias.Ballreich> call a very select set of OpenSSL functions. What happens if you add
Matthias.Ballreich> this at the start of your main()?
Matthias.Ballreich> 
Matthias.Ballreich> OPENSSL_init_crypto(0, NULL);
Matthias.Ballreich> 
Matthias.Ballreich> (note, that should be seen as a temporary measure, as this is called
Matthias.Ballreich> internally in quite a number of spots, so for larger uses of OpenSSL
Matthias.Ballreich> functionality, you shouldn't need that)
Matthias.Ballreich> 
Matthias.Ballreich> Cheers,
Matthias.Ballreich> Richard
Matthias.Ballreich> 
Matthias.Ballreich> --
Matthias.Ballreich> Richard Levitte levitte@xxxxxxxxxxx
Matthias.Ballreich> OpenSSL Project http://www.openssl.org/~levitte/
Matthias.Ballreich> --
Matthias.Ballreich> openssl-users mailing list
Matthias.Ballreich> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Matthias.Ballreich> 
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux