Re: [EXTERNAL] RE: enforcing mutual auth from the client

[Sands, Daniel via openssl-users]

On Fri, 2022-09-02 at 00:22 +, Wall, Stephen wrote:
> > A compromised server could easily still request the client
> > certificate, no?
> > But as noted, even a compromised server can ask for client
> > credentials and then
> 
> Yes, that's true.  If the intruder knew to do so.  Also, a thief can
> break your window and get into your car, so you might as well leave
> them rolled down all the time.
> 
> The question wasn't "Should I care that..."  or "Is it a good idea
> to...".  It was "Can OpenSSL 3 do this".
> 
>  
You really should be asking "Should I care that..." though.  Security
by policy is even weaker than security by obscurity.  Don't let
detection of this little "gotcha" lull you into a false sense of
security, or even heightened security.

RE: [EXTERNAL] RE: enforcing mutual auth from the client

[Sands, Daniel via openssl-users]

> > It is not clear what threat model warrants taking special action when
> > the client certificate is not requested.  It could equally be
> > requested and then largely ignored.
> 
> A client in a highly secured network knows that every server it connects to 
> will
> require a client certificate.  If the request fails to arrive, it's either a
> misconfiguration or a compromised server.  In either case, the client prefers 
> to
> fail and make the user aware of a problem rather than risk compromising
> sensitive data with the user unaware that there was unexpected behavior.
But as noted, even a compromised server can ask for client credentials and then 
ignore them.  So in your threat model, the client might think it is talking to 
a legit server just because it asks for a certificate like it's "supposed to".  
But will happily be exchanging sensitive data with this compromised server.

RE: [EXTERNAL] Re: IMPLEMENT_ASN1_FUNCTIONS tutorial or help

[Sands, Daniel via openssl-users]

> My latest attempt to code the below DER is this.  It compiles, but the d2i
> segfaults on apparently the second element.
> 
> Anything obviously wrong?
> 
> typedef struct  {
>  ASN1_INTEGER *version;
>  ASN1_INTEGER *serialNumber;
>  X509_ALGOR *signature;
>  X509_PUBKEY *key;
> } TPM_ADDTOCERT;
> 
> ASN1_SEQUENCE(TPM_ADDTOCERT) = {
>  ASN1_EXP_OPT(TPM_ADDTOCERT, version, ASN1_INTEGER, 0),
>  ASN1_EMBED(TPM_ADDTOCERT, serialNumber, ASN1_INTEGER),
>  ASN1_EMBED(TPM_ADDTOCERT, signature, X509_ALGOR),
>  ASN1_SIMPLE(TPM_ADDTOCERT, key, X509_PUBKEY), }
> ASN1_SEQUENCE_END(TPM_ADDTOCERT)
> 
> DECLARE_ASN1_FUNCTIONS(TPM_ADDTOCERT)
> IMPLEMENT_ASN1_FUNCTIONS(TPM_ADDTOCERT)
> 
>   const unsigned char *tmpptr = out.addedToCertificate.t.buffer;
>   TPM_ADDTOCERT *addToCert = d2i_TPM_ADDTOCERT(NULL,
> , out.addedToCertificate.t.size);

The dump you show below is:
Attributes (set, tagged with a 0, optional)
Version
privateKeyAlgorithm
privateKey

This is a PKCS#8 packet for a key.  The encapsulated data is the RSA public key 
in PKCS1 format.  I know OpenSSL has built-in PKCS#8 capability, though I do 
note that the optional attribute set is out of sequence.

Either way, you could look at the PKCS8 source code and simply move the 
attribute to the beginning and otherwise duplicate the ASN1 parts and structure 
there, even if OpenSSL fails to parse this not-quite-spec packet.

References:
https://datatracker.ietf.org/doc/html/rfc8017#page-54 (PKCS#1)
https://datatracker.ietf.org/doc/html/rfc5208#page-5 (PKCS#8)

> 
> On 8/16/2021 4:56 PM, Ken Goldman wrote:
> >
> > The dump looks like this:
> >
> >   0 337: SEQUENCE {
> >    4   3: . [0] {
> >    6   1: . . INTEGER 2
> >     : . . }
> >    9  21: . INTEGER 00 87 12 50 78 0A C9 8B 60 DD AC FA 75 18 05 EC DC
> > 30 51 53 23
> >   32  13: . SEQUENCE {
> >   34   9: . . OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840
> > 113549 1 1 11)
> >     : . . . (PKCS #1)
> >   45   0: . . NULL
> >     : . . }
> >   47 290: . SEQUENCE {
> >   51  13: . . SEQUENCE {
> >   53   9: . . . OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
> >     : . . . . (PKCS #1)
> >   64   0: . . . NULL
> >     : . . . }
> >   66 271: . . BIT STRING, encapsulates {
> >   71 266: . . . SEQUENCE {
> >   75 257: . . . . INTEGER
> >     : . . . . . 00 B0 83 4A E9 41 78 E0 6A C3 0F D6 E4 B9 7D 96
> >     : . . . . . 70 74 05 00 C9 E2 2C 6C 4C 6E 16 02 40 5C 35 29
> >     : . . . . . F6 EF 9F 55 3A BD 4B 74 1D 6A 21 38 20 69 C8 88
> >     : . . . . . A3 6B 56 62 2A 91 02 41 58 92 97 87 19 1C AD 19
> >     : . . . . . 53 56 FB 7E 9D 86 B8 4E 8D 82 6A 87 A7 93 55 8F
> >     : . . . . . AB E8 89 D7 63 0B C9 02 99 D8 37 F8 FB 6B 32 98
> >     : . . . . . 6A 05 3F 9E 22 B6 D3 6F BB BE 2D AC 6C 74 17 5D
> >     : . . . . . 15 EE 84 E5 A4 8F 9C C3 83 CD 83 81 63 EC B5 85
> >     : . . . . . 6B 1A B8 57 80 2C ED E3 A7 F2 8C F7 3F 13 D9 27
> >     : . . . . . 2E 64 37 49 E6 47 8E 0A 11 64 46 72 DD F9 EB 4F
> >     : . . . . . B8 13 58 0B 47 F7 72 AB 29 D6 A5 05 44 30 E7 8D
> >     : . . . . . FE 86 8A E8 5F 10 91 13 04 57 47 96 A7 97 28 3C
> >     : . . . . . 39 BD 23 3F C6 41 5E 45 3F A5 41 F5 BF 7D C2 7C
> >     : . . . . . CC F9 97 20 3F 20 82 AF 64 8C BC 0D 99 F4 BA 10
> >     : . . . . . 53 58 C5 EC 86 DE 26 ED D9 D6 F2 60 49 C9 E7 9B
> >     : . . . . . 6A 64 D2 BC C5 0E B0 1D EB 45 43 89 A6 4E 64 B4
> >     : . . . . . A1
> > 336   3: . . . . INTEGER 65537
> >     : . . . . }
> >     : . . . }
> >     : . . }
> >     : . }
> >
> >
> >
> 

RE: [EXTERNAL] Re: IMPLEMENT_ASN1_FUNCTIONS tutorial or help

[Sands, Daniel via openssl-users]

> >> Now I would like to do the other end, where I have der and I want to
> >> parse back to the structure, using d2i()
> >>
> >> 1 - Is there a tutorial on this?
> >
> > Seems like you don't need one. If you got i2d working you should have d2i
> already!
> >
> 
> I wasn't clear.  The input and output sides are different asn.1.
> 
> For the input side, a poster give me the structure and I only need the i2d().
> That's done - amazing.
> 
> This worked so well that I would like to use the same pattern for the output 
> side,
> where I need d2i().
> 
> I posted the DER dump below, but I don't know how to map that to the
> structures that the openssl macros can consume.

If you want a generalized parser, you need the schema.  Yes, you could make an 
ASN1 structure to parse THAT input, but if you want to parse all input of that 
type, you need to know about optional values, arbitrary repeats, etc.  The 
schema would specify all of that.

RE: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0

[Sands, Daniel via openssl-users]

From: Narayana, Sunil Kumar 
Sent: Thursday, December 17, 2020 8:17 AM
To: Sands, Daniel ; openssl-users@openssl.org
Subject: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0

Hi,
For the equivalent replacement of DH_compute_key in 3.0, we 
tried to perform the steps suggested in earlier mail below
Our steps are as follows, but we see EVP_PKEY_derive  fails to perform.  please 
suggest if any steps are wrong or missing here.

//input - BIGNUM - pubkey, privkey, p ,
//output - sharedsecret

Evp_compute_key(unsigned char* sharedSecret, unsigned int len, BIGNUM *pubkey, 
BIGNUM *privkey, BIGNUM* dh_p)
{
OSSL_PARAM params[5];
unsigned char*  p_str = BN_bn2dec (dh_p);
unsigned char* pub_str = BN_bn2dec (pubkey);
unsigned char* priv_str = BN_bn2dec (privkey);

params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, p_str, 
strlen(p_str));
params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, );
params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, pub_str, 
strlen(pub_str));
params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, priv_str, 
strlen(priv_str));
params[4] = OSSL_PARAM_construct_end();

gctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
EVP_PKEY_derive_init(gctx)
EVP_PKEY_CTX_set_params(gctx, params)

/* Determine buffer length */
EVP_PKEY_derive(gctx, NULL, )
EVP_PKEY_derive(gctx, sharedSecret, )
}

Note - EVP_PKEY_derive -- call fails what is wrong in the steps can you please g




To derive a shared secret, you also need your peer’s public key.  It will also 
be presented as an EVP_PKEY structure.

RE: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0

[Sands, Daniel via openssl-users]

Hi Daniel,
Thanks we will try it out.
One more doubt regarding  DH_generate_key, as per earlier suggestion we tried 
following changes to replicate the generate key, but we observe that the out 
put key is not matching with the one that is obtained by DH_generate_key() of 
older version. Note that the inputs are same in both scenario.




The generated key should be random.  So unless you seed your PRNG with a 
constant value, you should always generate a different public/private keypair.  
Between OpenSSL versions, the PRNG may have changed, so I would not depend on 
them to output the same value even with the same PRNG seed.

RE: [EXTERNAL] RE: DH_compute_key () - replacement in 3.0

[Sands, Daniel via openssl-users]

We do have generated the key using EVP_PKEY_gen as suggested in earlier emails, 
but since this was a non-ephemeral and we wanted to store the key in "raw" 
octet bytes, so we did extracted the whole DH priv/pub key pair out from the 
key generated via  EVP_PKEY_gen  ( using as suggested… 
EVP_PKEY_get_raw_public_key (pkey, pub, )  )

Now, at a later stage in application we have to compute the Secret key using 
the stored key’s (in above step).
As of now,  these keys are in uchar format, but are converted to BIGNUM and 
given to DH_compute_key as below.

   BIGNUM  *bn_publicKey;
dh->priv_key = BN_bin2bn(privateKey, octet_len, NULL);
bn_publicKey = BN_bin2bn(publicKey, octet_len, NULL);
rv = DH_compute_key(sharedSecret, bn_publicKey, dh);

So in order to keep the existing frame work in place and just replace the 
DH_compute_key, we should be using the  dh->priv_key/ bn_publicKey  to compute 
shared secret key.
So we require to convert the BIGNUM key types to EVP_KEY types to use in 
EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get 
shared secret
Please suggest…

Is it possible to change the format of your raw blob?  If so, you can use 
i2d_PrivateKey or friends to output the entire private key to your raw data 
blob, and use d2i_PrivateKey et al to read it back into a working EVP_PKEY in a 
single call.

Otherwise, one shortcut you can do to avoid all the params work is to create a 
static array since you should already know how many params you need.  But you 
need the public key, the private key, the generator (g), and the prime modulus 
(p).  The following (untested) code ought to work.

OSSL_PARAM params[5];

params[0] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, , 
);
params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_G, );
params[2] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PUB_KEY, , 
);
params[3] = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_PRIV_KEY, , 
);
params[4] = OSSL_PARAM_construct_end();

my_key_ctx = EVP_PKEY_CTX_new_from_name(NULL, “DH”, NULL);
EVP_PKEY_derive_init(my_key_ctx);
EVP_PKEY_CTX_set_params(my_key_ctx, params);
…

RE: DH_compute_key () - replacement in 3.0

[Sands, Daniel via openssl-users]

to exactly replace this we are generating “pubparam_key/priparam_key”  using   
bn_publicKey/dh->priv_key  as below

OSSL_PARAM_BLD *pubparamsbld = NULL, priparamsbld = NULL;
OSSL_PARAM *pubparams = NULL, priparams = NULL;
EVP_PKEY *pubparam_key = NULL, *priparam_key = NULL;
EVP_PKEY_CTX *pubctx = NULL, *prictx = NULL;


pubparamsbld = OSSL_PARAM_BLD_new()
priparamsbld = OSSL_PARAM_BLD_new()

OSSL_PARAM_BLD_push_BN(pubparamsbld, OSSL_PKEY_PARAM_PUB_KEY, bn_publicKey)
OSSL_PARAM_BLD_push_BN(priparamsbld, OSSL_PKEY_PARAM_PRIV_KEY,bn_privateKey)

//build context
pubctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
prictx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);

EVP_PKEY_key_fromdata_init(pubctx)
EVP_PKEY_key_fromdata_init(prictx)

pubparams = OSSL_PARAM_BLD_to_param(pubparamsbld);
EVP_PKEY_fromdata(pubctx, _key, pubparams))

priparams = OSSL_PARAM_BLD_to_param(priparamsbld);
EVP_PKEY_fromdata(prictx, _key, priparams))

From there, we are planning to use EVP_PKEY_derive_init, 
EVP_PKEY_derive_set_peer, and EVP_PKEY_derive to get shared secret




Didn’t you generate the private keys using the EVP_PKEY_gen as was suggested to 
your previous email inquiry?  If so, you shouldn’t have to rebuild it in such a 
way, since you already have a usable PKEY that has the generated keypair.  If 
you created a private keypair called privkey, the public key data can be sent 
to your peer with i2d_PUBKEY_bio(peer_bio, privkey) and received on the peer’s 
side with d2i_PUBKEY_bio(peer_bio, );

Now you just need to build a new context around your private EVP_PKEY using 
derive_ctx = EVP_PKEY_CTX_new(privkey, NULL); and then do the EVP_PKEY_derive 
series of calls.

Your example code does not seem to set the P or G parameters of your keypair, 
so if you must do it that way, you will need to add them too.

RE: DH_generate_key

[Sands, Daniel via openssl-users]

Dear openssl team,

While migrating from 1.0.2 to 3.0,  we found that 
DH_generate_key() has be deprecated. And as per the man page, it is advised to 
use 
EVP_PKEY_derive_init
  & 
EVP_PKEY_derive
our application creates a new DH and using DH_generate_key() creates 
pub_key/priv_key and uses it. how can we replace this exactly with EVP.
And please suggest what EVP API’s should we use to generate pub/priv keys ?

Application code

dh = DH_new();
dh->p = BN_bin2bn(modSize, octet_len, NULL);
dh->g = BN_bin2bn(H235Bits_generator, H235Bits_generator_len / 8, NULL);

if ( ! DH_generate_key(dh) )
{
return FAILURE;
}
n = (unsigned) BN_num_bytes(dh->pub_key);

BN_bn2bin(dh->pub_key, p);
n = (unsigned) BN_num_bytes(dh->priv_key);


Instead above logic can we do this ? is derive generated pub/priv keys ?




The man page in section 7 (EVP_PKEY_DH) has examples for generating using safe 
primes or using probable primes.  Seems better since you don’t have to use the 
BN API anymore, but a little more complicated because you have to call 
OSSL_PARAM_construct_xxx for parameters and assign them to an array.

From there, you can use EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, and 
EVP_PKEY_derive to get your shared secret.  See apps/speed.c in the OSSL3 
source code for an example.  Look for the text EVP_PKEY_DH

RE: [EXTERNAL] How to get all certs into a .der file.

[Sands, Daniel via openssl-users]

According to the documentation, cURL can use p12 files just fine.

curl --cert bob.p12:bobspassword --cert-type p12 https://some.secure.site

Or you can omit the password part and use -key mykey with your password in the 
mykey file, in order to hide the password from PS queries.
From: openssl-users  On Behalf Of paul h. 
roubekas
Sent: Thursday, May 21, 2020 4:54 PM
To: openssl-users@openssl.org
Subject: [EXTERNAL] How to get all certs into a .der file.

I am a complete newbie to this list.
I wanted to search the archive but found no such page.

I have a requirement to convert all certs in a *.p12 file to a *.der file for 
use in the curl command.
The first hop to a *.pem file has all the certs.
But the second hop only has one cert.  The I read the docs but found nothing 
that looked even close.

Hop 1
openssl pkcs12 -chain -in trust.p12 -out ww_temp.pem  -password {redacted}

Hop 2
openssl x509 -outform der -in ww_temp.pem -out ww_temp.der

The Question) How do I get all the certs in the .der file?

Re: [openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath

[Sands, Daniel via openssl-users]

On Sat, 2018-12-01 at 15:53 -0500, Viktor Dukhovni wrote:
> On Sat, Dec 01, 2018 at 07:12:24PM +, Michael Wojcik wrote:
> 
> > > Are there compatibility concerns around changing error message
> > > text for which users may have created regex patterns in scripts?
> > > 
> > > I agree the text could be better, but not sure in what releases
> > > if any to change the text, since the change may cause issues
> > > for some users.
> > 
> > Sure, this is always a concern. Maybe the change could be
> > considered for OpenSSL 3.0, since that's a major release.
> 
> Care to create a PR against the "master" branch?  Something
> along the lines of:
> 
> "Provided chain ends with untrusted self-signed certificate"
> 
> or better.  Here "untrusted" might mean not trusted for the requested
> purpose, but more precise is not always more clear.

Just wondering, is there a different error for an untrusted cross-
signed root?  If it's the same error, then maybe remove "self-signed"
from the above message too, because that would not always be the case
either.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [EXTERNAL] Re: Self-signed error when using SSL_CTX_load_verify_locations CApath

[Sands, Daniel via openssl-users]

On Fri, 2018-11-30 at 23:55 +, Michael Wojcik wrote:
> > "Self-signed certificate in certificate chain" does not to me
> > > convey "No
> > > certificate hash links" (or "CA certificate not found in hash
> > > links").
> > 
> Viktor's points are all good ones, but considering how often this
> particular message causes confusion for users and developers (at
> least in my experience), I wonder whether changing the text to
> "Untrusted self-signed certificate in certificate chain" would help.
> That would suggest to the user that the problem might be an issue
> with the trust store.
> 
My .02:  The message "Self-signed certificate in certificate chain"
does make it sound like OpenSSL rejected the certificate precisely
because it's self signed, and not because it's an untrusted root
certificate.  I would suggest a less misleading reason, at least.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [EXTERNAL] Re: OpenSSL error message when decrypting Ethereum encrypted private key

[Sands, Daniel]

On Sun, 2018-01-14 at 18:26 -0500, Chris B wrote:
Hi Matt,

>If you *are* using 1.1.0 then the default digest was changed between 1.0.2 and 
>1.1.0.
Awesome thought, but I'm also using 1.0.2:

$ openssl version

OpenSSL 1.0.2k-fips  26 Jan 2017

(I also tried adding -md md5 to the previous command, but I got the same error 
message).

Option #1 from the possibilities you mentioned below seems to be the most 
logical to me. If you use the wrong key, the padding data in the last block 
will also be decrypted to the wrong values, so the padding block check will 
fail. The padding is a necessary part of decryption because it needs to know 
how much plaintext is actually represented by that last block.


> I'm not sure how to interpret that output. I could interpret it as:
> o Your system for decrypting the password is perfect, but: this is not
> the right password.
> o There's something wrong with the EPK -- its length must be a multiple
> of the AES block length.
> o There's something wrong with the unencrypted private key -- its length
> must be a multiple of the AES block length.
> o Something else entirely

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [EXTERNAL] Certificate gets verified OK over SSL-CLI, but not when using SSL-API

[Sands, Daniel]

On Fri, 2017-12-22 at 11:14 +0100, Manuel Wagesreither wrote:
> Unfortunately this didn't work either. The end result is the same;
> OpenSSL still emits a "certificate signature failure" with an error
> depth of 0.
> 
In light of what Salz said about verification, could we assume that the
openssl verify program that succeeded is based on the older library?

It could be that your CA cert is missing an extension that OSSL now
checks for, such as (spitballing here) that the certificate is valid
for certificate signing.

You could check by substituting other certificates in your program to
see if the code itself works, and also closely examine your own
certificates to make sure all the requirements are met.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [EXTERNAL] Certificate gets verified OK over SSL-CLI, but not when using SSL-API

[Sands, Daniel]

I'm a fellow SSL-USER and not an expert, but my verification flow goes
as follows:

X509_STORE_CTX_new()
X509_STORE_CTX_init(ctx,NULL,cert,NULL) <-- The certificate to verify
X509_STORE_CTX_trusted_stack(ctx,CACertificateStack) <-- Perhaps this
is the difference?
X509_verify_cert(ctx)


On Thu, 2017-12-21 at 12:42 +0100, Manuel Wagesreither wrote:
> Dear all,
> 
> I'm struggling with programatically verifying a certificate which is
> solely stored in memory, i. e. not on the file system. The
> certificate and the CA seem to be fine though, because when I extract
> them from memory and store them as a file, and use the `openssl
> verify`, verification is successful. Hence I suspect my code is
> faulty.
> 
> Unfortunately, I'm under the impression that validating certificates
> which exist solely in memory is a niche application. I was yet not
> able to find a comprehensive tutorial or even a code sample on the
> internet. Hence, I hope you can help me.
> 
> Below I'm posting my sample code. (I have stripped the certificate
> and CA raw data, tough.) It can be compiled an run under a GNU/Linux
> system.
> When this code is run, OpenSSL emits a "certificate signature
> failure" with an error depth of 0.
> 
> Thanks a lot!
> Manuel
> 
> 
> 
> #include 
> #include 
> #include 
> 
> unsigned char g_authority[] = {   0x30, 0x82, 0x03, 0x00 /* and
> so on */ };
> unsigned char g_cert[] = { 0x30, 0x82, 0x02, 0x9b /* and so on */ };
> 
> int main(int, char**)
> {
>   // This holds the return codes and gets reused for most
> function calls
>   int rc = 0;
> 
>   // Make a new store
>   X509_STORE *x509_store = X509_STORE_new();
>   if (x509_store == NULL) {
>   throw std::runtime_error("X509_STORE_new() failed");
>   }
> 
>   // Load and convert the authoritys certificate to a compatible
> form
>   X509 *auth_cert = NULL;
>   {
>   const unsigned char* auth_cert_ptr = g_authority;
>   auth_cert = d2i_X509(NULL, _cert_ptr,
> sizeof(g_authority));
>   if (auth_cert == nullptr) {
>   throw std::runtime_error("d2i_X509() failed for
> authoritys certificate");
>   }
>   }
> 
>   // Add the authoritys certificate to the store
>   rc = X509_STORE_add_cert(x509_store, auth_cert);
>   if (rc != 1) {
>   throw std::runtime_error("X509_STORE_add_cert()
> failed");
>   }
> 
>   // Make a new store context
>   X509_STORE_CTX *x509_store_ctx = X509_STORE_CTX_new();
>   if (x509_store_ctx == NULL) {
>   throw std::runtime_error("X509_STORE_CTX_new()
> failed");
>   }
> 
>   // Load and convert the certificate to be verified to a
> compatible form
>   X509 *myself = NULL;
>   {
>   const unsigned char *my_cert_ptr = g_cert;
>   myself = d2i_X509(NULL, _cert_ptr, sizeof(g_cert));
>   if (myself == NULL) {
>   throw std::runtime_error("d2i_X509() failed for
> own certificate");
>   }
>   }
> 
>   rc = X509_STORE_CTX_init(x509_store_ctx, x509_store, myself,
> NULL);
>   if (rc != 1) {
>   throw std::runtime_error("X509_STORE_CTX_init()
> failed");
>   }
> 
>   rc = X509_verify_cert(x509_store_ctx);
> 
>   X509_STORE_free(x509_store);
>   X509_STORE_CTX_free(x509_store_ctx);
> 
>   if (rc > 0) {
>   std::cout <<
> X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509_store_ctx
> )) << std::endl;
>   return 0;
>   } else {
>   std::cerr <<
> X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509_store_ctx
> )) << std::endl;
>   std::cerr << "Error depth: " <<
> X509_STORE_CTX_get_error_depth(x509_store_ctx) << std::endl;
>   return 1;
>   }
> }
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [EXTERNAL] How do I connect to this server

[Sands, Daniel]

On Fri, 2017-04-21 at 16:09 -0400, Jeff Archer wrote:
> I have a server that requires that username and password be used as
> https://username:passw...@server.com
> 
> 
> How do I specify this username and password when using SSL_connect()?

You don't.  The username and password are encoded into the request
header just like with HTTP, after the connection and handshake are done.
That's separate from the TLS transport.

You might consider a library like CURL, which handles both the TLS and
the HTTP, if you want to save on devel time.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [EXTERNAL] Re: error making Private RSA

[Sands, Daniel]

First, to get intelligible text errors, replace your initial call with
ERR_load_crypto_strings().  The ERR_load_ERR_strings call doesn't even
seem to be documented, likely because it only loads the strings
associated with the ERR API, and you likely need PEM and BIO error
strings.  When I did this, the error message was "no start line" for
method 1.

Second, it seems to matter whether you use PEM_load_bio_RSA_PUBKEY vs
PEM_load_bio_RSAPublicKey.

Next, CheckKey will likely only work when the private key is also read
in.  Otherwise it segfaults.

As a side note, the [n]curses library would be more portable with
whatever terminal you run the program over.

As for method 4:
d2i_ and i2d_ are for DER formatted buffers.  You're writing out
as PEM format.  You need to read it back in as PEM format, as attempted
in some of the previous methods.  So it makes sense that this method
fails.

On Thu, 2017-03-09 at 15:01 -0800, william estrada wrote:
> I have been tiring to keep my posting to a minim but I am not getting
> across  what I am looking to
> fix.   And I have been getting reports that my source code is not
> viewable.  In my Apache logs I see that some people have be using the
> wrong link, they are tiring to use
> "http://mt-umunhum-wireless.net/mt-umunhum-wireless.net/Sources;
> This is wrong! use:
> "http://mt-umunhum-wireless.net/Sources/rsa;
> or
> "216.173.131.138/Sources/rsa"
> 
> The most recent attempt is the rsapost.c with the output rsapost.txt
> 
> What I am attempting to do is:
> 1) generate a RSA key pair, working but always the same keys.
> 2) remove the public key, working
> 3) create a RSA structure with the public key, 4 methods, all fail.
> 4) use the public key to encrypt a sting, don't get here.
> 5) use the RSA pair to decrypt the string.
> 
> The code is not clean but here it is:
> 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> 
> #define OFF   "\x1B[0;0;0m"
> #define DEFAULT   "\x1B[0;0;0m"
> #define RED   "\x1B[1;31;40m"
> #define BLUE  "\x1B[1;34;40m"
> #define GREEN "\x1B[1;32;40m"
> #define YELLOW"\x1B[1;33;40m"
> #define CLEAR_EOL "\x1B[K"
> 
> void Dump( char *, int );
> typedef unsigned char* UcharP;
> typedef unsigned char  uchar;
> 
> #define Check_Key( Key, Action ) \
>   if( RSA_check_key( Key ) != 1 )  { \
>  printf( RED "%d %s Make Key Failed!\n" OFF, __LINE__, "(Key)" );\
>  printf( RED "%s\n", \
>  ERR_error_string( ERR_get_error(), NULL ) );\
>  Action ;  } \
>   else  {\
> printf( BLUE "%d %s check key good\n" OFF , __LINE__, "Key" );  }
> 
> int main() {  // main()
> 
>   ERR_load_ERR_strings();
> 
>   RSA *My_RSA  = RSA_new();
> 
>   char Str[] = "1234567890";
>   unsigned  char Out[1024];
>   unsigned  char In[ 1024];
>   int   RC, L, RSA_Len;
> 
>   unsigned long Error = ERR_get_error();
>   char  *MSG  = ERR_error_string( Error, NULL);
>   const  char *MSG2   = ERR_reason_error_string( Error );
>   char  *ErrStr[100];
> 
>   BIGNUM *bne = BN_new();
>   BN_set_word( bne, RSA_F4 );
> 
>   RC = RSA_generate_key_ex( My_RSA, 2048, bne, NULL );
>   BN_free( bne );
> 
>   Check_Key( My_RSA, "return 1" );
> 
>   L = strlen( Str );
>   printf ( BLUE "String: %s" OFF, Str );
>   Dump( Str, L );
> 
>   RSA *Pub_RSA = RSA_new();
> 
>   // Extract Key from RSA Key pair
>   BIO * Key_Bio = BIO_new( BIO_s_mem() );
> 
>   RC = PEM_write_bio_RSAPublicKey(  Key_Bio, My_RSA );
> 
>   printf( BLUE  "%d RC: %d\n" OFF, __LINE__ );
> 
>   size_t Key_Len = BIO_pending( Key_Bio   );
>   char  *Key = malloc(  Key_Len + 1   );
>   RC = BIO_read(Key_Bio, Key, Key_Len );
>   Key[ Key_Len ] = '\0';
> 
>   printf( BLUE  "%d RC: %d, Len: %d\n" OFF, __LINE__, RC, Key_Len );
> 
>   // Let's see the data
>   printf( BLUE  "\nKey type %s\n" OFF, "Public" );
>   Dump( (char*) Key, -Key_Len );
> 
>   // Now try to fill in to RSA using the BIO method
>   BIO* bio = BIO_new( BIO_s_mem() );
>bio = BIO_new_mem_buf( (void*)Key, -1 ) ;
> 
>   // Load the RSA key from the BIO
>   printf( "Method 1\n" );
>   RSA* RSA1 = NULL;
>   RSA1 = PEM_read_bio_RSA_PUBKEY( bio, NULL, NULL, NULL ) ;
>   if( !RSA1 )
> printf( RED
>   " ERROR: Could not load PUBLIC KEY!\n"
>   " PEM_read_bio_RSA_PUBKEY FAILED:\n %s\n" OFF,
>   ERR_error_string( ERR_get_error(), NULL ) ) ;
> 
>   else Check_Key( RSA1, ";" );
> 
>   printf( "Method 2\n" );
>   RSA *RSA2 = RSA_new();
>   BIO_new_mem_buf( (void*)Key, -1 ) ;
>   RC = PEM_write_bio_RSA_PUBKEY( bio, RSA2 ) ;
>   if( !RSA2 )
> printf( RED
>   " ERROR: Could not 

Re: [openssl-users] [EXTERNAL] Re: SOLVED --- ASN.1: Parsing a 'context-specific' class (or app/private class)

[Sands, Daniel]

> Well at first sight that looks like an IMPLICIT tag which replaces
> the normal
> tag with the context specific value. It is not possible to determine
> the
> underlying type from the encoding itself as it has been replaced. So
> you need
> the ASN.1 spec to see the appropriate type to use.
> 
> In that particular example it looks like an SHA1 hash (20 bytes long)
> so we
> could use an implicitly tagged OCTET STRING like this:
> 
>   ASN1_IMP(struct_name, field_name, ASN1_OCTET_STRING, 0),

And often, implicit tags are intended for ASN.1 Choice constructs so
that you will know which option of the choice to parse into.

If the OP knew exactly what was being parsed, most likely there's an
RFC that defines the structure exactly, which relieves one of needing
to reverse-engineer it.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [EXTERNAL] imap.gmail.com

[Sands, Daniel]

IMAP is probably based on the Telnet protocol, so the server is
expecting CRLF instead of just CR.  Try running s_client with the -crlf
option.

On Wed, 2015-07-15 at 19:34 +0200, Henrie Cuijpers wrote:
 Hi all,
 
 i try to connect to the gmail imap service, but after the connection has 
 been set up the server responds to nothing. Is there a way to 
 investigate this further?
 
 I use this command line:
 
 openssl s_client -connect imap.gmail.com:993
 
 After connection you should be able to type a command and the server 
 should response with an error or an OK message. On every valid command 
 the server stays sitting there doing nothing but keeping the line up. 
 You only receive a reply when you type a wrong command to start with. 
 After that there is nothing but silence.
 
 
 Example: after connecting type:
 
 A1 LOGIN john...@gmail.com JohnsPassword
 
 This will result in silence
 
 Disconnect with Ctrl-C en reconnect with the same line. Then type
 
 NOTACOMMAND
 
 and you will receive:
 
 * BAD invalid tag SomeRandomNumber
 
 after this you can enter what you want the answer will be: silence...
 
 Please give me a hint how to investigate this further
 
 Kind regards
 Henrie
 ___
 openssl-users mailing list
 To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [EXTERNAL] howto get a .so.X.Y.Z file rather than indivdual .o files in a libSOMETHING.a

[Sands, Daniel]

On Mon, 2014-08-04 at 22:45 +0200, Michael Felt wrote:
And finally - read exactly what is there: -- Dependent module libcrypt.so could 
not be loaded, not as above
0509-150   Dependent module /usr/lib/libssl.a(libssl.so.0.9.8) could 
not be loaded. (libssl.a(member))


The problem there is that libssl depends on libcrypto.  In order to build the 
entire package as archives, you must let openssl build libcrypto.so.0.9.8 or 
whatever you plan to call it, then archive it into libcrypto.a, then when it 
builds libssl.so it will link to the correct member of libcrypto.a   So the 
library build rule should add the ar command to create the .a file, then 
delete the .so file.

Re: [EXTERNAL] howto get a .so.X.Y.Z file rather than indivdual .o files in a libSOMETHING.a

[Sands, Daniel]

To generate a .a of shared objects instead of static objects, really all you do 
is build the shared object(s) and create an archive out of them.  There is no 
special magic about it beyond creating the shared object in the first place.  
When linking a new program to an archive of shared objects, and if you didn't 
specify an import file, AIX will just use the standard static object rules when 
it searches an archive for likely candidates to link in:  First logical member 
of the archive that has the desired symbol will be chosen for inclusion.  The 
difference is that the static linker will see the shared flag and just add 
that member of the archive to the file's dynamic loader table instead of 
statically linking it in.


On Mon, 2014-08-04 at 08:45 +0200, Michael wrote:


Dear all,

I wish I knew better - howto use ld to craft an archive member, but I do
not. (Below was sent to openssl-dev, if it arrived, please ignore for
now - however, once I understand this AND if I figure out a simple
change, I shall submit a patch for future AIX builds.)

===

To be compatible with the standard AIX libraries I would like to learn
howto generate a single
.so file that goes into the .a file.

FYI: AIX supports multiple versions of the ssl libraries using this
convention:

root@x093:[/data/prj/openssl/openssl-0.9.8.27]ar tv /usr/lib/libcrypto.a
| head
rwxr-xr-x 370769/647632 2192276 Nov 09 07:44 2009 libcrypto.so.0.9.8

michael@x054:[/data/prj/apache/httpd/test]ar tv /usr/lib/libcrypto.a
rwxrwxr-x 435159/781431 2965832 May 01 06:57 2014 libcrypto.so.1.0.0
rwxrwxr-x 435159/781431 2253655 May 01 06:58 2014 libcrypto.so.0.9.8

Members are, as expected, object modules
michael@x054:[/data/prj/apache/httpd/test]ar xv /usr/lib/libcrypto.a
x - libcrypto.so.1.0.0
x - libcrypto.so.0.9.8
michael@x054:[/data/prj/apache/httpd/test]file libcrypto*
libcrypto.so.0.9.8: executable (RISC System/6000) or object module not
stripped
libcrypto.so.1.0.0: executable (RISC System/6000) or object module not
stripped

Unfortunately, the archive created by the tarball ./config and make are
individual .o named object modules.

Again, for compatibility I would like to have them contained in a .so

root@x093:[/data/prj/openssl/openssl-0.9.8.27]ar tv libcrypto.a | head
rw-r--r-- 0/0   6346 Aug 03 15:13 2014 cryptlib.o
rw-r--r-- 0/0   8585 Aug 03 15:13 2014 dyn_lck.o
rw-r--r-- 0/0  11602 Aug 03 15:13 2014 mem.o
rw-r--r-- 0/0   1303 Aug 03 15:13 2014 mem_clr.o
rw-r--r-- 0/0  13806 Aug 03 15:13 2014 mem_dbg.o
rw-r--r-- 0/0   2048 Aug 03 15:13 2014 cversion.o
rw-r--r-- 0/0  13170 Aug 03 15:13 2014 ex_data.o
rw-r--r-- 0/0   2443 Aug 03 15:13 2014 tmdiff.o
rw-r--r-- 0/0   1782 Aug 03 15:13 2014 cpt_err.o
rw-r--r-- 0/0630 Aug 03 15:13 2014 ebcdic.o

And applications expect the .so.$version as member name

michael@x054:[/data/prj/apache/httpd/test]dump -H /usr/sbin/sshd

/usr/sbin/sshd:

 ***Loader Section***
   Loader Header Information
VERSION# #SYMtableENT #RELOCentLENidSTR
0x0001   0x0196   0x08cc   0x006f

#IMPfilIDOFFidSTR LENstrTBLOFFstrTBL
0x0006   0x8fc0   0x0dde   0x902f


 ***Import File Strings***
INDEX  PATH  BASEMEMBER
0  /usr/lib:/lib
1libc.a  shr.o
2libcrypto.a libcrypto.so.1.0.0
3libz.a  libz.so.1
4libpam.ashr.o
5libdl.a shr.o

===

I am going to look in the ./config for a shared versus not-shared
flag that I missed on my first attempt. All suggestions welcome!

Thanks for your assistance!

__
OpenSSL Project http://www.openssl.org
User Support Mailing List
openssl-users@openssl.orgmailto:openssl-users@openssl.org
Automated List Manager   
majord...@openssl.orgmailto:majord...@openssl.org

Re: [EXTERNAL] howto get a .so.X.Y.Z file rather than indivdual .o files in a libSOMETHING.a

[Sands, Daniel]

On 8/4/2014 7:06 PM, Sands, Daniel wrote:


 To generate a .a of shared objects instead of static objects, really all you 
 do is build the shared object(s) and create an archive out of them.  There is 
 no special magic about it beyond creating the shared object in the first 
 place.  When linking a new program to an archive of shared objects, and if 
 you didn't specify an import file, AIX will just use the standard static 
 object rules when it searches an archive for likely candidates to link in:  
 First logical member of the archive that has the desired symbol will be 
 chosen for inclusion.  The difference is that the static linker will see the 
 shared flag and just add that member of the archive to the file's dynamic 
 loader table instead of statically linking it in.
On Mon, 2014-08-04 at 23:00 +0200, Michael wrote:

I was - perhaps - not clear enough. Want I want is all the .o files
together in a single file that can be a single member of an archive.
Using the ./config shared got it to make .so files with everything
combined - but not, by default, that the .so files expect dependancies
in another archive(member) search request.


Yes, and you still create the archive version in the same way as if you were 
adding .o files.  Something like:

ar cruv libopenssl.a libopenssl.so.1.0.1 libopenssl.so.0.9.8 ...

That's what I mean that there is no special magic to it.