Re: [openssl-users] d2i_RSAPrivateKey not working on a private key

2015-10-13 Thread Benjamin Kaduk 
Hi Frank,

Thanks for these thoughts.

On 10/13/2015 09:57 PM, Frank Migge wrote:
> Hi David,
>
> I didn't spot the error in your code. But since d2i_RSAPrivateKey()
> fails on the DER data, how about a workaround? If your remaining code
> works fine, you could extract the RSA key from the EVP_PKEY object
> (which you are getting with d2i_PrivateKey), e.g.
>
>RSA *rsakey;
>rsakey = EVP_PKEY_get1_RSA(privkey);  // this reads EVP_PKEY, best
> to test before to ensure it is RSA
>
>if (RSA_check_key(rsakey)) { printf("RSA key is valid.\n"); }
>else { printf("Error validating RSA key.\n"); }
>
>RSA_print_fp(stdout, rsakey, 3);
>...
>
> Alternatively, building a test case around d2i_RSAPrivateKey() to see
> if the DER format is valid, e.g. converting the PEM key into DER using
> the OpenSSL commandline, and binary-compare with the programs DER data.

I worked with David some offline, and it seems that the problematic file
was the DER encoding of a PKCS8_PRIV_KEY_INFO, with the pkey ASN1_ANY
element being an octet string containing the DER encoding of the actual
RSAPrivateKey object (checked using openssl asn1parse).  So it seems
that calling d2i_RSAPrivateKey() on it directly would necessarily fail,
since that ASN.1 decoder has no provision to skip the bits in the PKCS#8
container.

I think we're in agreement that the EVP interfaces are friendlier to
use, at this point, though.

-Ben
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] d2i_RSAPrivateKey not working on a private key

2015-10-13 Thread Frank Migge 

Hi David,

I didn't spot the error in your code. But since d2i_RSAPrivateKey() 
fails on the DER data, how about a workaround? If your remaining code 
works fine, you could extract the RSA key from the EVP_PKEY object 
(which you are getting with d2i_PrivateKey), e.g.


   RSA *rsakey;
   rsakey = EVP_PKEY_get1_RSA(privkey);  // this reads EVP_PKEY, best 
to test before to ensure it is RSA


   if (RSA_check_key(rsakey)) { printf("RSA key is valid.\n"); }
   else { printf("Error validating RSA key.\n"); }

   RSA_print_fp(stdout, rsakey, 3);
   ...

Alternatively, building a test case around d2i_RSAPrivateKey() to see if 
the DER format is valid, e.g. converting the PEM key into DER using the 
OpenSSL commandline, and binary-compare with the programs DER data.


openssl rsa -inform PEM -in test-key.pem -outform DER -out key.bin

Best Wishes,
Frank

David Lobron 
Monday, October 12, 2015 11:34 PM

Thanks very much, Frank. My code reads the PEM file, base64-decodes 
it, and passes the resulting DER value to d2i_RSAPrivateKey. I 
verified that I can extract the private key with d2i_PrivateKey from 
the DER formatted data, and I can call SSL_CTX_use_PrivateKey with it 
on my SSL context without a problem. It's only when I call 
d2i_RSAPrivateKey I encounter a problem. I have included the code 
below, with annotations (it's in Objective-C).


I've got custom classes for X509Certificate and X509PrivateKey. I use 
them like this:


X509Certificate *cert = [X509Certificate 
certificateWithPemEncodedFile:certFile];
X509PrivateKey *privKey = [X509PrivateKey 
privateKeyWithPemEncodedFile:keyFile];

[cert validateWithPrivateKey:privKey];
[privKey validate];

That last call to [privKey validate] is where things fail currently. 
The validateWithPrivateKey method works fine, and it looks like this:


- (void)validateWithPrivateKey:(X509PrivateKey *)key
{
SSL_CTX *sslContext;

[self validate];
sslContext = SSL_CTX_new(TLSv1_server_method());
NS_DURING {
NSData *d = [key der];
const unsigned char *p = (const unsigned char *)[d bytes];
EVP_PKEY *pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, , [d length]);
if (!sslContext)
[NSException raise:X509CertificateExcInternalError 
format:@"SSL_CTX_new failed: %@", sslErrorString()];

if (SSL_CTX_use_certificate(sslContext, _x) != 1)
[NSException raise:X509CertificateExcInvalidCertificate 
format:@"SSL_CTX_use_certificate failed: %@", sslErrorString()];

if (SSL_CTX_use_PrivateKey(sslContext, pkey) != 1)
[NSException raise:X509CertificateExcInvalidPrivateKey 
format:@"SSL_CTX_use_PrivateKey_ASN1 failed: %@", sslErrorString()];

SSL_CTX_free(sslContext);
} NS_HANDLER {
if (sslContext)
SSL_CTX_free(sslContext);
[localException raise];
} NS_ENDHANDLER
}

(That initial call to "self validate" simply validates the cert 
object's SSL_CTX).


I initialize my private key object as follows:

- (id)initWithPemEncodedFile:(NSString *)path
{
NSData *d = nil;
NS_DURING {
NSString *s;
NSArray *inputLines;

// read the file
s = [NSString stringWithContentsOfFile:path];
if (s == nil || [s length] == 0)
[NSException raise:X509CertificateExcParameterError format:@"File %@ 
is empty or cannot be read", path];

inputLines = [s componentsSeparatedByString:@"\n"];
d = [X509Certificate decodePemFragmentFromLines:inputLines 
withBoundaryPhrases:[NSArray arrayWithObjects:@"PRIVATE KEY", @"RSA 
PRIVATE KEY", nil]];

} NS_HANDLER {
[self release];
[localException raise];
} NS_ENDHANDLER
return [self initWithDer:d];

}

The decodePemFragmentFromLines method looks like this:

// Extract part of a PEM-encoded message, base64-decode it, and return 
an NSData object
+ (NSData *)decodePemFragmentFromLines:(NSArray *)inputLines 
withBoundaryPhrases:(NSArray *)boundaryPhrases

{
NSEnumerator *e = [inputLines objectEnumerator];
NSMutableString *b64 = [NSMutableString string];
NSString *s;
NSString *boundaryPhrase = nil;
NSString *startBoundary = nil;
NSString *endBoundary = nil;

while ((s = [e nextObject]) != nil) {
NSEnumerator *e = [boundaryPhrases objectEnumerator];
while ((boundaryPhrase = [e nextObject]) != nil) {
startBoundary = [NSString stringWithFormat:@"-BEGIN %@-", 
boundaryPhrase];

if ([s isEqualToString:startBoundary]) {
endBoundary = [NSString stringWithFormat:@"-END %@-", 
boundaryPhrase];

break;
}
}
if (endBoundary != nil)
break;
}
if (s == nil)
[NSException raise:X509CertificateExcParameterError format:@"Start 
boundary \"%@\" not found", startBoundary];

while ((s = [e nextObject]) != nil) {
if ([s isEqualToString:endBoundary])
break;
[b64 appendString:s];
}
if (s == nil)
[NSException raise:X509CertificateExcParameterError format:@"End 
boundary \"%@\" not found", endBoundary];

return base64Decode(b64);
}

The initWithDer method is simply:

- (id)initWithDer:(NSData *)der
{
if ((self = [super init]) != nil) {
_der = [der copy];
}
return self;
}

All of the above works as expected, but when I call d2i_RSAPrivateKey 
on the _der object, it fails. Here is the

Re: [openssl-users] d2i_RSAPrivateKey not working on a private key

2015-10-09 Thread Frank Migge 

Hi David,

Your attached sample certificate and private key (1024 bit RSA) works fine.
I am reading it with PEM_read_PrivateKey( fp, , NULL, NULL), and also
PEM_read_bio_PrivateKey(pkeybio, NULL, 0, NULL) works.

If you could post the code or code fragment that creates the problem?
d2i_RSAPrivateKey() is not reading PEM, just making sure...

Best wishes,
Frank Migge



David Lobron 
Saturday, October 10, 2015 12:33 AM
Hello openssl people,

I am trying to read a private key of a certificate into memory using 
d2i_RSAPrivateKey. I'm able to read the certificate without a problem, 
but when I pass the private key to d2i_RSAPrivateKey, it fails to 
parse. I do not see an error message or errno being set - 
d2i_RSAPrivateKey simply returns NULL. I've generated a self-signed 
cert which reproduces the problem, and I've attached it to this 
message (this is a throwaway cert, not in use for anything, so I'm 
knowingly sending the private key). The command I used to generate 
this cert and its key was:


openssl req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -days 
36500 -nodes -outform PEM


I have another cert where the private key *is* parseable by 
d2i_RSAPrivateKey. I printed out both certs from the command line, and 
compared them. They appear almost identical. The only difference I see 
is that when I print the attached unparseable cert, the Signature 
Algorithm section has 8 lines of hex. In the parseable cert, I see 15 
lines of hex. Both certs use sha1WithRSAEncryption as the algorithm, 
with 1024 bits.


Can anyone help me understand why the private key in the attached cert 
is not readable by d2i_RSAPrivateKey? I'm running these tests on a 
Mac, but the same thing happens on Ubuntu Linux.


Thank you,

David

Printout of the attached cert, which fails to parse with 
d2i_RSAPrivateKey:


MacBook-Air:self_signed dlobron$ openssl x509 -in cert.1024.combined 
-text -noout

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17702003413458844255 (0xf5aa2650b7f77a5f)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, 
OU=KMI, 
CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlob...@akamai.com

Validity
Not Before: Oct 8 15:47:30 2015 GMT
Not After : Jan 16 15:47:30 2016 GMT
Subject: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, 
OU=KMI, 
CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlob...@akamai.com

Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c2:33:df:d8:cb:c9:6e:a4:98:f0:b7:b1:06:51:
77:f8:6c:36:4b:f3:ab:fc:09:ab:98:13:d5:0a:03:
63:31:c4:ce:6f:02:12:b5:c4:4c:83:17:39:c2:b8:
27:89:a5:80:56:36:72:19:8b:9a:dd:e5:e2:22:60:
53:96:f9:4d:c0:f1:c6:06:5f:1b:95:de:b7:8e:d2:
ef:e8:ff:84:81:73:45:c9:a5:52:6d:af:8e:6a:16:
bf:23:97:66:5e:d8:1f:0e:e9:1b:d3:03:e3:cd:4c:
02:2f:68:f0:a5:70:a3:90:f5:19:8d:f5:6b:d1:87:
e7:82:39:f9:09:1b:ee:56:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5
X509v3 Authority Key Identifier:
keyid:2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5

X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
5d:5c:c0:10:c3:60:10:c5:d4:30:cf:90:41:32:d9:73:1f:03:
66:a5:3b:ca:e2:99:2f:89:10:0e:4d:d6:b3:1d:97:ae:0a:54:
46:0b:a8:51:02:97:c6:41:32:16:db:7c:77:28:e8:df:73:70:
a0:01:73:b6:84:90:b5:a8:b7:54:53:7d:a9:cd:81:33:35:6d:
58:5e:ba:e2:7d:34:7a:32:c9:fd:4f:07:18:75:a7:53:3d:61:
1b:98:7a:e6:92:5b:74:39:e1:ab:b2:6a:51:4a:56:c5:99:1e:
d7:7a:7a:b6:32:e8:ca:f2:33:bc:3f:d5:3c:3f:87:2a:9f:ab:
37:c8


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
Sent with Postbox 
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] d2i_RSAPrivateKey not working on a private key

2015-10-09 Thread David Lobron 
Hello openssl people,

I am trying to read a private key of a certificate into memory using 
d2i_RSAPrivateKey.  I'm able to read the certificate without a problem, but 
when I pass the private key to d2i_RSAPrivateKey, it fails to parse.  I do not 
see an error message or errno being set - d2i_RSAPrivateKey simply returns 
NULL.  I've generated a self-signed cert which reproduces the problem, and I've 
attached it to this message (this is a throwaway cert, not in use for anything, 
so I'm knowingly sending the private key).  The command I used to generate this 
cert and its key was:

openssl req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -days 36500 
-nodes -outform PEM

I have another cert where the private key *is* parseable by d2i_RSAPrivateKey.  
I printed out both certs from the command line, and compared them.  They appear 
almost identical.  The only difference I see is that when I print the attached 
unparseable cert, the Signature Algorithm section has 8 lines of hex.  In the 
parseable cert, I see 15 lines of hex.  Both certs use sha1WithRSAEncryption as 
the algorithm, with 1024 bits.

Can anyone help me understand why the private key in the attached cert is not 
readable by d2i_RSAPrivateKey?  I'm running these tests on a Mac, but the same 
thing happens on Ubuntu Linux.

Thank you,

David

Printout of the attached cert, which fails to parse with d2i_RSAPrivateKey:

MacBook-Air:self_signed dlobron$ openssl x509 -in cert.1024.combined -text 
-noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 17702003413458844255 (0xf5aa2650b7f77a5f)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, 
OU=KMI, 
CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlob...@akamai.com
Validity
Not Before: Oct  8 15:47:30 2015 GMT
Not After : Jan 16 15:47:30 2016 GMT
Subject: C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, 
OU=KMI, 
CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlob...@akamai.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c2:33:df:d8:cb:c9:6e:a4:98:f0:b7:b1:06:51:
77:f8:6c:36:4b:f3:ab:fc:09:ab:98:13:d5:0a:03:
63:31:c4:ce:6f:02:12:b5:c4:4c:83:17:39:c2:b8:
27:89:a5:80:56:36:72:19:8b:9a:dd:e5:e2:22:60:
53:96:f9:4d:c0:f1:c6:06:5f:1b:95:de:b7:8e:d2:
ef:e8:ff:84:81:73:45:c9:a5:52:6d:af:8e:6a:16:
bf:23:97:66:5e:d8:1f:0e:e9:1b:d3:03:e3:cd:4c:
02:2f:68:f0:a5:70:a3:90:f5:19:8d:f5:6b:d1:87:
e7:82:39:f9:09:1b:ee:56:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier: 
2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5
X509v3 Authority Key Identifier: 

keyid:2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5

X509v3 Basic Constraints: 
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
 5d:5c:c0:10:c3:60:10:c5:d4:30:cf:90:41:32:d9:73:1f:03:
 66:a5:3b:ca:e2:99:2f:89:10:0e:4d:d6:b3:1d:97:ae:0a:54:
 46:0b:a8:51:02:97:c6:41:32:16:db:7c:77:28:e8:df:73:70:
 a0:01:73:b6:84:90:b5:a8:b7:54:53:7d:a9:cd:81:33:35:6d:
 58:5e:ba:e2:7d:34:7a:32:c9:fd:4f:07:18:75:a7:53:3d:61:
 1b:98:7a:e6:92:5b:74:39:e1:ab:b2:6a:51:4a:56:c5:99:1e:
 d7:7a:7a:b6:32:e8:ca:f2:33:bc:3f:d5:3c:3f:87:2a:9f:ab:
 37:c8




cert.1024.combined
Description: Binary data


smime.p7s
Description: S/MIME cryptographic signature
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users