RE: EVP_PKEY_get_int_param is not getting degree from EC key -> man page use of integer for BIGNUM
> From: openssl-users On Behalf Of > Blumenthal, Uri - 0553 - MITLL > Sent: Wednesday, January 5, 2022 6:41 PM > To: Dr Paul Dale ; openssl-users@openssl.org > Subject: [EXTERNAL] Re: EVP_PKEY_get_int_param is not getting degree from > EC key > > The problem that I see is that there's a set of parameters (such as > OSSL_PKEY_PARAM_EC_COFACTOR), not described in the man pages, with > under-specified type. > E.g., how is one to know where's "normal" ~~sloppiness~~ imperfection in > writing, and where "unsigned integer" truly means 'NOT C type "unsigned int"', > especially since it's all in a C API description (so one tends to expect C > types, > unless CLEARLY stated otherwise)? > > Beneficial - would be a man page that lists these parameters, their types, and > the appropriate method for retrieving them (e.g., EVP_PKEY_get_int_param() > or EVP_PKEY_get_bn_param()). > > I support specifying the type in the comments as "unsigned BIGNUM" over > "just adding a note". > > I like this suggestion. I had the same issue with https://www.openssl.org/docs/man3.0/man7/EVP_PKEY-EC.html which uses 'unsigned integer' to mean a BIGNUM. https://www.mail-archive.com/openssl-users@openssl.org/msg90149.html The C language uses 'integer' to mean a basic type of various lengths - 8,16,32, etc bot surely not a structure or pointer. https://www.gnu.org/software/libc/manual/html_node/Integers.html I think integer has a common enough understanding in C that OpenSSL should use a different term for a BIGNUM.
What is the correct way to use OSSL_DECODER
Hi, in follow up to https://github.com/openssl/openssl/issues/17456 where Matt Caswell writes > The normal way of using the decoder APIs is to set up an OSSL_DECODER_CTX and > then call OSSL_DECODER_from_bio or similar function to iterate through the > available decoders to find the right one for the data that we are trying to > decode. I'm still struggling to get the OSSL_DECODER to work. I'm trying to implement a provider with a store loader and use it to load a certificate (and in the future also a private key) from my HSM-like device and use them to sign a CMS. In my STORE_LOAD function I create a new OSSL_DECODER_CTX and I add all the decoders enumerated with OSSL_DECODER_do_all_provided. It is my understanding that during decoding the best decoders are selected automatically (in this case PEM -> DER -> X509). Then I read certificate from the HSM in PEM format and use OSSL_DECODER_from_data to construct X509 instance. This seems fine until later when CMS_add1_signer calls X509_check_private_key and it turns out that the *public* key from the decoded certificate is empty (X509->cert_info.key.pkey is NULL). It seems that x509_pubkey_ex_d2i_ex fails to decode the public key using the inner context created by OSSL_DECODER_CTX_new_for_pkey. command: openssl cms -sign -signer myprov:cert=0014 -provider myprov provider (interesting parts): int OSSL_provider_init() { ... OSSL_PROVIDER_load(myprov->libctx, "default"); // I load default provider into child lib ctx ... } int store_load(void *loaderctx, OSSL_CALLBACK *object_cb, void *object_cbarg, ...) { char *cert_pem = "BEGIN CERTIFICATE..." // I load certificate from HSM OSSL_DECODER_CTX *dctx = OSSL_DECODER_CTX_new(); OSSL_DECODER_do_add_provided(loader->libctx, add_decoder, dctx); OSSL_DECODER_CTX_set_input_type(dctx, "pem"); OSSL_DECODER_CTX_set_input_structure(dctx, "Certificate"); OSSL_DECODER_CTX_set_construct(dctx, constructor); struct closure closure = { .callback = object_cb, .arg = object_cbarg }; OSSL_DECODER_CTX_set_construct_data(dctx, &closure); return OSSL_DECODER_from_data(dctx, pem, strlen(pem)); } Certificates obtained through the default file loader are ok. I don't know how to populate DECODER_CTX with actual DECODERs. File loader uses some relatively complex algorithm which I am unable to comprehend. Thanks, Milan
Re: Undefined Reference to "bn_get_words()" and "bn_get_top()".
On Tue, 2022-01-11 at 10:15 +, Kumar Mishra, Sanjeev wrote: > Hi, > I am getting following linking Error for APIs "bn_get_words()" and > "bn_get_top()" while compiling with OpenSSL 3.0. Although crypto/bn.h > is included in file. > Please help to resolve it. > Regards, > Sanjeev These symbols are internal and not exported from the shared library. You would have to link statically to be able to use them. Of course that is not recommended exactly because the symbols are internal and thus can disappear or arbitrarily change meaning within any release. -- Tomáš Mráz, OpenSSL
Undefined Reference to "bn_get_words()" and "bn_get_top()".
Hi, I am getting following linking Error for APIs "bn_get_words()" and "bn_get_top()" while compiling with OpenSSL 3.0. Although crypto/bn.h is included in file. Please help to resolve it. Regards, Sanjeev /bin/ld: warning: libssl.so.1.1, needed by /usr/lib/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/libcurl.so, may conflict with libssl.so.3 /bin/ld: warning: libcrypto.so.1.1, needed by /usr/lib/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/libcurl.so, may conflict with libcrypto.so.3 /bin/ld: /sonus/p4/ws/skumarmishra/openssl3_howard/orca/dist/libs/db64/libdrm.a(DrmDebugUtils.o): in function `DrmDbgNitroxCmd(int, char**, CLI_CMD_STR*, void*)': /sonus/p4/ws/skumarmishra/openssl3_howard/orca/drm/lib/src/DrmDebugUtils.c:5704: undefined reference to `bn_get_words(bignum_st const*)' /bin/ld: /sonus/p4/ws/skumarmishra/openssl3_howard/orca/drm/lib/src/DrmDebugUtils.c:5705: undefined reference to `bn_get_words(bignum_st const*)' /bin/ld: /sonus/p4/ws/skumarmishra/openssl3_howard/orca/drm/lib/src/DrmDebugUtils.c:5708: undefined reference to `bn_get_top(bignum_st const*)' /bin/ld: /sonus/p4/ws/skumarmishra/openssl3_howard/orca/drm/lib/src/DrmDebugUtils.c:5708: undefined reference to `bn_get_top(bignum_st const*)' /bin/ld: /sonus/p4/ws/skumarmishra/openssl3_howard/orca/drm/lib/src/DrmDebugUtils.c:5709: undefined reference to `bn_get_top(bignum_st const*)' /bin/ld: /sonus/p4/ws/skumarmishra/openssl3_howard/orca/drm/lib/src/DrmDebugUtils.c:5709: undefined reference to `bn_get_top(bignum_st const*)' collect2: error: ld returned 1 exit status gmake[1]: *** [/sonus/p4/ws/shared/cmn_thirdparty.buster_openssl3/ACE/ACE_wrappers/include/makeinclude/rules.bin.GNU:54: db64/PrsProcess] Error 1 gmake[1]: Target 'all' not remade because of errors. gmake[1]: Leaving directory '/sonus/p4/ws/skumarmishra/openssl3_howard/orca/prs/proc/src' gmake: *** [Makefile:23: orca] Error 2 gmake: Target 'all' not remade because of errors. Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.