Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Ken Goldman 

On 1/13/2017 2:02 PM, Viktor Dukhovni wrote:

parameter setting error
139854491113288:error:06089094:digital envelope
routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:


In that case, your OpenSSL library is broken, or was built without
EC support.  Perhaps you're running the wrong openssl(1) binary.


Perhaps++.  The command ran on a 1.0.2 platform.


EC key creation is supported in 1.0.2:


openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

The C API's seem to support EC.  Perhaps the openssl binary does not?

RHEL 6.7 is still at 1.0.1.

Can I create the key and certificates on the 1.0.2 platform and use them 
with the C API on 1.0.1?





--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Viktor Dukhovni 
On Fri, Jan 13, 2017 at 03:26:08PM -0500, Ken Goldman wrote:

> On 1/13/2017 2:02 PM, Viktor Dukhovni wrote:
> > > parameter setting error
> > > 139854491113288:error:06089094:digital envelope
> > > routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:
> > 
> > In that case, your OpenSSL library is broken, or was built without
> > EC support.  Perhaps you're running the wrong openssl(1) binary.
> 
> Perhaps++.  The command ran on a 1.0.2 platform.
> 
> > EC key creation is supported in 1.0.2:
> 
> openssl version
> OpenSSL 1.0.1e-fips 11 Feb 2013
> 
> The C API's seem to support EC.  Perhaps the openssl binary does not?
> 
> RHEL 6.7 is still at 1.0.1.
> 
> Can I create the key and certificates on the 1.0.2 platform and use them
> with the C API on 1.0.1?

RedHat has in various past releases deliberately disabled EC support.
More recently they've enabled just the NIST P-256,384,521 curves.

So your software may be neutered by the vendor, however, you seem
to be using 1.0.1, while I was testing 1.0.2.

With 1.0.1 I get:

$ openssl version -a; openssl genpkey -out cakeyecc.pem -outform PEM -pass 
pass: -aes256 -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt 
ec_param_enc:named_curve -text; cat cakeyecc.pem
OpenSSL 1.0.1v-dev  xx XXX 
built on: Fri Jan 13 15:35:13 2017
platform: darwin64-x86_64-cc
options:  bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) idea(int) 
blowfish(idx) 
compiler: cc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT 
-DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/Volumes/gitvol/viktor/ssl/OpenSSL_1_0_1/ssl"
parameter setting error
140735936984072:error:06089094:digital envelope 
routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:394:
cat: cakeyecc.pem: No such file or directory

With 1.0.1, EC support in genpkey(1) is incomplete.  To encrypt
use a pipeline:

$ openssl ecparam -name prime256v1 -genkey -noout | openssl pkey -aes256 
-text
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-BEGIN ENCRYPTED PRIVATE KEY-
MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAiDn5ZQFVqU2wICCAAw
HQYJYIZIAWUDBAEqBBBMxK5x8CNp29AxpTpdjjZzBIGQFcjJotTUgue5zv1ZUiJE
Fmp3LFInp0+mJmiSMM/WZUM2aALAG3xikB5xn0ENmtluiLVM+Osa5PZVj5WAisgN
DBmHRYqFoxOQPc9L8DN8dr0PDM/d7KZe3Vr4FAlkG86R/aFOOn8yBX2DepDDmvuc
aYn6abZZWe9uISi+Gk0r3Hna6cKz0K5M6ecGim6oBRg2
-END ENCRYPTED PRIVATE KEY-
Private-Key: (256 bit)
priv:
00:fc:ee:5b:91:0d:7b:11:c1:a3:6b:b6:45:e3:88:
12:80:08:27:77:1b:3c:ad:59:4f:cd:10:42:f7:6e:
53:4a:e9
pub: 
04:82:74:1c:da:70:65:e0:2d:3f:3b:8b:e4:10:e1:
b0:60:b0:f8:59:9a:99:7d:a7:70:52:13:be:02:8d:
c4:a0:56:9b:7f:79:ae:b8:ca:61:52:8c:74:06:59:
72:10:77:6e:53:62:df:47:ef:af:64:47:97:73:cb:
a6:f0:eb:a2:24
ASN1 OID: prime256v1

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] troubleshooting a puzzling issue

2017-01-13 Thread Richard Levitte 
In message <8df59ee9-2677-47d3-b9f6-69904b3ea...@inria.fr> on Fri, 13 Jan 2017 
16:46:59 +0100, Thierry Parmentelat  said:

thierry.parmentelat> so I do see md5 in the list of digests

Ok

thierry.parmentelat> 
thierry.parmentelat> what else should I be looking at ? 
thierry.parmentelat> is there a way to get some sort of error code or something 
that would at least hint at a direction..

I found that M2Crypto has an Err package, so add this to your script:

if v <= 0:
print(M2Crypto.Err.get_error());
else:
print("v = {}".format(v))

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Viktor Dukhovni 
On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote:

> Easier to read the documentation and use the appropriate value.

https://www.openssl.org/docs/man1.1.0/apps/genpkey.html

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Ken Goldman 

Thanks for the help.  Am I getting closer?

On 1/13/2017 9:44 AM, Viktor Dukhovni wrote:

Also, take a look at test/certs/mkcert.sh:


I looked at that, but what is $bits?


The curve name.

You're sure fond of leaving off the leading "-" in option names.
You'll also really want the "ec_param_enc" option when you get
the rest of the syntax right.


OK, sorry, hyphen-o-phobia.

I gather now that there are two -pkeyopt:

ec_paramgen_curve
ec_param_enc

I tried prime256v1 for each, and also named_curve and explicit
for the second, in many combinations.

It's also not 100% clear whether I specify -pkeyopt each time, or once 
and then pairs of opt:value.


In all combinations, I now get:

openssl genpkey -out cakeyecc.pem -outform pem -pass pass: -aes256 
-algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 
ec_param_enc:explicit -text


parameter setting error
140171547424584:error:06089094:digital envelope 
routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:





--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Viktor Dukhovni 
On Fri, Jan 13, 2017 at 01:06:10PM -0500, Ken Goldman wrote:

> I gather now that there are two -pkeyopt:

Yes.

> ec_paramgen_curve
> ec_param_enc
> 
> I tried prime256v1 for each, and also named_curve and explicit
> for the second, in many combinations.

Easier to read the documentation and use the appropriate value.

> It's also not 100% clear whether I specify -pkeyopt each time, or once and
> then pairs of opt:value.

Each time.

> In all combinations, I now get:
> 
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass: -aes256
> -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 ec_param_enc:explicit
> -text

The explicit "-outform PEM" argument is not needed, but harmless:

$ openssl genpkey -out cakeyecc.pem -outform PEM -pass pass: \
   -aes256 -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 \
-pkeyopt ec_param_enc:named_curve -text

$ cat cakeyecc.pem
-BEGIN ENCRYPTED PRIVATE KEY-
MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAhn8FHW0643QQICCAAw
HQYJYIZIAWUDBAEqBBCtTYP4h4/2PTEfN1fVJnpHBIGQ3RHX/KUQwncg9MK5aF7H
p0qQplxOKtfCOYp0iqx15IQCEv5N4SXIIKnRjvaKPHgFQN0d8x1Et0pBOaYLqIre
zwch3VGRvvHH//qhXiYGay9xzZXraGwFFatNt9R8gyBKR7zMn/BQVWUtA8woCB//
D/R9GGYJVr3afeay4Vr4U/kHtRUkTrkGZxRZvM2EIAsr
-END ENCRYPTED PRIVATE KEY-
Private-Key: (256 bit)
priv:
39:32:f7:c6:cf:fa:57:7f:9f:b0:d7:87:92:c0:93:
36:33:9e:19:75:0c:58:f7:a0:ec:29:01:1f:c2:17:
6a:9f
pub:
04:a2:2a:47:02:a3:ed:6c:e0:af:85:9f:f3:9e:f9:
e7:e4:19:5a:49:05:09:2e:1e:40:d8:89:88:5a:2c:
fc:dc:59:5b:27:9f:9d:00:78:d7:3d:16:68:b9:81:
42:db:db:02:98:42:08:d9:2f:6f:e5:1d:a4:70:4f:
1a:4e:2b:69:2f
ASN1 OID: prime256v1
NIST CURVE: P-256

As you can see the combination of "-aes256" and "-text" is unwise.
The "-text" form is not encrypted.

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Ken Goldman 

On 1/13/2017 1:21 PM, Viktor Dukhovni wrote:

On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote:


Still no success.  I think this is exactly what you suggested, and 
something I had already tried.


openssl genpkey -out cakeyecc.pem -outform PEM -pass pass: -aes256 
-algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt 
ec_param_enc:named_curve -text


parameter setting error
139854491113288:error:06089094:digital envelope 
routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:



Easier to read the documentation and use the appropriate value.


https://www.openssl.org/docs/man1.1.0/apps/genpkey.html


Yikes.  That's not in the  1.0.2 documentation at

https://www.openssl.org/docs/man1.0.2/apps/genpkey.html

Could it be that 1.0.2 doesn't support creation of EC keys?

Or, if the syntax is different, where can I find it?


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Viktor Dukhovni 
On Fri, Jan 13, 2017 at 01:49:14PM -0500, Ken Goldman wrote:

> On 1/13/2017 1:21 PM, Viktor Dukhovni wrote:
> > On Fri, Jan 13, 2017 at 06:18:51PM +, Viktor Dukhovni wrote:
> 
> Still no success.  I think this is exactly what you suggested, and something
> I had already tried.
> 
> openssl genpkey -out cakeyecc.pem -outform PEM -pass pass: -aes256
> -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt
> ec_param_enc:named_curve -text
> 
> parameter setting error
> 139854491113288:error:06089094:digital envelope
> routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:404:

In that case, your OpenSSL library is broken, or was built without
EC support.  Perhaps you're running the wrong openssl(1) binary.

> https://www.openssl.org/docs/man1.0.2/apps/genpkey.html
> 
> Could it be that 1.0.2 doesn't support creation of EC keys?

EC key creation is supported in 1.0.2:

$ openssl version -a; openssl genpkey -out cakeyecc.pem -outform PEM -pass 
pass: -aes256 -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt 
ec_param_enc:named_curve -text; cat cakeyecc.pem
OpenSSL 1.0.2j  26 Sep 2016
built on: reproducible build, date unspecified
platform: NetBSD-x86_64
options:  bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) blowfish(ptr2)
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS 
-DDSO_DLFCN -DHAVE_DLFCN_H
-O2 -I/usr/include -Wa,--noexecstack -DTERMIOS -DL_ENDIAN -DMD32_REG_T=int 
-O2 -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m 
-DRC4_ASM -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM 
-DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/pkg/etc/openssl"
-BEGIN ENCRYPTED PRIVATE KEY-
MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAj2P6Eun6xu+QICCAAw
HQYJYIZIAWUDBAEqBBCLkrjwPqdzyGUnq+FZmAXKBIGQYc6Ug3yc5JbhkUmNmtPm
8An/0hE1ErvedRQFk0yyfUTiX/cHcuTkm5S5ZJlE4jtDJRidc3TxX59yTa6blZbp
EilWzrACBO0POWeUsN0SnYAwHfaQ7dRKfoK0xmZJMRclzd9C62f64e/0Q2v1xdvj
oMyg7aiK2fa1DdXdkDeB0j3Cnpo4x24ZY1De870LOkd/
-END ENCRYPTED PRIVATE KEY-
Private-Key: (256 bit)
priv:
63:c2:97:81:a3:bc:4f:10:cc:ca:68:70:bf:a3:fa:
da:e3:fd:7d:d2:9f:88:b9:4b:bf:11:ac:4b:9c:b5:
d4:c2
pub:
04:96:5d:78:a2:7b:60:b3:9c:67:7d:d7:19:68:4e:
4e:7b:a4:75:46:31:b1:f6:76:28:86:fe:9a:56:9c:
bc:3c:4b:37:0b:3b:0c:24:ed:2b:d1:8f:85:92:0f:
6e:48:9d:49:2c:7b:e7:7c:df:94:8a:9d:4b:f8:bc:
25:82:cb:50:22
ASN1 OID: prime256v1
NIST CURVE: P-256

The documentation of genpkey(1) was improved in 1.1.0, perhaps some
of the improvements should be backported. Pull requests welcome.

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Ken Goldman 

Thanks, getting closer ...

On 1/12/2017 5:47 PM, Viktor Dukhovni wrote:

My latest attempt is this.  It gives me a usage error.  Any hints?

openssl genpkey -out cakeyecc.pem -outform pem  -pass pass: aes-256-cbc 
-algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text


The "aes-256-cbc" argument is wrong.  Try "-aes256".


BTW, I got aes-256-cbc from

https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations

and > openssl list-cipher-commands



Also, take a look at test/certs/mkcert.sh:


I looked at that, but what is $bits?

I got prime256v1, the curve I want, from

openssl ecparam -list_curves

My next tries:

openssl genpkey -out cakeyecc.pem -outform pem -pass pass: -aes256 
-algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text


openssl genpkey -out cakeyecc.pem -outform pem -pass pass: -aes256 
-algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt 
ec_param_enc:named_curve -text


openssl genpkey -out cakeyecc.pem -outform pem -pass pass: -aes256 
-algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt 
ec_param_enc:explicit -text


I get:

Error generating key
140529942484808:error:100C708B:elliptic curve routines:PKEY_EC_KEYGEN:no 
parameters set:ec_pmeth.c:294:


It's probably this LOC, but what am I missing?

if (ctx->pkey == NULL && dctx->gen_group == NULL) {
ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
return 0;
}


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Matt Caswell 


On 13/01/17 14:32, Ken Goldman wrote:
> Thanks, getting closer ...
> 
> On 1/12/2017 5:47 PM, Viktor Dukhovni wrote:
>>> My latest attempt is this.  It gives me a usage error.  Any hints?
>>>
>>> openssl genpkey -out cakeyecc.pem -outform pem  -pass pass:
>>> aes-256-cbc -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text
>>
>> The "aes-256-cbc" argument is wrong.  Try "-aes256".
> 
> BTW, I got aes-256-cbc from
> 
> https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
> 
> and > openssl list-cipher-commands
> 
>>
>> Also, take a look at test/certs/mkcert.sh:
> 
> I looked at that, but what is $bits?
> 
> I got prime256v1, the curve I want, from
> 
> openssl ecparam -list_curves
> 
> My next tries:
> 
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass: -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text

Try it with a "-" in front of "pkeyopt"!!!

Matt



> 
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass: -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
> ec_param_enc:named_curve -text
> 
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass: -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
> ec_param_enc:explicit -text
> 
> I get:
> 
> Error generating key
> 140529942484808:error:100C708B:elliptic curve routines:PKEY_EC_KEYGEN:no
> parameters set:ec_pmeth.c:294:
> 
> It's probably this LOC, but what am I missing?
> 
> if (ctx->pkey == NULL && dctx->gen_group == NULL) {
> ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
> return 0;
> }
> 
> 
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] troubleshooting a puzzling issue

2017-01-13 Thread Viktor Dukhovni 

> On Jan 13, 2017, at 5:28 AM, Thierry Parmentelat 
>  wrote:
> 
> I have two certificates, one being signed by the other
> the attached code is a python code that uses M2Crypto to check for that fact

Your current problem is failure to post the two certificates along with
the anecdotal description.  You're also not reporting which versions of
the various O/S distributions you were using, and more importantly which
versions of OpenSSL were linked into Python's M2Crypto.

Real answers require real data.

-- 
-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generate ECC key with password protection

2017-01-13 Thread Viktor Dukhovni 
On Fri, Jan 13, 2017 at 09:32:01AM -0500, Ken Goldman wrote:

> > The "aes-256-cbc" argument is wrong.  Try "-aes256".
> 
> BTW, I got aes-256-cbc from
> 
> https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
> 
> and > openssl list-cipher-commands

When cipher names are used as options, they need a leading "-".

> > Also, take a look at test/certs/mkcert.sh:
> 
> I looked at that, but what is $bits?

The curve name.

> openssl genpkey -out cakeyecc.pem -outform pem -pass pass: -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text

You're sure fond of leaving off the leading "-" in option names.
You'll also really want the "ec_param_enc" option when you get
the rest of the syntax right.

> openssl genpkey -out cakeyecc.pem -outform pem -pass pass: -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
> ec_param_enc:named_curve -text

So this one is much closer, but now has two missing "-"s in "pkeyopt".

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] troubleshooting a puzzling issue

2017-01-13 Thread Thierry Parmentelat 
Hey


I am facing a problem that I have narrowed down to this:

I have two certificates, one being signed by the other
the attached code is a python code that uses M2Crypto to check for that fact

and it turns out, on some boxes x509_verify() returns 1 as expected, while on 
some others I am getting -1


---
I apologize that I am not able to write a pure C code that would reproduce the 
issue (I’m afraid that me trying to achieve that would just lead to more 
artificial problems than be actually helpful in any way :)

the m2crypto guys tell me they are essentially just passing stuff along to 
openssl’s function
X509_verify
as described here
https://www.openssl.org/docs/man1.1.0/crypto/X509_verify.html

---
and this says, I quote:

X509_verify(), X509_REQ_verify() and X509_CRL_verify() return 1 if the 
signature is valid and 0 if the signature check fails. If the signature could 
not be checked at all because it was invalid or some other error occurred then 
-1 is returned.


So my question here is, how do I go about figuring out what ‘some other error’ 
might be in my case ?

I was wondering, for example, if it could just be a missing library or 
something along this line, as my understanding is that the range of algorithms, 
ciphers, and other hashes can be configured at build-time
what tools can I use to look in this direction ?

---
So far it looks like the problems happens on fedora installations, while the 
code behaves as expected on macos and ubuntus
I have not yet been able to assess that on a wide variety of installations yet


Thanks for any hint 




#!/usr/bin/env python

import M2Crypto

p1 = """-BEGIN CERTIFICATE-
MIICOjCCAaOgAwIBAgIBAzANBgkqhkiG9w0BAQQFADAXMRUwEwYDVQQDEwxvbmVs
YWIuaW5yaWEwHhcNMTQwODE4MTMzMDQ5WhcNMTkwODE3MTMzMDQ5WjArMSkwJwYD
VQQDFCBvbmVsYWIuaW5yaWEudGhpZXJyeV9wYXJtZW50ZWxhdDCBnTANBgkqhkiG
9w0BAQEFAAOBiwAwgYcCgYEAqK1lKNf61lAGYAXzG6xKnFQkfv3ViG0GP2Krp1zD
7d/93IkmsXVEjLfGhEJQjRjzRc9/gFdATP703cDzp4Ag2eR2wdQz0e6SXOBd2sLu
W3LqTwor1XMmp5f0QCOg5OSKXwozE3Tlt0+ewBNvAE8HWwZFjou5CFnrFMVZPjqf
hpUCASOjgYMwgYAwDAYDVR0TAQH/BAIwADBwBgNVHREEaTBnhjZ1cm46cHVibGlj
aWQ6SUROK29uZWxhYjppbnJpYSt1c2VyK3RoaWVycnlfcGFybWVudGVsYXSGLXVy
bjp1dWlkOjhlZTVhYWJlLTVhMTYtNGFjNS1hMThmLTdjYTE0NWFmMjg1YTANBgkq
hkiG9w0BAQQFAAOBgQCcjZnVO9vXmX/4a0kY34g87rxsk/9zOV7LqmSoCd66Qf5y
mRIJ/WCpCKJHQA2PU/LWBGS+Iv/E2z3cYrah02TkCGYB7Nzps5n40jQVI93UC4k7
uN73t6fwXwzM6i238LfbQUpTmqOL022mw06jbNhDl2ohhiXVKoCCQMG+7EyQjg==
-END CERTIFICATE-
"""

p2 = """-BEGIN CERTIFICATE-
MIICFzCCAYCgAwIBAgIBAzANBgkqhkiG9w0BAQQFADARMQ8wDQYDVQQDEwZvbmVs
YWIwHhcNMTMxMjIzMTUwMDE0WhcNMTgxMjIyMTUwMDE0WjAXMRUwEwYDVQQDEwxv
bmVsYWIuaW5yaWEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7irzhKl2iR
hRcO88n+R88zqdPKUNGKTcKErKpb8XNb5legIXAPKQvrB5dANuz02ptBs1FHeCqF
S+D6kond4F9DZrQm6Z2RRZltZfOs78JtY56KvjYkbnKfBkgmQLIDDLTrZV6xBt33
lblKwvzXCuQA5qP7Vu+Jvqyf5Oxo1MQFAgMBAAGjeTB3MA8GA1UdEwEB/wQFMAMB
Af8wZAYDVR0RBF0wW4YqdXJuOnB1YmxpY2lkOklETitvbmVsYWI6aW5yaWErYXV0
aG9yaXR5K3Nhhi11cm46dXVpZDozNzgzNzdlZi0wMGFlLTQ0N2YtOGZkOC0xZTNm
ZWJjNmQ5NzkwDQYJKoZIhvcNAQEEBQADgYEANuSaNpw3Z/+01bZPi7V9YFzyetUk
wj+aX0oj5xqECryLwemSc386caYxoNLxRiJinh1rfls45G1Nsm7lKHQTheWK55vC
sqHK3lDFu4m9LqnHct1bOO/tx3lNxR4PrcoiMWBUhHCzjOx6xKI1llbDP7G4Y76o
gHZYoVJPwm30wuE=
-END CERTIFICATE-
"""


c1 = M2Crypto.X509.load_cert_string(p1)
c2 = M2Crypto.X509.load_cert_string(p2)
k2 = c2.get_pubkey()
v = c1.verify(k2)

print("v = {}".format(v))





-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] troubleshooting a puzzling issue

2017-01-13 Thread Thierry Parmentelat 
Thanks Viktor for your feedback


Well, the 2 certificates are embedded in the python code as PEM; I am attaching 
them again here as plain files if that helps



p1
Description: Binary data


p2
Description: Binary data



In terms of versioning, on one box that exhibits the issue of returning -1, I 
have this:

# cat /etc/fedora-release
Fedora release 24 (Twenty Four)

both openssl and m2crypto installed from fedora’s stock repos:

# rpm -q m2crypto openssl-libs
m2crypto-0.23.0-2.fc24.x86_64
openssl-libs-1.0.2j-3.fc24.x86_64

# uname -a
Linux r2labsfa.pl.sophia.inria.fr 4.8.15-300.fc25.x86_64 #1 SMP Thu Dec 15 
23:10:23 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux


I hope it clarifies — thanks for looking into this — Thierry


> On 13 Jan 2017, at 15:26, Viktor Dukhovni  wrote:
> 
> 
>> On Jan 13, 2017, at 5:28 AM, Thierry Parmentelat 
>>  wrote:
>> 
>> I have two certificates, one being signed by the other
>> the attached code is a python code that uses M2Crypto to check for that fact
> 
> Your current problem is failure to post the two certificates along with
> the anecdotal description.  You're also not reporting which versions of
> the various O/S distributions you were using, and more importantly which
> versions of OpenSSL were linked into Python's M2Crypto.
> 
> Real answers require real data.
> 
> -- 
> -- 
>   Viktor.
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] troubleshooting a puzzling issue

2017-01-13 Thread Thierry Parmentelat 
Hey Richard

here’s what I see

# openssl help
openssl:Error: 'help' is an invalid command.

Standard commands
asn1parse caciphers   cms
crl   crl2pkcs7 dgst  dh
dhparam   dsa   dsaparam  ec
ecparam   enc   engineerrstr
gendh gendsagenpkey   genrsa
nseq  ocsp  passwdpkcs12
pkcs7 pkcs8 pkey  pkeyparam
pkeyutl   prime rand  req
rsa   rsautls_client  s_server
s_timesess_id   smime speed
spkac tsverifyversion
x509

Message Digest commands (see the `dgst' command for more details)
md2   md4   md5   rmd160
sha   sha1

Cipher commands (see the `enc' command for more details)
aes-128-cbc   aes-128-ecb   aes-192-cbc   aes-192-ecb
aes-256-cbc   aes-256-ecb   base64bf
bf-cbcbf-cfbbf-ecbbf-ofb
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb
camellia-256-cbc  camellia-256-ecb  cast  cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des   des-cbc   des-cfb   des-ecb
des-ede   des-ede-cbc   des-ede-cfb   des-ede-ofb
des-ede3  des-ede3-cbc  des-ede3-cfb  des-ede3-ofb
des-ofb   des3  desx  idea
idea-cbc  idea-cfb  idea-ecb  idea-ofb
rc2   rc2-40-cbcrc2-64-cbcrc2-cbc
rc2-cfb   rc2-ecb   rc2-ofb   rc4
rc4-40rc5   rc5-cbc   rc5-cfb
rc5-ecb   rc5-ofb   seed  seed-cbc
seed-cfb  seed-ecb  seed-ofb  zlib


so I do see md5 in the list of digests

what else should I be looking at ? 
is there a way to get some sort of error code or something that would at least 
hint at a direction..

thanks — Thierry

> On 13 Jan 2017, at 16:37, Richard Levitte  wrote:
> 
> In message <41a36a7f-ff5d-4190-9178-e9ff11aff...@inria.fr> on Fri, 13 Jan 
> 2017 11:28:40 +0100, Thierry Parmentelat  said:
> 
> thierry.parmentelat> I am facing a problem that I have narrowed down to this:
> thierry.parmentelat> 
> thierry.parmentelat> I have two certificates, one being signed by the other
> thierry.parmentelat> the attached code is a python code that uses M2Crypto to 
> check for that fact
> thierry.parmentelat> 
> thierry.parmentelat> and it turns out, on some boxes x509_verify() returns 1 
> as expected, while on some others I am getting -1
> thierry.parmentelat> 
> thierry.parmentelat> 
> thierry.parmentelat> ---
> thierry.parmentelat> I apologize that I am not able to write a pure C code 
> that would reproduce the issue (I’m afraid that me trying to achieve that 
> would just lead to more artificial problems than be actually helpful in any 
> way :)
> thierry.parmentelat> 
> thierry.parmentelat> the m2crypto guys tell me they are essentially just 
> passing stuff along to openssl’s function
> thierry.parmentelat> X509_verify
> thierry.parmentelat> as described here
> thierry.parmentelat> 
> https://www.openssl.org/docs/man1.1.0/crypto/X509_verify.html
> 
> Considering both certs in the attached script use the signature
> algorithm md5WithRSAEncryption, you could get that kind of error with
> an OpenSSL installation where MD5 has been disabled.  'openssl help'
> will show you what's enabled, or 'openssl list -disabled' (with
> OpenSSL 1.1.0) to see what's disabled.
> 
> There are other things that can give you a -1 as well...
> 
> Cheers,
> Richard
> 
> -- 
> Richard Levitte levi...@openssl.org
> OpenSSL Project http://www.openssl.org/~levitte/

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] troubleshooting a puzzling issue

2017-01-13 Thread Richard Levitte 
In message <41a36a7f-ff5d-4190-9178-e9ff11aff...@inria.fr> on Fri, 13 Jan 2017 
11:28:40 +0100, Thierry Parmentelat  said:

thierry.parmentelat> I am facing a problem that I have narrowed down to this:
thierry.parmentelat> 
thierry.parmentelat> I have two certificates, one being signed by the other
thierry.parmentelat> the attached code is a python code that uses M2Crypto to 
check for that fact
thierry.parmentelat> 
thierry.parmentelat> and it turns out, on some boxes x509_verify() returns 1 as 
expected, while on some others I am getting -1
thierry.parmentelat> 
thierry.parmentelat> 
thierry.parmentelat> ---
thierry.parmentelat> I apologize that I am not able to write a pure C code that 
would reproduce the issue (I’m afraid that me trying to achieve that would just 
lead to more artificial problems than be actually helpful in any way :)
thierry.parmentelat> 
thierry.parmentelat> the m2crypto guys tell me they are essentially just 
passing stuff along to openssl’s function
thierry.parmentelat> X509_verify
thierry.parmentelat> as described here
thierry.parmentelat> 
https://www.openssl.org/docs/man1.1.0/crypto/X509_verify.html

Considering both certs in the attached script use the signature
algorithm md5WithRSAEncryption, you could get that kind of error with
an OpenSSL installation where MD5 has been disabled.  'openssl help'
will show you what's enabled, or 'openssl list -disabled' (with
OpenSSL 1.1.0) to see what's disabled.

There are other things that can give you a -1 as well...

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] troubleshooting a puzzling issue

2017-01-13 Thread Richard Levitte 
In message  on Fri, 13 Jan 
2017 09:26:35 -0500, Viktor Dukhovni  said:

openssl-users> 
openssl-users> > On Jan 13, 2017, at 5:28 AM, Thierry Parmentelat 
 wrote:
openssl-users> > 
openssl-users> > I have two certificates, one being signed by the other
openssl-users> > the attached code is a python code that uses M2Crypto to check 
for that fact
openssl-users> 
openssl-users> Your current problem is failure to post the two certificates 
along with
openssl-users> the anecdotal description.  You're also not reporting which 
versions of
openssl-users> the various O/S distributions you were using, and more 
importantly which
openssl-users> versions of OpenSSL were linked into Python's M2Crypto.
openssl-users> 
openssl-users> Real answers require real data.

E...  there's a script attached to the original post.  It contains
all the data you need, including two certs.

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] troubleshooting a puzzling issue

2017-01-13 Thread Viktor Dukhovni 
On Fri, Jan 13, 2017 at 04:17:14PM +0100, Thierry Parmentelat wrote:

> Thanks Viktor for your feedback
> 
> Well, the 2 certificates are embedded in the python code as PEM; I am
> attaching them again here as plain files if that helps

The leaf certificate is signed with RSA+MD5:

$ openssl x509 -in /tmp/p1 -noout -text | egrep -v '^ *..:'
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=onelab.inria
Validity
Not Before: Aug 18 13:30:49 2014 GMT
Not After : Aug 17 13:30:49 2019 GMT
Subject: CN=onelab.inria.thierry_parmentelat
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
Exponent: 35 (0x23)
X509v3 extensions:
X509v3 Basic Constraints: critical
X509v3 Subject Alternative Name:
URI:urn:publicid:IDN+onelab:inria+user+thierry_parmentelat, 
URI:urn:uuid:8ee5aabe-5a16-4ac5-a18f-7ca145af285a
Signature Algorithm: md5WithRSAEncryption

> In terms of versioning, on one box that exhibits the issue of returning -1, I 
> have this:
> 
> # cat /etc/fedora-release
> Fedora release 24 (Twenty Four)

Redhat is removing support for MD5 signatures from their OpenSSL
builds.  From a recent email from them to the OpenSSL team:

We (Red Hat Enterprise Linux developers) decided to disable
support for verification of signatures with MD4, MD5, and SHA0
hashes in openssl library in Red Hat Enterprise Linux 6 and
newer and in Fedora. ...

Your 5 year MD5 certificate is getting stale, time to use something
a bit more current.  Also its rather small exponent (35) is very
unwise.  While not quite as bad as 3, it may be open to attack.

-- 
Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] troubleshooting a puzzling issue

2017-01-13 Thread Thierry Parmentelat 
; it explains it all :)

Thanks so much for your time looking into this, it is very helpful — Thierry 


> On 13 Jan 2017, at 16:47, Viktor Dukhovni  wrote:
> 
> On Fri, Jan 13, 2017 at 04:17:14PM +0100, Thierry Parmentelat wrote:
> 
>> Thanks Viktor for your feedback
>> 
>> Well, the 2 certificates are embedded in the python code as PEM; I am
>> attaching them again here as plain files if that helps
> 
> The leaf certificate is signed with RSA+MD5:
> 
>$ openssl x509 -in /tmp/p1 -noout -text | egrep -v '^ *..:'
>Certificate:
>   Data:
>   Version: 3 (0x2)
>   Serial Number: 3 (0x3)
>   Signature Algorithm: md5WithRSAEncryption
>   Issuer: CN=onelab.inria
>   Validity
>   Not Before: Aug 18 13:30:49 2014 GMT
>   Not After : Aug 17 13:30:49 2019 GMT
>   Subject: CN=onelab.inria.thierry_parmentelat
>   Subject Public Key Info:
>   Public Key Algorithm: rsaEncryption
>   Public-Key: (1024 bit)
>   Modulus:
>   Exponent: 35 (0x23)
>   X509v3 extensions:
>   X509v3 Basic Constraints: critical
>   X509v3 Subject Alternative Name:
>   URI:urn:publicid:IDN+onelab:inria+user+thierry_parmentelat, 
> URI:urn:uuid:8ee5aabe-5a16-4ac5-a18f-7ca145af285a
>   Signature Algorithm: md5WithRSAEncryption
> 
>> In terms of versioning, on one box that exhibits the issue of returning -1, 
>> I have this:
>> 
>> # cat /etc/fedora-release
>> Fedora release 24 (Twenty Four)
> 
> Redhat is removing support for MD5 signatures from their OpenSSL
> builds.  From a recent email from them to the OpenSSL team:
> 
>We (Red Hat Enterprise Linux developers) decided to disable
>support for verification of signatures with MD4, MD5, and SHA0
>hashes in openssl library in Red Hat Enterprise Linux 6 and
>newer and in Fedora. ...
> 
> Your 5 year MD5 certificate is getting stale, time to use something
> a bit more current.  Also its rather small exponent (35) is very
> unwise.  While not quite as bad as 3, it may be open to attack.
> 
> -- 
>   Viktor.
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users