|
I have the following (part of openssl source code)
struct EVP_MD
{
int type;
int pkey_type;
int md_size;
unsigned long flags;
int (*init)(EVP_MD_CTX *ctx);
int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
int (*cleanup)(EVP_MD_CTX *ctx);
int (*sign)(int type, const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, void *key);
int (*verify)(int type, const unsigned char *m, unsigned int m_length,
const unsigned char *sigbuf, unsigned int siglen, void *key);
int required_pkey_type[5];
int block_size;
int ctx_size;
};
My question is in regards to the lines that look like this:
int (*init)(EVP_MD_CTX *ctx);
What the hell is that? It looks like a function pointer.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997 ----- "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
|
|
|
|
|
John Simmons / outlaw programmer wrote: It looks like a function pointer
Mostly because it is. A pointer to something like.
<br />
int InitFunc(EVP_MD_CTX* ctx)<br />
{<br />
}<br />
the struct member is called init
It looks like an attempt to sort of create a class in 'C' by tying functions to a struct to make them 'member' functions.
Anyway I thought you'd entirely graduated to 'toy' languages like C# and left all this grungy stuff behind?
Nothing is exactly what it seems but everything with seems can be unpicked.
|
|
|
|
|
I have had to do some pretty wide-ranging stuff. I've converted about 500 lines of PHP code down to 200 lines of C# code, and now my boss wants to see if we can convert part of the PHP source code that deals with openssl signature verification (written in C) to C# (the original message is part of that tasking). In order to convert it, I have to understand what it's doing in the original language. I've already suggested that we at least use C++/CLI, but he really wants it in C#.
I could have avoided this conversion if I could have found a way to verify the signature with the .net crypto stuff. I've never dealt with any kind of crypto stuff before, so I haven't got an earthly clue about where to start or what to look for in that regard (and nobody here or anywhere else seems to know where to point me). I am therefore doomed challenged to convert this code (if possible).
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997 ----- "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
|
|
|
|
|
That explains it. I have full confidence that you'll be able to convert this. C is great for porting because it's simple enough most of the time to be really certain about what it means just from reading it. I've had some great fun porting C to C++ in the past. Even better from what you posted this C was written by a C++ programmer anyway so it's already closer to C# than it might be in really nasty K&R C. Good luck.
Nothing is exactly what it seems but everything with seems can be unpicked.
|
|
|
|
|
Matthew Faithfull wrote: I have full confidence that you'll be able to convert this.
The problem is that I don't have time to convert it. I'd rather do this with the built in .Net crypto stuff if possible (see my exchange with led_mike).
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997 ----- "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
|
|
|
|
|
I sympathise with the time pressure. I'm afarid the Crypto API in C# is about as much out of my league as it gets. I can only wish you luck.
Nothing is exactly what it seems but everything with seems can be unpicked.
|
|
|
|
|
John Simmons / outlaw programmer wrote: and nobody here or anywhere else seems to know where to point me
PHP... does that mean a Web Application? So you are trying to convert to ASP.NET?
John Simmons / outlaw programmer wrote: openssl signature verification
Well I would start reading about security, certificates and signatures at a standards level. Once you have a grasp of that the Crypto API documentation will make a lot more sense and finally a .NET interface to it as well.
This[^] is old, but should prove useful. Also I have no current knowledge as to the levels of support in the Frameworks library versions. Also what .NET platform are you on, that likely makes a difference.
|
|
|
|
|
led mike wrote: PHP... does that mean a Web Application? So you are trying to convert to ASP.NET?
Actually, yes. I created a website project and converted all the php to C# (duplicating the PHP code's Hex2Bin() function was interesting to say the least). The signature verification part is the only thing I need to do, and it's proving to be a supreme bitch.
led mike wrote: Well I would start reading about security,
I just want a code snippet at this point. I'm bumping my head on time constraints (I've been at this for about two weeks now) and don't have the time or desire to ponder the subtle nuances that encompass the broader topic of "encryption".
I'm using .Net 2.0 (why anyone would start new .Net projects with anything older is beyond me).
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997 ----- "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
|
|
|
|
|
John Simmons / outlaw programmer wrote: I'm using .Net 2.0 (why anyone would start new .Net projects with anything older is beyond me).
Yeah, I was thinking newer because I have no idea what they added to 3.+
So if you are on ASP.NET running under IIS why are you messing with this? It sounds like you want SSL on your site and that is all just IIS configuration?
|
|
|
|
|
led mike wrote: So if you are on ASP.NET running under IIS why are you messing with this?
Because I don't know any better.
We don't need the sight to be a secure site. We just want to verify that the people trying to access it are coming from a another site through this crappy single sign-on code (I think they may have two or three users - counting our customer). Unfortunately, we're stuck with what the customer is using.
We get a query string that contains some data in the clear, some encrypted data, and a SSL signature. We already have the public key with which to verify the signature.
Everything is in place and ready to be "verified". That's all I need to do - *verify* the signature. This shouldn't require anything regarding SSL on the part of the server as far as I can tell (if it does, this just serves to illustrate my lack of knowledge in this area). Shouldn't I be able to simply verify the signature without having to make any changes on the IIS side? Shouldn't the crypto stuff in .Net let me do this?
The existing PHP code uses its internal openssl module and calls a single function with three parameters - the data, the public key, and the signature - and returns a 1 or a 0 to indicate success. I want to have a function that does exactly the same thing, but using the .Net crypto functionality, if possible. It appears as if it is possible, but I haven't been able to find anything that says how, and I can't find anyplace to ask other than here.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997 ----- "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
|
|
|
|
|
John Simmons / outlaw programmer wrote: We just want to verify that the people trying to access it are coming from a another site
??? I don't get that.
|
|
|
|
|
...coming from a specific site.
Like everything else web based, it's a clusterfuck of disparate technologies trying to rub each other the right way without puking all over each other's shoes.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997 ----- "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
|
|
|
|
|
ROTFLMAO... and I couldn't agree more. I've been involved in web dev off and on since 1996 and have seen it go from something that was enormously beneficial to being abused beyond all imagination by all the wanna-be jerkoffs.
But I was asking a specific question to try and assist you. Perhaps my reply in the new thread will start a fruitful conversation.
|
|
|
|
|
I just found a site that looks like it has a five-part article about what I'm after.
http://www.dotnetbips.com/articles/c9e90522-df22-4a0b-937a-913d6b992ddd.aspx[^]
Unfortunately, the associated download is lost somewhere on the site.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997 ----- "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
|
|
|
|
|
I think you would need to create a System.Security.Cryptography.X509Certificates.X509Certificate2 to represent the certificate, then get the PublicKey property's Key property, which is an abstract type representing the encryption algorithm used by the certificate, appropriately initialised.
Then you'd have to cast that to an RSACryptoServiceProvider or DSACryptoServiceProvider as appropriate (you can simply use as for this, to check the type and cast in one operation, as per C++ dynamic_cast ) and call VerifyData . For the halg parameter I think you pass the certificate's SignatureAlgorithm property (this may need to be the FriendlyName or the Value property).
Yes, I can see why you were struggling!
DoEvents : Generating unexpected recursion since 1991
|
|
|
|
|
Oh you don't really want to rewrite the crypto code in C# for your project.
All Web security is based on standards, all the algorithms are built into .Net framework, and most importantly - the administration part of handling the certificates, public/private keys and such.
This means that you can port the C code, but the result will be unmanageable: the administrators who know how to work with .Net servers, have no idea how it is done for PHP; the administrators who run PHP servers, do not know how to deal with .Net security policies. And no one knows how your solution will work when Microsoft issues the next security update.
I strongly recommend to use .Net native cryptography, even if you need to learn it or use an external expert.
Cheers,
Alex
|
|
|
|
|
Matthew Faithfull wrote: It looks like an attempt to sort of create a class in 'C' by tying functions to a struct to make them 'member' functions.
Spot on. Gtk[^] is full of these -ehm- constructs.
|
|
|
|
|
I'd say Windows, Linux, Un*x, <insert OS kernel here> are full of these constructs. Poor man's OO!
--
Kein Mitleid Für Die Mehrheit
|
|
|
|
|
Hello,
I've got a source code from here http://home.pacbell.net/michal_k/6502.html for the 6502 simulator, it's designed for vs6, i tried to compile it under vs2005, i got some compilation error, which i corrected then finally vs2005 generated the exe, when running it from vs2005 it tells me "Unable to start program 'path of the exe'" it doesn't even start the debugger, or step into the code, running it from out side vs2005, i got this error, "path of the exe The parameter is incorrect.", I'm sure it's not about the passed parameters to the exe, since the precompiled exe works fine without parameters, and vs2005, doesn't start the debugger, or step into the code to even check the parameters to be honest i didn't try to see the code to correct this problem, because i think, it's something else, i have no idea what, can some body help me?
Thanks for advance.
::
|
|
|
|
|
hontonihanashita wrote: to be honest i didn't try to see the code to correct this problem, because i think, it's something else, i have no idea what,
If you haven't taken the time to at least try to figure it out on your own, why should we be bothered to help you? Cowboy up and be a programmer for christ's sake.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997 ----- "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
|
|
|
|
|
Of course i did try to figure it out on my own, and i googled a lot, and even tried IRC, I just meant, i don't think it's something with the code, because it doesn't run at all, would somebody help me where to try.
thanks for advance.
::
|
|
|
|
|
If it's not the code maybe it's the project settings. I take it the project was auto-converted from VC6 to VC8 format. This is not a foolproof process especially if the VC6 project contained any custom build steps.
You need to check the VC8 project settings which are numerous and not something I'm expert in. If you get stuck you can always create a simple .exe project from scratch in VC8 and then compare the settings to try and spot something that would make your ported project fail, like building for the wrong architecture for example.
Nothing is exactly what it seems but everything with seems can be unpicked.
|
|
|
|
|
Thanks for the help, i found that the Entry Point was blank so i added WinMainCRTStartup, i thought this will solve the problem, but also the same problem
Thanks
::
|
|
|
|
|
I got it, it's a problem with the generated manifest file when i compared generated manifest files i found this missing
<dependency>
<dependentAssembly>
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />
</dependentAssembly>
</dependency>
i added it manually, and it worked, but is there a way to correct this automatically?
thanks every body
-- modified at 4:18 Tuesday 16th October, 2007
::
|
|
|
|
|
Hi CPians,
Driver Dll, VC++6.0. Nothing else.
I need a sort of vector implementation for my application, but I cannot bind STLs (nor have I MFC). So what I need is basically a container in which I could enqueue or drop data, without the memory being deallocated.
Before I start it from scratch, do you know by chance of any possible implementation ?
Thanks,
RaGE
~RaGE();
I think words like 'destiny' are a way of trying to find order where none exists. - Christian Graus
Do not feed the troll ! - Common proverb
|
|
|
|
|