headers
Geir Ståle Eidissen | 2 Feb 13:52
Favicon
Gravatar

Problem reading b64 encoded certificate

I have narrowed it down to that it is the base64 decoding that reports CRYPT_ERROR_BADDATA when a certificate is base64encoded without linefeeds and there is no b64padding.

 

IF the encoded certificate has b64 padding ( = or == at the end) it works fine:

 

-----BEGIN CERTIFICATE-----

MIIE […]lxsaxft0Q==

-----END CERTIFICATE-----

 

When decoding this certificate, the last call to decodeBase64chunk results in outByteCount being 1 or 2 depending on the padding, so it returns OK_SPECIAL that tells base64decode() that end of data is reached. Note that there are no linefeeds in the base64encoded data.

 

But if there is no padding, the base64decode() function fails.

 

----- BEGIN CERTIFICATE -----

[…] p1TB3zKyHB1avxusOpgVxDM

-----END CERTIFICATE-----

 

Because in the last call to decodeBase64chunk() the outByteCount = 3, so base64decode continues to read and trigs the check in base64.c line 749 that allows only lines of 127 bytes or less.

 

This was no problem in cryptlib 3.2, and the certificate is OK.

Is this something that can be corrected?

 

--

Geir S. Eidissen

 

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 0 comments |
headers
Geir Ståle Eidissen | 2 Feb 10:19
Favicon
Gravatar

cryptGetAttribute - what to use for cryptObject parameter to get error information

A call to cryptImportCert fails ( CRYPT_ERROR_BADDATA -32) and I want to get more information using CRYPT_ATTRIBUTE_ERRORLOCUS ect.

 

The problem is that I have no valid object for cryptGetAttribute so the calls to get errorlocus, errortype and errormessage fails, returning -1 (CRYPT_ERROR_PARAM1. )

I have tried using CRYPT_UNUSED as the object, but that fails too.

 

How can I find what's wrong with the certificate I try to import (pem-format, base64 encoded wrapped in ----- BEGIN CERTIFICATE-----,----- END CERTIFICATE----- ) .

 

Using Cryptlib 3.4.1

 

--

Geir S. Eidissen

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 1 comment |
headers
Florian Weimer | 1 Feb 11:05
Picon

x


--

-- 
Florian Weimer                <fweimer <at> bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 0 comments |
headers
Topwiz | 31 Jan 02:18
Favicon
Gravatar

Error Sending TLS SMTP email to servers that are not GMail


My program is written in PowerBuilder and uses the latest copy of cl32.dll to
send email. It works perfectly with GMail but when used with other servers
that require TLS it fails. PowerBuilder is very similar to VB6 in how it
calls .dll functions so I went by the example for that.

The error is returned from the call to activate the session. The error is
-32 "Bad/unrecognised data format".

Here is the code, minus the error handling:

ll_RetVal = cryptInit()
ll_RetVal = cryptCreateSession(ll_Session, CRYPT_UNUSED, CRYPT_SESSION_SSL)
ll_RetVal = cryptSetAttributeString(ll_Session, CRYPT_SESSINFO_SERVER_NAME,
ls_server, Len(ls_server))
ll_RetVal = cryptSetAttribute(ll_Session, CRYPT_SESSINFO_SERVER_PORT,
lui_port)
ll_RetVal = cryptSetAttribute(ll_Session, CRYPT_SESSINFO_ACTIVE, 1)

The variables that start with ll_ are Long, ls_ are String and lui_ are
UnsignedInteger. Long is a signed 4 byte number and UnsignedInteger is a
unsigned 2 byte number.

Thanks in advance,
Roland
--

-- 
View this message in context: http://old.nabble.com/Error-Sending-TLS-SMTP-email-to-servers-that-are-not-GMail-tp33230840p33230840.html
Sent from the Cryptlib mailing list archive at Nabble.com.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 7 comments |
headers
Graham Fenner | 14 Jan 09:33
Favicon

MySQL + ODBC Seg Fault

hello there i hope that you can help me.

I am using cryptlib with mysql and myodbc
 driver on linux.  I make a simple

certificate as described in the manual, 
I then open a ODBC database using

KeySetOpen .... i checked return errors 
and they are not returning bad , its

just that when i call 
AddPublicKey(keyset,cryptCertificate).

This is a high level function and it 
will connect to the database. Okay the

OPTION which is set on KeySetOpen is 
NONE because i want it to write.  Well,

when i call AddPublicKey i get a 
segmentation fault.  I used gdb to debug the

problem, it seems that mysqlclient is 
calling Escape function. Like so :

escape_string_for_mysql () from 
/usr/lib/libmysqlclient_r.so.16

This is where dbg found the segmentation
 fault signal.

I hope you can help me, i even recompiled
 the crypt source to try and figure

what is happening at a lower level.  I 
found that when odbc.c is calling

sqlStatus = SQLExecDirect( hStmt, query, 
queryLength ); that the fault happens.

I logged the parameters passed to that, 
like so :

backendType = 3
Bound Data = 
Bound Data State = 0
query Length = 70
command Length = 70
SQL_QUERY_BUFSIZE = 320
command = INSERT INTO certificates 
VALUES (?, ?, ?, ?, ?, ?, ?,?, ?, ?, ?, ?, ?)
query = INSERT INTO certificates VALUES 
(?, ?, ?, ?, ?, ?, ?,?, ?, ?, ?, ?, ?)

maybe ignore Bound Data , i used %s in printf
 lol so it searches for null character.

Would be interested to hear what i am doing wrong, cheers.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 1 comment |
headers
Wolfgang Gothier | 7 Dec 01:08
Picon

PGP (gnupg) with cryptlib.dll

Has anybody experience with encryption/decryption with PGP?
When I try to read a private key from secring.gpg, I always
get errorcode -22 (incorrect key used to decrypt data).
I had definitly the right password in cryptGetPrivateKey.

cryptGetPublicKey has errorcode = 0 when reading the same
key from secring.pgp or pubring.pgp
--
W. Gothier

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 1 comment |
headers
Johannes Poehlmann | 3 Nov 18:06
Picon
Favicon

import PGP keys into keyset

Hi.

Is ist possible to create a empty keyset and afterwards
import one/serveral PGP secret/public keys which are stored
in memory buffer/s ?

Is it possible to create a keyset without a correspondig file ?

-- 
Johannes Pöhlmann
software developer
johannes.poehlmann <at> izt-labs.de
IZT GmbH, Erlangen, Germany

Rechtsform und Sitz: GmbH, D-91058 Erlangen
Registergericht: AG Fürth, HRB 6716
Geschäftsführung: Rainer Perthold

Wie Sie wissen, können über das Internet versandte eMails leicht unter
fremden Namen erstellt oder manipuliert werden. Aus diesem Grund bitten
wir um Verständnis dafür, dass wir zu Ihrem und unserem Schutz die
rechtliche Verbindlichkeit der vorstehenden Erklärung ausschließen,
soweit wir mit Ihnen keine andere Vereinbarung getroffen haben.

Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie
nicht der richtige Adressat sind oder diese E-Mail irrtümlich
erhalten haben, informieren Sie bitte sofort den Absender
und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie
die unbefugte Weitergabe dieser E-Mail oder von Teilen dieser
E-Mail ist nicht gestattet.

The information contained in this message and any attachments
is intended only for the use of the individual or entity to
which it is addressed and may contain information that is
privileged, confidential and exempt from disclosure under
applicable law. If you have received this message in error,
you are prohibited from copying, distributing, or using the
information. Please contact the sender immediately by return
e-mail and delete the original message.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 3 comments |
headers
Johannes Poehlmann | 20 Oct 13:32
Picon
Favicon

Is someone providing Debian packages for cryptlib ?

Hello,

I have one question:

Are there binary cryptlib packages  for debian
(or another major)  linux  available ?

In analogy to the pre-compiled windows libraries this would
make it easier to use cryptlib in a linux software project.

Johannes

--

-- 
Johannes Pöhlmann software developer
johannes.poehlmann <at> izt-labs.de

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 3 comments |
headers
Александр Комратов | 15 Sep 10:37
Picon

Problems with simple enveloping

Hi people!

I'm using Cryltlib 3.4.0 both under WindowsXP SP3 and FreeBSD 8.2 (AMD64)

While creating envelopes in code beow I got an error.

  this->cl_err = 
cryptCreateEnvelope(&env,CRYPT_UNUSED,CRYPT_FORMAT_CRYPTLIB);
  if (this->cl_err) IRET(446);

  this->cl_err = cryptSetAttribute( env, CRYPT_ATTRIBUTE_BUFFERSIZE, 
src_size+16384);
  if (this->cl_err) IRET(449);

The last operation returns -2 i.e. CRYPT_ATTRIBUTE_BUFFERSIZE is a wrong 
attr for envelope.

real value for src_size was 32768, but might be aany one up to 32MB.

What's wrong?

PS  As a test one I tried to exclude buffer size definition from code 
but still using definition of raw data size. The result of data push was 
-30 (i.e. Data overflow).

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 1 comment |
headers
zhou y | 21 Aug 20:01
Picon

Cryptlib CMP CA must always be the same for one user?

Hi,


I have a problem when setup the Cryptlib CMP CA and use CMP for automation. I have to deploy two CAs, one is for a product production phase and use ir to store the first cert in the product,  then when the product is deployed in real world, I have to use another CA for a further cr process in order to build trust with other services. However, I find the 2nd cryptlib CA cannot auth the product at all, even you create a PKI user in that CA using the same DN. It seems the cryptlib checks the certId and trying to trace back all the way on that client till the first ir use its own database. If I am not wrong, is there any other way or I have to turn to other CMP CA?

Many Thanks
Efl
_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 1 comment |
headers
Florian Weimer | 9 Aug 13:17
Picon

Linking against system libraries

As discussed in the other thread, cryptlib embeds code from other
sources.  The symbols have not been mangled, so there are symbol
clashes.  In other contexts, I've seen crashes because of zlib version
mismatches.  This can be avoided by linking against the system zlib,
which appears to be straightforward.

However, with OpenSSL's libcrypto, it's more difficult, and there
appears to be an actual ABI change in crypt/des.h: DES_key_schedule has
an additional member weak_key in the OpenSSL version.  (The wrapping
struct seems less of an issue at the ABI level.)  This is actually used
in a few places, including the random number generator.  Is this known
to cause problems in practice?

--

-- 
Florian Weimer                <fweimer <at> bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply | 0 comments |

Gmane