Re: Extracting the public modulus from an RSA public key?
Ugh. So simple! I don't know how I missed that. I found get0 & get1 accessors for many other structures but I didn't see that one. Thanks, Tom.III On Tue, May 5, 2020 at 9:50 PM Dr Paul Dale wrote: > Might I suggest reading the documentation? > > RSA_get0_n() is the function you are wanting. > > > Pauli > -- > Dr Paul Dale | Distinguished Architect | Cryptographic Foundations > Phone +61 7 3031 7217 > Oracle Australia > > > > > On 6 May 2020, at 2:20 pm, Thomas Dwyer III wrote: > > I'm porting some old legacy code from OpenSSL 1.0.2 to OpenSSL 3.0.0. A > portion of this code reads X509 certificates, extracts the public key, and > passes it to firmware that I cannot modify. Unfortunately, this legacy > firmware API was very poorly designed such that the public key is passed in > a way similar to: > > RSA *rsa = get_pubkey_from_cert(...) > BIGNUM *bn = rsa->n; > int len = BN_num_bytes(bn); > unsigned char *buf = malloc(len); > BN_bn2bin(bn, buf); > pubkey_to_firmware(buf, len); > > Yuck. Ignoring the fact that this firmware appears to assume a constant > exponent 'e', I cannot find a way to extract the modulus 'n' from the RSA > key. I understand this is intentional. The only solution I could find is to > print the key to a buffer via EVP_PKEY_print_public(), parse the result to > extract the modulus into a giant hex string, and then BN_hex2bn() that back > into a BIGNUM. Is there a better way? > > > Thanks, > Tom.III > > >
AW: openssl-1.1.1g cygwin make errors
Hello, You could try with ./config no-async Kind Regards, Georg Von: openssl-users Im Auftrag von Anand Sridharan Gesendet: 06 May 2020 03:20 An: openssl-users@openssl.org Betreff: openssl-1.1.1g cygwin make errors Hi Open SSL users , Please let us know if someone has observed below errors while compiling on source with cygwin. Please do indicate any workaround available , I observed similar errors with different version as well such as openssl 1.1.1a. from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:28:24: ucontext.h: No such file or directory In file included from crypto/async/arch/../async_local.h:30, from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:32: error: parse error before "ucontext_t" crypto/async/arch/../arch/async_posix.h:32: warning: no semicolon at end of struct or union crypto/async/arch/../arch/async_posix.h:35: error: parse error before '}' token crypto/async/arch/../arch/async_posix.h:35: warning: type defaults to `int' in declaration of `async_fibre' crypto/async/arch/../arch/async_posix.h:35: warning: data definition has no type or storage class crypto/async/arch/../arch/async_posix.h:37: error: parse error before '*' token crypto/async/arch/../arch/async_posix.h: In function `async_fibre_swapcontext': crypto/async/arch/../arch/async_posix.h:39: error: `o' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:39: error: (Each undeclared identifier is reported only once crypto/async/arch/../arch/async_posix.h:39: error: for each function it appears in.) crypto/async/arch/../arch/async_posix.h:41: error: `r' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:42: error: `n' undeclared (first use in this function) -- thanks, Anand.S
Re: Extracting the public modulus from an RSA public key?
Might I suggest reading the documentation? RSA_get0_n() is the function you are wanting. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 6 May 2020, at 2:20 pm, Thomas Dwyer III wrote: > > I'm porting some old legacy code from OpenSSL 1.0.2 to OpenSSL 3.0.0. A > portion of this code reads X509 certificates, extracts the public key, and > passes it to firmware that I cannot modify. Unfortunately, this legacy > firmware API was very poorly designed such that the public key is passed in a > way similar to: > > RSA *rsa = get_pubkey_from_cert(...) > BIGNUM *bn = rsa->n; > int len = BN_num_bytes(bn); > unsigned char *buf = malloc(len); > BN_bn2bin(bn, buf); > pubkey_to_firmware(buf, len); > > Yuck. Ignoring the fact that this firmware appears to assume a constant > exponent 'e', I cannot find a way to extract the modulus 'n' from the RSA > key. I understand this is intentional. The only solution I could find is to > print the key to a buffer via EVP_PKEY_print_public(), parse the result to > extract the modulus into a giant hex string, and then BN_hex2bn() that back > into a BIGNUM. Is there a better way? > > > Thanks, > Tom.III >
Extracting the public modulus from an RSA public key?
I'm porting some old legacy code from OpenSSL 1.0.2 to OpenSSL 3.0.0. A portion of this code reads X509 certificates, extracts the public key, and passes it to firmware that I cannot modify. Unfortunately, this legacy firmware API was very poorly designed such that the public key is passed in a way similar to: RSA *rsa = get_pubkey_from_cert(...) BIGNUM *bn = rsa->n; int len = BN_num_bytes(bn); unsigned char *buf = malloc(len); BN_bn2bin(bn, buf); pubkey_to_firmware(buf, len); Yuck. Ignoring the fact that this firmware appears to assume a constant exponent 'e', I cannot find a way to extract the modulus 'n' from the RSA key. I understand this is intentional. The only solution I could find is to print the key to a buffer via EVP_PKEY_print_public(), parse the result to extract the modulus into a giant hex string, and then BN_hex2bn() that back into a BIGNUM. Is there a better way? Thanks, Tom.III
openssl-1.1.1g cygwin make errors
Hi Open SSL users , Please let us know if someone has observed below errors while compiling on source with cygwin. Please do indicate any workaround available , I observed similar errors with different version as well such as openssl 1.1.1a. from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:28:24: ucontext.h: No such file or directory In file included from crypto/async/arch/../async_local.h:30, from crypto/async/arch/async_null.c:11: crypto/async/arch/../arch/async_posix.h:32: error: parse error before "ucontext_t" crypto/async/arch/../arch/async_posix.h:32: warning: no semicolon at end of struct or union crypto/async/arch/../arch/async_posix.h:35: error: parse error before '}' token crypto/async/arch/../arch/async_posix.h:35: warning: type defaults to `int' in declaration of `async_fibre' crypto/async/arch/../arch/async_posix.h:35: warning: data definition has no type or storage class crypto/async/arch/../arch/async_posix.h:37: error: parse error before '*' token crypto/async/arch/../arch/async_posix.h: In function `async_fibre_swapcontext': crypto/async/arch/../arch/async_posix.h:39: error: `o' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:39: error: (Each undeclared identifier is reported only once crypto/async/arch/../arch/async_posix.h:39: error: for each function it appears in.) crypto/async/arch/../arch/async_posix.h:41: error: `r' undeclared (first use in this function) crypto/async/arch/../arch/async_posix.h:42: error: `n' undeclared (first use in this function) -- thanks, Anand.S
PKCS7: Error: Object has zero length.
Hi all, I am trying to create a "Degenerate certificates-only CMS Signed-Data” using openssl openssl-1.1.1c (from CentOS8) as described by https://tools.ietf.org/html/draft-gutmann-scep-15#section-3.4, and in the process I am getting the entry "Error: Object has zero length” in the PKCS7 structure and I don't know how to get rid of it: 0 2395: SEQUENCE { 49: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 15 2380: [0] { 19 2376: SEQUENCE { 231: INTEGER 1 260: SET {} 28 15: SEQUENCE { 309: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 412: [0] { 430: OCTET STRING : Error: Object has zero length.< here : } : } [snip] The code is here: https://source.redwax.eu/projects/RS/repos/mod_scep/browse/mod_scep.c#1134 Or more specifically looks like this: p7 = PKCS7_new(); PKCS7_set_type(p7, NID_pkcs7_signed); PKCS7_content_new(p7, NID_pkcs7_data); PKCS7_add_certificate(p7, cert); PKCS7_add_certificate(p7, conf->signer); i2d_PKCS7_bio(b, p7); Can anyone confirm what step I am missing? Regards, Graham — smime.p7s Description: S/MIME cryptographic signature