Re: [openssl-users] Question as to best options....

2017-12-26 Thread Karl Denninger 

On 12/26/2017 14:07, Kurt Roeckx wrote:
> On Tue, Dec 26, 2017 at 01:42:57PM -0600, Karl Denninger wrote:
>> On 12/26/2017 13:14, Salz, Rich via openssl-users wrote:
>>> So if you put locks around the SSL_CTX object when it’s used, then you
>>> can use the set private key call to update the key; and then all
>>> SSL_new objects afterwards will use the new credentials.  Does that
>>> meet your need?
>>>
>> Yes, that I already know how to do.  The issue is how to get the key
>> from a PEM file into a format that I can feed it with set private key. 
>> There doesn't appear to be a means to "un-file-ify" the set private key
>> functions.
> You can use the d2i_PrivateKey and i2d_PrivateKey functions to read
> and write the file.
>
 "is there a decent way to convert a PEM or DER private key file into
>>> ASN.1" using OpenSSL calls (from a "C" program, not from the command
>>> line; we'll assume I have the key and cert files already.)
>>>
>>> I assume you mean “native C structure” and not ASN1?  Because DER is
>>> just the ASN1 serialized, and PEM is base64 encoded DER with marker
>>> lines. …
>>>
>>>
>>>
>> So if I take a PEM private key file, strip the markers, and turn the
>> actual key's base64 into binary (assuming an RSA key, so there's no "EC
>> parameter" block in front) I now have an "opaque" unsigned character
>> array of length "len" (the decoded Base64) which
>> SSL_CTX_use_privateKey_ASN1 will accept?  (Assuming the key file is
>> unencrypted, of course.)
>>
>> What is the parameter "pk" passed to the call in that instance (it's not
>> in the man page)
> From the manpage:
> SSL_CTX_use_PrivateKey_ASN1() adds the private key of type _pk_
>
> So you would need to know that it's an RSA or EC key. If you used
> d2i_AutoPrivateKey you don't need to know the type and get an
> EVP_PKEY.
>
>
> Kurt
Thanks - I suspect I have enough to get things rolling :-)

-- 
Karl Denninger
k...@denninger.net 
/The Market Ticker/
/[S/MIME encrypted email preferred]/


smime.p7s
Description: S/MIME Cryptographic Signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Question as to best options....

2017-12-26 Thread Kurt Roeckx 
On Tue, Dec 26, 2017 at 01:42:57PM -0600, Karl Denninger wrote:
> 
> On 12/26/2017 13:14, Salz, Rich via openssl-users wrote:
> >
> > So if you put locks around the SSL_CTX object when it’s used, then you
> > can use the set private key call to update the key; and then all
> > SSL_new objects afterwards will use the new credentials.  Does that
> > meet your need?
> >
> Yes, that I already know how to do.  The issue is how to get the key
> from a PEM file into a format that I can feed it with set private key. 
> There doesn't appear to be a means to "un-file-ify" the set private key
> functions.

You can use the d2i_PrivateKey and i2d_PrivateKey functions to read
and write the file.

> > > "is there a decent way to convert a PEM or DER private key file into
> > ASN.1" using OpenSSL calls (from a "C" program, not from the command
> > line; we'll assume I have the key and cert files already.)
> >
> > I assume you mean “native C structure” and not ASN1?  Because DER is
> > just the ASN1 serialized, and PEM is base64 encoded DER with marker
> > lines. …
> >
> >
> >
> So if I take a PEM private key file, strip the markers, and turn the
> actual key's base64 into binary (assuming an RSA key, so there's no "EC
> parameter" block in front) I now have an "opaque" unsigned character
> array of length "len" (the decoded Base64) which
> SSL_CTX_use_privateKey_ASN1 will accept?  (Assuming the key file is
> unencrypted, of course.)
> 
> What is the parameter "pk" passed to the call in that instance (it's not
> in the man page)

From the manpage:
SSL_CTX_use_PrivateKey_ASN1() adds the private key of type _pk_

So you would need to know that it's an RSA or EC key. If you used
d2i_AutoPrivateKey you don't need to know the type and get an
EVP_PKEY.


Kurt

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Question as to best options....

2017-12-26 Thread Karl Denninger 

On 12/26/2017 13:14, Salz, Rich via openssl-users wrote:
>
> So if you put locks around the SSL_CTX object when it’s used, then you
> can use the set private key call to update the key; and then all
> SSL_new objects afterwards will use the new credentials.  Does that
> meet your need?
>
Yes, that I already know how to do.  The issue is how to get the key
from a PEM file into a format that I can feed it with set private key. 
There doesn't appear to be a means to "un-file-ify" the set private key
functions.
>
> > "is there a decent way to convert a PEM or DER private key file into
> ASN.1" using OpenSSL calls (from a "C" program, not from the command
> line; we'll assume I have the key and cert files already.)
>
> I assume you mean “native C structure” and not ASN1?  Because DER is
> just the ASN1 serialized, and PEM is base64 encoded DER with marker
> lines. …
>
>
>
So if I take a PEM private key file, strip the markers, and turn the
actual key's base64 into binary (assuming an RSA key, so there's no "EC
parameter" block in front) I now have an "opaque" unsigned character
array of length "len" (the decoded Base64) which
SSL_CTX_use_privateKey_ASN1 will accept?  (Assuming the key file is
unencrypted, of course.)

What is the parameter "pk" passed to the call in that instance (it's not
in the man page)

int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, long 
len);

And likewise, I can just bytewise load a DER file (e.g. read() it into a
memory buffer) and then pass that as it's simply a binary copy of the
Base64 contained within the markers (plus the EC parameters if it's an
ECDSA key)?

If so that makes it materially easier than I thought it would be

-- 
Karl Denninger
k...@denninger.net 
/The Market Ticker/
/[S/MIME encrypted email preferred]/


smime.p7s
Description: S/MIME Cryptographic Signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Question as to best options....

2017-12-26 Thread Kurt Roeckx 
On Tue, Dec 26, 2017 at 12:38:32PM -0600, Karl Denninger wrote:
> 
> What I'm trying to figure out is the "best" way to handle this. 
> SSL_CTX_use_PrivateKey accepts a EVP_PKEY pointer,
> SSL_CTX_use_PrivateKey_ASN1 takes an ASN1 structure of length len, but
> what is parameter "pk" (not explained in the man page) and this assumes
> I have an ASN.1.

I assume you send the file in DER or PEM format over the SSL
connection. You then probably want to use d2i_PrivateKey() or
d2i_AutoPrivateKey() to turn that into an EVP_PKEY.


Kurt

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Question as to best options....

2017-12-26 Thread Salz, Rich via openssl-users 
So if you put locks around the SSL_CTX object when it’s used, then you can use 
the set private key call to update the key; and then all SSL_new objects 
afterwards will use the new credentials.  Does that meet your need?

> "is there a decent way to convert a PEM or DER private key file into ASN.1" 
> using OpenSSL calls (from a "C" program, not from the command line; we'll 
> assume I have the key and cert files already.)

I assume you mean “native C structure” and not ASN1?  Because DER is just the 
ASN1 serialized, and PEM is base64 encoded DER with marker lines. …
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Question as to best options....

2017-12-26 Thread Karl Denninger 
So let's assume I have system A and B.

System A has some store of certificates and keys.  We'll assume they're
in either PEM or DER format and OpenSSL generated them.

System B is going to get passed one or both via a mechanism (e.g. over a
TLS connection that it has validated as being "ok" with appropriate
cipher and certificate chase, so it's reasonably convinced it's talking
to who it thinks it is), and then wishes to install them into executing
software so OpenSSL can use them for THAT system to do something with
(e.g. take connections from a third machine, sign objects, etc.)  I
already know how do the "do something" part with OpenSSL.  System B does
*NOT* want to store these persistently on the disk somewhere (even
transiently.)

What I'm trying to figure out is the "best" way to handle this. 
SSL_CTX_use_PrivateKey accepts a EVP_PKEY pointer,
SSL_CTX_use_PrivateKey_ASN1 takes an ASN1 structure of length len, but
what is parameter "pk" (not explained in the man page) and this assumes
I have an ASN.1.

I would assume that doing wonky things with EVP_PKEY (like digging into
the structure once loaded, grabbing it and transmitting it) is a
severely bad idea as the structure may change (e.g. EVP_PKEY is intended
to be an opaque structure from a user code perspective.)

So that leaves the obvious question as "is there a decent way to convert
a PEM or DER private key file into ASN.1" using OpenSSL calls (from a
"C" program, not from the command line; we'll assume I have the key and
cert files already.)

TIA
--
Karl Denninger
k...@denninger.net 

/The Market Ticker/
/[S/MIME encrypted email preferred]/


smime.p7s
Description: S/MIME Cryptographic Signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL SHA algorithm

2017-12-26 Thread Swapnil Deshpande 
Thanks all, this has been really helpful.

On Tue, Dec 26, 2017 at 5:44 AM, Kurt Roeckx  wrote:

> On Mon, Dec 25, 2017 at 07:44:58PM -0800, Swapnil Deshpande wrote:
> > Hi all,
> >
> > Noob here. I recently discovered that the "-sha1" and "-sha" flags in the
> > "openssl dgst" command produce different outputs. I thought those were
> the
> > same algorithms but turns out they are not:
> >
> > $ echo -n "password" | openssl dgst -sha
> >
> > 80072568beb3b2102325eb203f6d0ff92f5cef8e
> >
> >
> > $ echo -n "password" | openssl dgst -sha1
> >
> > 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
> >
> >
> > I am aware of SHA1 and the SHA-128 algorithm.
> >
> >
> > 1. What algorithm is used to generate hash when I use the "-sha" option?
>
> It's the original SHA algorithm, which people will now refer to as
> SHA-0. It has some minor but important changes compared to SHA-1.
>
> > 2. What could I have done to get this answer to #1 in a better way? I am
> > asking this because I tried to find what algorithm is being used through
> > the "help" option as well as trying to search via "man openssl" but
> > couldn't find anything. I also did a basic search for "openssl sha vs
> sha1"
> > and couldn't find any relevant results. If there was a better way to know
> > more about this option (say by reading some documentation), I'd be glad
> to
> > know about it.
>
> I started a pull request:
> https://github.com/openssl/openssl/pull/4979
>
> There are probably other changes that should happen.
>
>
> Kurt
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL SHA algorithm

2017-12-26 Thread Kurt Roeckx 
On Mon, Dec 25, 2017 at 07:44:58PM -0800, Swapnil Deshpande wrote:
> Hi all,
> 
> Noob here. I recently discovered that the "-sha1" and "-sha" flags in the
> "openssl dgst" command produce different outputs. I thought those were the
> same algorithms but turns out they are not:
> 
> $ echo -n "password" | openssl dgst -sha
> 
> 80072568beb3b2102325eb203f6d0ff92f5cef8e
> 
> 
> $ echo -n "password" | openssl dgst -sha1
> 
> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
> 
> 
> I am aware of SHA1 and the SHA-128 algorithm.
> 
> 
> 1. What algorithm is used to generate hash when I use the "-sha" option?

It's the original SHA algorithm, which people will now refer to as
SHA-0. It has some minor but important changes compared to SHA-1.

> 2. What could I have done to get this answer to #1 in a better way? I am
> asking this because I tried to find what algorithm is being used through
> the "help" option as well as trying to search via "man openssl" but
> couldn't find anything. I also did a basic search for "openssl sha vs sha1"
> and couldn't find any relevant results. If there was a better way to know
> more about this option (say by reading some documentation), I'd be glad to
> know about it.

I started a pull request:
https://github.com/openssl/openssl/pull/4979

There are probably other changes that should happen.


Kurt

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL SHA algorithm

2017-12-26 Thread Dave Coombs 
Hi,

Wikipedia has some information.

https://en.wikipedia.org/wiki/Secure_Hash_Algorithms

What is produced by "dgst -sha" is what the above link is calling SHA-0 
(originally just called SHA).

All the best,
  -Dave


> On Dec 25, 2017, at 22:44, Swapnil Deshpande  
> wrote:
> 
> Hi all,
> 
> Noob here. I recently discovered that the "-sha1" and "-sha" flags in the 
> "openssl dgst" command produce different outputs. I thought those were the 
> same algorithms but turns out they are not:
> 
> $ echo -n "password" | openssl dgst -sha
> 80072568beb3b2102325eb203f6d0ff92f5cef8e
> 
> $ echo -n "password" | openssl dgst -sha1
> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
> 
> I am aware of SHA1 and the SHA-128 algorithm. 
> 
> 1. What algorithm is used to generate hash when I use the "-sha" option?
> 2. What could I have done to get this answer to #1 in a better way? I am 
> asking this because I tried to find what algorithm is being used through the 
> "help" option as well as trying to search via "man openssl" but couldn't find 
> anything. I also did a basic search for "openssl sha vs sha1" and couldn't 
> find any relevant results. If there was a better way to know more about this 
> option (say by reading some documentation), I'd be glad to know about it. 
> 
> Merry Christmas. 
> 
> Regards,
> Swapnil
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] How to form a proper hash after writing something into SSL handshake.

2017-12-26 Thread Sai Teja Chowdary 

Hi,

Happy Holidays everyone.

I want to send client certificate, client key exchange and client verify in a 
single handshake message which appears as multiple handshake messages in a 
single record. But to sent the client verify I need to first make a hash of 
previous messages(client certificate and client key exchange) to create the 
signature.

Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX  (or 
right procedure that needs to be done before creating a certificate verify 
message)that can do a proper transcript(digest or hash not clear). I tried 
using ssl3_finish_mac() on the message containing client certificate and client 
key exchange and then tried to generate the signature in certificate verify 
message.
But it is giving me a digest error. I am new to the mailing list want a bit of 
help to proceed forward stuck here. Please reply in case if anything is not 
clear.

Here is a code snippet, how I am forming the data containing all client 
certificate , client key exchange and certificate verify messages inside 
write_state_machine().

if(WPACKET_init(, s->init_buf)){
//Client certificate formation
 if(!ssl_set_handshake_header(s,,mt) || confunc != NULL && 
!confunc(s,) ||  !ssl_close_construct_packet(s,,mt)){
  printf("PROBLEM\n");
}
 transition(s);  //transition to next state i.e client key exchange

 get_construct_message_f(s, , , );
//client key exchange formation
 if(!ssl_set_handshake_header(s,,mt) || confunc != NULL && 
!confunc(s,) ||  !ssl_close_construct_packet(s,,mt)){
   printf("AGAIN A PROBLEMO\n");
}

//ssl3_finish_mac(s, >init_buf->data[s->init_off], s->init_num);
 st->write_state_work = post_work(s, st->write_state_work);
 transition(s);  // transition to next state i.e  certificate verify

 get_construct_message_f(s, , , );
//certificate verify message formation.
 if(!ssl_set_handshake_header(s,,mt) || confunc != NULL && 
!confunc(s,) ||  
!ssl_close_construct_packet(s,,mt)){
   printf("AGAIN A PROBLEMO\n");
}
 WPACKET_finish();


Please take a look at it, appreciate every bit of help.

Regards,
Saiteja

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Create a signed file from detached signature and clear file content

2017-12-26 Thread Antonio Iacono 
Hi,

I think I have solved. Maybe you can write better and in fewer lines anyway
this attached code works.

Antonio

2017-12-20 11:07 GMT+01:00 Antonio Iacono :

>
> Hi,
> assuming I have the following:
> - data.txt
> - data.p7s (the detached signature)
>
> Can I generate the bundled (p7m) signed file ?
>
> I tried:
>
> content = BIO_new_file("data.txt", "rb");
> signature = BIO_new_file("data.p7s", "rb");
> p7 = d2i_PKCS7_bio(signature, NULL);
> PKCS7_set_detached(p7, 0);
> bundled = BIO_new_file("bundled.p7m", "wb");
> i2d_PKCS7_bio_stream(bundled, p7, content, 0);
>
> but the generated file (bundled.p7m) is identical to the signature file
> (data.p7s)
>
> Thanks,
> Antonio
>
>
>
#include 
#include 
#include 
#include 
#include 

int
main (int argc, char *argv[])
{
  PKCS7 *p7, *p7signature;
  PKCS7_SIGNER_INFO *si;
  char buf[1024 * 4];
  char **args;
  char *infile = NULL;
  char *signaturefile = NULL;
  char *outfile = NULL;
  char *cont;
  BIO *data, *p7bio, *out = NULL, *signature = NULL;
  int badarg = 0;
  long contlen;
  STACK_OF (X509) * certs = NULL;
  STACK_OF (PKCS7_SIGNER_INFO) * sinfos;
  ASN1_OCTET_STRING *os = NULL;

#ifndef NO_SHA256
  EVP_add_digest (EVP_sha256 ());
#endif

#ifndef NO_SHA1
  EVP_add_digest (EVP_sha1 ());
#endif

  args = argv + 1;

  while (!badarg && *args && *args[0] == '-')
{
  if (!strcmp (*args, "-p7s"))
	{
	  if (args[1])
	{
	  args++;
	  signaturefile = *args;
	}
	  else
	badarg = 1;
	}
  else if (!strcmp (*args, "-in"))
	{
	  if (args[1])
	{
	  args++;
	  infile = *args;
	}
	  else
	badarg = 1;
	}
  else if (!strcmp (*args, "-out"))
	{
	  if (args[1])
	{
	  args++;
	  outfile = *args;
	}
	  else
	badarg = 1;
	}
  else
	badarg = 1;
  args++;
}

  if (badarg || argc < 2)
{
  printf ("%s", "\nUse: \n\n");
  printf ("%s",
	  "-in content_file \n-p7s signature_p7s \n-out file_p7m\n\n");

  return 1;
}

  data = BIO_new (BIO_s_file ());

  if (!BIO_read_filename (data, infile))
goto err;
  if (!(out = BIO_new_file (outfile, "w")))
goto err;
  p7 = PKCS7_new ();
  PKCS7_set_type (p7, NID_pkcs7_signed);
  signature = BIO_new_file (signaturefile, "r");
  if (!signature)
goto err;

  p7signature = d2i_PKCS7_bio (signature, NULL);
  certs = p7signature->d.sign->cert;
  for (int c = 0; c < sk_X509_num (certs); c++)
{
  X509 *cert = sk_X509_value (certs, c);
  PKCS7_add_certificate (p7, cert);
}
  sinfos = p7signature->d.sign->signer_info;

  for (int i = 0; i < sk_PKCS7_SIGNER_INFO_num (sinfos); i++)
{
  si = sk_PKCS7_SIGNER_INFO_value (sinfos, i);
  PKCS7_add_signer (p7, si);
}

  PKCS7_content_new (p7, NID_pkcs7_data);
  if ((p7bio = PKCS7_dataInit (p7, NULL)) == NULL)
goto err;
  for (;;)
{
  int i = BIO_read (data, buf, sizeof (buf));
  if (i <= 0)
	break;
  BIO_write (p7bio, buf, i);
}

  contlen = BIO_get_mem_data (p7bio, );
  os = p7->d.sign->contents->d.data;
  ASN1_STRING_set0 (os, (unsigned char *) cont, contlen);
  i2d_PKCS7_bio (out, p7);
  PKCS7_free (p7);
  BIO_free (p7bio);
  BIO_free_all (out);
  return 0;

err:
  ERR_load_crypto_strings ();
  ERR_print_errors_fp (stderr);
  return 1;
}
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users