Re: [openssl-users] converting text to pem
Bonjour, Le 17/08/2012 09:33, kiran Palli a écrit : Hi, I generated an rsa 2048 key-pair with these commands: openssl.exe genrsa -F4 -out key.pem 2048 openssl.exe rsa -text -in key.pem key.txt Now I lost the key.pem file and also lost the key.txt in its original format. That's sad. 2 files lost at the same time? And you weren't taught to take care of these? They weren't important, were they? Why don't you just throw that key away and pick a new one? But I have private exponent and public exponent from the text file. Those were enough for my tool suite to sign a binary file and then verify. Now I need to test something with openSSL signing, but how do I recover the private key in .pem format (key.pem)? Looks like homework. Did you ask Google? This is the left over portion of key.txt(example, but a valid key-pair): Private-Key: (2048 bit) modulus: |00:f3:5a:8f:46:08:11:d8:f7:65:eb:26:8f:e6:fe: [...] d2:61 | publicExponent: 65537 (0x10001) privateExponent: |73:e4:bd:f4:e1:24:f6:ca:23:7c:90:99:d9:ad:9c: [...] 11| Using bc you can quickly get p, q, dp and dq. qinv is harder to get, but it's possible. -- Erwann ABALEA
Re: [openssl-users] converting text to pem
On 8/17/2012 11:46 AM, Erwann Abalea wrote: Bonjour, Le 17/08/2012 09:33, kiran Palli a écrit : Hi, I generated an rsa 2048 key-pair with these commands: openssl.exe genrsa -F4 -out key.pem 2048 openssl.exe rsa -text -in key.pem key.txt Now I lost the key.pem file and also lost the key.txt in its original format. That's sad. 2 files lost at the same time? And you weren't taught to take care of these? They weren't important, were they? Why don't you just throw that key away and pick a new one? But I have private exponent and public exponent from the text file. Those were enough for my tool suite to sign a binary file and then verify. Now I need to test something with openSSL signing, but how do I recover the private key in .pem format (key.pem)? Looks like homework. Did you ask Google? This is the left over portion of key.txt(example, but a valid key-pair): Private-Key: (2048 bit) modulus: |00:f3:5a:8f:46:08:11:d8:f7:65:eb:26:8f:e6:fe: [...] d2:61 | publicExponent: 65537 (0x10001) privateExponent: |73:e4:bd:f4:e1:24:f6:ca:23:7c:90:99:d9:ad:9c: [...] 11| Using bc you can quickly get p, q, dp and dq. qinv is harder to get, but it's possible. And once you have all the parts (m, e, d, p, q, dp, dq and qinv), you should format each as an DER INTEGER, then put them in the correct order after each other and wrap that as a DER SEQUENCE, then work your way up to whichever ASN.1 structure OpenSSL uses in its key files. You now have the file in binary DER format and can use openssl command line tools to convert it to PEM format (which is the same, only Base64 encoded with an identifying line above and below). All this formatting work *could* be done by writing custom code that calls various low level BN_ and RSA_ functions in OpenSSL (This could also be used for the calculations), but the formatting is trivial enough that you should be able to do it by hand (pen and paper, or a text editor). Of cause, you will need to understand the math and read up on DER encoding, but those are good to learn anyway. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Unregister an index registered with RSA_get_ex_new_index
I see. I've digged a little bit more in the built-in engines and found out that this is the way some of them are implemented. I guess there's no way to to the same for ECDSA_METHOD tough, since there's no finish function pointer on that... By the way, I took a look at the gost engine, which uses EVP_PKEY_METHOD. Is it possible to achieve the behaviour I'm looking for only using the EVP interface. Better explaining, I want to implement RSA and ECDSA signing and verifying, and a proper cleanup for both. If it is possible, I'll use that engine as an example. Thank you for quick reply. 2012/8/16 Dr. Stephen Henson st...@openssl.org On Thu, Aug 16, 2012, Felipe Blauth wrote: Dear all, Im writing an OpenSSL engine and I have some internal data to manage via ex_data functions. What I've been doing so far is using RSA_get_ex_new_index(0, NULL, NULL, NULL, my free function), at the initialization of the engine to register a free function for structures allocated when the method ENGINE_load_private_key (or ENGINE_load_public_key) is called. To do so, I use the method RSA_set_ex_data(my_rsa, the index returned by RSA_get_ex_new_index , my custom data) and I do the proper cleanup at my free function accordingly. Everything works fine, except for the fact that, when I finish the engine, other keys that are not engine related still try to get cleaned up by my free function, which no longer exists, and my program crashes. I realize, also, that if I call CRYPTO_cleanup_all_ex_data after finishing the engine, no problems occur. The problem with CRYPTO_cleanup_all_ex_data is that I'm planning to have multiple engines at the same time, so I'd like to cleanup only the index created with RSA_get_ex_new_index for an specific engine. I tryed to debug the method RSA_get_ex_new_index to figure something out, but didn't understand it well =p. There is currently no way to unregister an index. There is a workaround for RSA though. Don't register a free function when you call RSA_get_ex_new_index and instead free up and zero the ex data in the RSA_METHOD finish function instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Felipe Menegola Blauth
openssl bug database?
I want to make sure I don't potentially report openssl bugs that someone else has already reported. Is there a database of open openssl bugs that I haven't seen the link to, somewhere? Thanks, Cassie __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl bug database?
On Fri, Aug 17, 2012, Cassie Helms wrote: I want to make sure I don't potentially report openssl bugs that someone else has already reported. Is there a database of open openssl bugs that I haven't seen the link to, somewhere? See: http://www.openssl.org/support/faq.html#BUILD16 and the following two FAQs. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Unregister an index registered with RSA_get_ex_new_index
On Fri, Aug 17, 2012, Felipe Blauth wrote: I see. I've digged a little bit more in the built-in engines and found out that this is the way some of them are implemented. I guess there's no way to to the same for ECDSA_METHOD tough, since there's no finish function pointer on that... There is a way to attach data to an EC_KEY structure which differs from the normal ex_data methods. Data is attached on a per key basis (as opposed to globally for ex_data) and once cleaned up the function pointers are no longer referenced. See functions like EC_KEY_insert_key_method_data. By the way, I took a look at the gost engine, which uses EVP_PKEY_METHOD. Is it possible to achieve the behaviour I'm looking for only using the EVP interface. Better explaining, I want to implement RSA and ECDSA signing and verifying, and a proper cleanup for both. If it is possible, I'll use that engine as an example. It should be possible in most cases though this hasn't been tested for additional implementations of existing methods: the gost ENGINE implements completely new algorithms. There are a few exceptions where the old APIs haven't yet been updated. The most notable is SSL/TLS/DTLS client authentication. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Shared build broken
Hello, I am trying to create a shared library of openssl (1.0.1c) with the following configuration: ./Configure --cross-compile-prefix=i686-unknown-linux-gnu- --prefix=$HOME/toolchains/{i686-unknown-linux-gnu} shared linux-elf compiler version: i686-unknown-linux-gnu-gcc (GCC) 4.2.4 The compilation is fine, however the linkage fails: https://gist.github.com/3380022 Static build is successful. google finds lots of similar problems for older versions of openssl but no exact fixes. I assume that link order was fixed for static build but is still broken for dynamic. Please advice. Thank you. -- Victor
Key block size for key derivation
For EAP-FAST key derivation, I need to know the key block size. With OpenSSL 1.0.0 I used effectively following function to figure this out after having completed TLS handshake: int get_block_size(SSL *ssl) { const EVP_CIPHER *c = ssl-enc_read_ctx-cipher; const EVP_MD *h = EVP_MD_CTX_md(ssl-read_hash); return 2 * (EVP_CIPHER_key_length(c) + EVP_MD_size(h) + EVP_CIPHER_iv_length(c)); } This seemed to work fine with OpenSSL 1.0.0, but EVP_MD_CTX_md() returns NULL in OpenSSL 1.0.1. Based on tls1_setup_key_block(), the best I came up for 1.0.1 was this: int get_block_size(SSL *ssl) { const EVP_CIPHER *c = ssl-enc_read_ctx-cipher; return 2 * (EVP_CIPHER_key_length(c) + ssl-s3-tmp.new_mac_secret_size + EVP_CIPHER_iv_length(c)); } This seems to work, but using ssl-s3-tmp to figure out this outside the library code does not look exactly clean.. Is there a better way to figure out the MAC secret size (or even better, full key block size) with OpenSSL? -- Jouni MalinenPGP id EFC895FA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Easy way to turn on gdb symbols (and just gdb symbols?)
Hi folks, I'm looking to compile fips and openssl with gdb symbols. So far both compilations are unhappy with make CFLAGS=-g after doing my typical config stuff. I noticed there are some debug options for fips/Configure, if you look really hard in the Configure file...I think these typically include a gdb flag. The problem is, if I do cd fips ./Configure debug on my build machine (which is gcc version 4.1.2) and then do make I get gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include - DOPENSSL_FIPSCANISTER -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG - DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror -c -o bn_blind.o bn_blind.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include - DOPENSSL_FIPSCANISTER -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG - DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror -c -o bn_ctx.o bn_ctx.c cc1: warnings being treated as errors bn_ctx.c: In function ‘ctxdbg’: bn_ctx.c:163: warning: cast from pointer to integer of different size make[2]: *** [bn_ctx.o] Error 1 make[2]: Leaving directory `/home/cassie/fips-2.0/crypto/bn' make[1]: *** [fips] Error 1 make[1]: Leaving directory `/home/cassie/fips-2.0/crypto' make: *** [build_crypto] Error 1 which is an error I don't get if I just do a typical ./config. I'm guessing this is a gcc version problem. But I'm wondering if there is any simpler way to get gdb symbols compiled into fips 2.0 and openssl 1.0.1c that I'm overlooking. At the moment, I'm seeing odd failures in the MD4/MD4_Init functions and I can't debug them with gdb because I can't see what the source is doing. Any advice is greatly appreciated. Thanks. Cassie __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl bug database?
Actually, my real question was, where can I see a list of bugs that are already reported for openssl, so I can anticipate certain openssl functions failing? I wish I could contribute more to the source by reporting bugs, but I have so many of my own already...and would like to be able to see where they are going to happen next, if that's possible. Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Easy way to turn on gdb symbols (and just gdb symbols?)
I'm seeing odd failures in the MD4/MD4_Init functions and I can't debug them with gdb because I can't see what the source is doing. Maybe I should add that I've verified that FIPS_mode is turned on right before my failing MD4 calls (think OpenSSLDie()), and I didn't do anything special to compile or turn on the MD4 algorithm.could that be where I'm missing a step? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Easy way to turn on gdb symbols (and just gdb symbols?)
On Fri, Aug 17, 2012, Cassie Helms wrote: I'm seeing odd failures in the MD4/MD4_Init functions and I can't debug them with gdb because I can't see what the source is doing. Maybe I should add that I've verified that FIPS_mode is turned on right before my failing MD4 calls (think OpenSSLDie()), and I didn't do anything special to compile or turn on the MD4 algorithm.could that be where I'm missing a step? In FIPS mode you can only use FIPS approved algorithms. MD4 is not an approved algorithm. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Easy way to turn on gdb symbols (and just gdb symbols?)
Maybe I should add that I've verified that FIPS_mode is turned on right before my failing MD4 calls (think OpenSSLDie()), and I didn't do anything special to compile or turn on the MD4 algorithm.could that be where I'm missing a step? Ah yes, now I see that what I am trying to do is perhaps impossible: Other non-FIPS approved algorithms such a Blowfish, MD5, IDEA, RC4, etc. are disabled in FIPS mode. OK. Here is where I'm coming from: - I have a new version of a product that needs to use CMAC and CCM - but it also has to support older versions of a protocol that call for things like... MD4 - as far as I know, CMAC and CCM can only be used through validated fips code (right?)... - but if fips mode is turned on, MD4 is not available because it's not a validated algorithm. Steve, if you are there, do you have advice on what library I should have used to achieve these requirements? Or if I am to toggle between fips and not fips mode during run time? I was under the impression that moving the new openssl library into my product source would offer all of the old functionality I needed, as well as the new fips functionality. Is this not true? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Unregister an index registered with RSA_get_ex_new_index
2012/8/17 Dr. Stephen Henson st...@openssl.org On Fri, Aug 17, 2012, Felipe Blauth wrote: I see. I've digged a little bit more in the built-in engines and found out that this is the way some of them are implemented. I guess there's no way to to the same for ECDSA_METHOD tough, since there's no finish function pointer on that... There is a way to attach data to an EC_KEY structure which differs from the normal ex_data methods. Data is attached on a per key basis (as opposed to globally for ex_data) and once cleaned up the function pointers are no longer referenced. See functions like EC_KEY_insert_key_method_data. Hey, that worked =). I was going to make a custom command to clean a linked list I was creating, but this way is much better for seamless integration. Thanks a lot, that fixed things up. By the way, I took a look at the gost engine, which uses EVP_PKEY_METHOD. Is it possible to achieve the behaviour I'm looking for only using the EVP interface. Better explaining, I want to implement RSA and ECDSA signing and verifying, and a proper cleanup for both. If it is possible, I'll use that engine as an example. It should be possible in most cases though this hasn't been tested for additional implementations of existing methods: the gost ENGINE implements completely new algorithms. There are a few exceptions where the old APIs haven't yet been updated. The most notable is SSL/TLS/DTLS client authentication. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Felipe Menegola Blauth
Re: Easy way to turn on gdb symbols (and just gdb symbols?)
On Fri, Aug 17, 2012, Cassie Helms wrote: Maybe I should add that I've verified that FIPS_mode is turned on right before my failing MD4 calls (think OpenSSLDie()), and I didn't do anything special to compile or turn on the MD4 algorithm.could that be where I'm missing a step? Ah yes, now I see that what I am trying to do is perhaps impossible: Other non-FIPS approved algorithms such a Blowfish, MD5, IDEA, RC4, etc. are disabled in FIPS mode. OK. Here is where I'm coming from: - I have a new version of a product that needs to use CMAC and CCM - but it also has to support older versions of a protocol that call for things like... MD4 - as far as I know, CMAC and CCM can only be used through validated fips code (right?)... - but if fips mode is turned on, MD4 is not available because it's not a validated algorithm. You only need the validated code if you need to support FIPS 140-2. If you don't then there is no need to use the FIPS capable OpenSSL at all. CCM and CMAC are supported in OpenSSL 1.0.1 without needing to use the validated module. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Free returned pointer from OBJ_nid2obj() ?
On Fri, Aug 17, 2012, Eric Fowler wrote: Must a client free the pointer returned from OBJ_nid2obj() ? I assume the pointer references data in some internal table and is not free()'d. But I want to be sure ... man page is no help on this. An application doesn't have to no. However it is safe to call OBJ_free on the ASN1_OBJECT: it just becomes a no op on OIDs from internal tables. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: How do session accept timeout with OpenSSL
From: owner-openssl-us...@openssl.org On Behalf Of CharlesTSR Sent: Tuesday, 14 August, 2012 17:12 You've already followed-up with some, but a few more points: I am porting an existing Windows-based TCP/IP server (receive-only, not a Web server) to OpenSSL. The way it works with TCP/IP is it sets up a socket, binds it to the desired port [and select's with a timeout] snip Most of that ports fairly straightforwardly to OpenSSL. Not one to one, but pretty straghtforward: BIO_new_accept(), BIO_do_accept() * 2, BIO_pop(), SSL_setbio(), ... What about the select? Is there some sort of BIO_select()? Is there some way to do SSL on native sockets rather than BIO objects? BIO has (I think!) a regular system socket under the covers -- is there a supported API for getting that socket so I can do a select on it? No and yes. socketBIO, and its variants acceptBIO and connectBIO, are fairly thin wrappers on Unix sockets or Windows winsock. (Technically sockets+netdb because for historical reasons they are considered separate although almost always used together.) If you use BIO to open a socket, BIO_get_fd returns sd or HANDLE, you can use for native calls like select/poll and get/setsockopt. (Technically you could call send and recv, but adding or removing data will screw up the SSL protocol, which won't be helpful.) Alternatively as you've already found you can open the socket with socket() gethostbyname() bind() listen() connect() accept() as applicable, and then SSL_set_fd, which wraps it in a BIO. Or do I have to re-write somehow with non-blocking sockets and/or using signals for my timeout rather than select()? Or ... ? You do need to use nonblocking if/when you want a timelimit, and SSL_get_error to tell you which direction to select for. For accept=handshake it's obvious you need both directions, but even for _read and _write (if you do those nonblocking) your code should be able to select for the 'wrong' direction in order to handle renegotiation. I think you can set nonblocking only during SSL_accept (or _connect) and switch to blocking for data if you want that, but I haven't actually tested that combination. I have tried getting TCP/IP bind and BIO_do/new_accept() to coexist but they don't want to share a port, and my BIO_do_accept fails in the absence of a preceding BIO_do/new_accept(). Thanks much. Tried searching for an answer but accept and bind and select are such common keywords, and most of the hits are either for select for determining when a socket is readable or writable, or for OpenSSL's session timeouts. Details are in SSL_get_error manpage, which is admittedly not the most obvious search, but SSL_connect/accept/read/write do point to it. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org