Re: OpenSSL 3.0 FIPS questions

2021-10-25 Thread Dr Paul Dale 
It was meant for the second method only.  The first method is using 
different library contexts to distinguish FIPS algorithms.  Using the 
properties in addition is harmless and might prevent a future mistake 
that breaks compliance.


Pauli

On 26/10/21 4:46 am, Jason Schultz wrote:
Thanks again. I think most of that makes sense. Going back to your 
initial response, there is something I'm not clear on.


The second method you explained (which I don't plan to use) starting 
with "Alternatively,..." included the calls to OSSL_PRIVIDER_load(), 
and then discussed calling the following API for FIPS:

    EVP_set_default_properties(NULL, “fips=yes”);

Was the EVP_set_default_properties() call specifically and only for 
the 2nd method, or did that API call apply to both the first and 
second methods you explained? From reading the doc for that call, it 
seems like I should be doing it if I use the first method as well.


Regards,

Jason


*From:* openssl-users  on behalf of 
Dr Paul Dale 

*Sent:* Sunday, October 24, 2021 11:12 PM
*To:* openssl-users@openssl.org 
*Subject:* Re: OpenSSL 3.0 FIPS questions
The configuration shouldn't have much impact.  You will need a fips 
section specifying where the integrity check data are.  You shouldn't 
need base or default sections.



Pauli

On 25/10/21 5:23 am, Jason Schultz wrote:
Thank you for your response. I think all of that makes sense, and 
seems to accomplish what I want programmatically, limiting it to my 
application. I guess the only question I have is what about the 
config files? Should they remain as they were installed, or do I need 
to provide sections for fips, base, default, etc?


Regards,

Jason



*From:* openssl-users  
 on behalf of Dr Paul Dale 
 

*Sent:* Sunday, October 24, 2021 12:28 AM
*To:* openssl-users@openssl.org  
 

*Subject:* Re: OpenSSL 3.0 FIPS questions
Oops, the second time this occurs "defp = 
OSSL_PROVIDER_load(non_fips_libctx, "default");" it should be "defp = 
OSSL_PROVIDER_load(NULL, "default");"



Pauli

On 24/10/21 10:06 am, Dr Paul Dale wrote:

defp = OSSL_PROVIDER_load(non_fips_libctx, "default");

SSL handshake with a web server using Memory BIOs?

2021-10-25 Thread doa379 
Suppose the TLS layer is initialized in the form:

  SSL_CTX *ctx = SSL_CTX_new(TLS_client_method());
  BIO *r = BIO_new(BIO_s_mem());
  BIO *w = BIO_new(BIO_s_mem());
  SSL *ssl = SSL_new(ctx);
  SSL_set_bio(ssl, r, w);
  SSL_set_connect_state(ssl);

I want to use BIO so that I can control IO to/from the TCP layer 
underneath using standard system-esque calls (connect(), 
read(), write() on a socket fd).

The transfer itself is carried out through SSL_write() then followed by 
BIO_read(), and BIO_write() followed by SSL_read() in/from the 
respective BIO *w, *r.

This is all fine and dandy but how should the manual handshake be 
implemented?

Something akin to:

{
  char buffer[1024];
  while (!SSL_is_init_finished(ssl))
  {
SSL_do_handshake(ssl);
int nbytes;
if ((nbytes = BIO_read(w, buffer, sizeof buffer)) > 0)
  write(fd, buffer, nbytes);
else if ((nbytes = read(fd, buffer, sizeof buffer)) > 0)
  BIO_write(r, buffer, nbytes);
  }
}

Such a handshake can be put in wherever the server/client needs to 
connect, eg called during initialization.

The handshake works fine when the client-server is on a localhost. 
However when connecting to a web server the handshake takes long to 
return and doesn't do the handshake either. So the question is, what 
further provisions need to be made to connect to a non-local web server? 
Or perhaps the above handshake should be integral to BIO_write() and 
BIO_read() calls. I'm not sure, I have not looked at the actual 
library sources as what SSL_() precisely does. Anyone care to send some 
info my way in this particular case..?

Re: OpenSSL 3.0 FIPS questions

2021-10-25 Thread Jason Schultz 
Thanks again. I think most of that makes sense. Going back to your initial 
response, there is something I'm not clear on.

The second method you explained (which I don't plan to use) starting with 
"Alternatively,..." included the calls to OSSL_PRIVIDER_load(), and then 
discussed calling the following API for FIPS:


   EVP_set_default_properties(NULL, “fips=yes”);

Was the EVP_set_default_properties() call specifically and only for the 2nd 
method, or did that API call apply to both the first and second methods you 
explained? From reading the doc for that call, it seems like I should be doing 
it if I use the first method as well.

Regards,

Jason


From: openssl-users  on behalf of Dr Paul 
Dale 
Sent: Sunday, October 24, 2021 11:12 PM
To: openssl-users@openssl.org 
Subject: Re: OpenSSL 3.0 FIPS questions

The configuration shouldn't have much impact.  You will need a fips section 
specifying where the integrity check data are.  You shouldn't need base or 
default sections.


Pauli

On 25/10/21 5:23 am, Jason Schultz wrote:
Thank you for your response. I think all of that makes sense, and seems to 
accomplish what I want programmatically, limiting it to my application. I guess 
the only question I have is what about the config files? Should they remain as 
they were installed, or do I need to provide sections for fips, base, default, 
etc?

Regards,

Jason



From: openssl-users 
 
on behalf of Dr Paul Dale 
Sent: Sunday, October 24, 2021 12:28 AM
To: openssl-users@openssl.org 

Subject: Re: OpenSSL 3.0 FIPS questions

Oops, the second time this occurs "defp = OSSL_PROVIDER_load(non_fips_libctx, 
"default");" it should be "defp = OSSL_PROVIDER_load(NULL, "default");"


Pauli

On 24/10/21 10:06 am, Dr Paul Dale wrote:
defp = OSSL_PROVIDER_load(non_fips_libctx, "default");

Re: Openssl 3.0.0 creating ECC key from X and Y, PEM_write_PUBKEY fails

2021-10-25 Thread Matt Caswell 




On 22/10/2021 21:02, Ken Goldman wrote:

I have X and Y as bignums.  I create EVP_PKEY with this.

I suspect that I have to do another step to indicate that I supplied X 
and Y and not a compressed

public key.


Unfortunately supplying x and y separately is not supported for import. 
You have to instead use OSSL_PKEY_PARAM_PUB_KEY. You can supply the key 
as an uncompressed public key simply be concatenating the byte "04", the 
x co-ord (padded to the appropriate size if necessary) and the y co-cord 
(also padded as appropriate).


The OSSL_PKEY_PARAM_EC_PUB_X and OSSL_PKEY_PARAM_EC_PUB_Y parameters are 
defined as "getters" only. From the manual:



"qx" (OSSL_PKEY_PARAM_EC_PUB_X) 
Used for getting the EC public key X component.

"qy" (OSSL_PKEY_PARAM_EC_PUB_Y) 
Used for getting the EC public key Y component.

https://www.openssl.org/docs/man3.0/man7/EVP_PKEY-EC.html



 param_bld = OSSL_PARAM_BLD_new();
 rc = getEcCurveString(,    gets strings like 
prime256v1
 irc = OSSL_PARAM_BLD_push_utf8_string(param_bld, 
OSSL_PKEY_PARAM_GROUP_NAME,

   curveString, 0);
 irc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_EC_PUB_X, x);
 irc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_EC_PUB_Y, y);
 params = OSSL_PARAM_BLD_to_param(param_bld);
 ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
 irc = EVP_PKEY_fromdata_init(ctx);
 irc = EVP_PKEY_fromdata(ctx, evpPubkey, EVP_PKEY_PUBLIC_KEY, params);


It's actually quite surprising that this call succeeds. IMO it should 
have failed:


https://github.com/openssl/openssl/issues/16912

What you've actually ended up with here is a parameters only EVP_PKEY value.



following that, this fails with

 irc = PEM_write_PUBKEY(pemFile, evpPubkey);

==88032== Invalid read of size 8



This crash is a bug in OpenSSL. You should have got a failure because 
your EVP_PKEY doesn't have a public key in it:



https://github.com/openssl/openssl/pull/16911

Matt

Re: OSSL_DECODER_CTX_new_for_pkey can't find decoder

2021-10-25 Thread Matt Caswell 




On 25/10/2021 10:51, Alex Dankow wrote:

Hi everyone,

I'm writing a provider for Windows certificates.
It generally works like this

openssl x509 -in "myuri .." -provider mytest -text

OpenSSL fetches a DER encoded certificate from my STORE and prints it.
However it doesn't print the public key itself.
The code in x_pubkey.c near OSSL_DECODER_CTX_new_for_pkey "DER", 
"SubjectPublicKeyInfo" fails to find a decoder. The rest is decoded by 
OpenSSL


But if I add provider "default" in the command line:
openssl x509 -in "myuri .." -provider mytest -provider default -text
It works completely.

Am I missing something or  is it a bug ?


This is correct behaviour. From the crypto man page:

'If you don't load any providers at all then the "default" provider will be
automatically loaded. If you explicitly load any provider then the "default"
provider would also need to be explicitly loaded if it is required.'

https://www.openssl.org/docs/man3.0/man7/crypto.html

Also mentioned on the default provider man page:

'If an attempt to load a provider has already been made (whether 
successful or not) then the default provider won't be loaded 
automatically. Therefore if the default provider is to be used in 
conjunction with other providers then it must be loaded explicitly. 
Automatic loading of the default provider only occurs a maximum of once; 
if the default provider is explicitly unloaded then the default provider 
will not be automatically loaded again.'


https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-default.html

And on the config file man page:

'If no providers are activated explicitly, the default one is activated 
implicitly. See OSSL_PROVIDER-default(7) for more details.


If you add a section explicitly activating any other provider(s), you 
most probably need to explicitly activate the default provider, 
otherwise it becomes unavailable in openssl. It may make the system 
remotely unavailable.'


https://www.openssl.org/docs/man3.0/man5/config.html


Matt

OSSL_DECODER_CTX_new_for_pkey can't find decoder

2021-10-25 Thread Alex Dankow 
Hi everyone,

I'm writing a provider for Windows certificates.
It generally works like this

openssl x509 -in "myuri .." -provider mytest -text

OpenSSL fetches a DER encoded certificate from my STORE and prints it.
However it doesn't print the public key itself.
The code in x_pubkey.c near OSSL_DECODER_CTX_new_for_pkey "DER",
"SubjectPublicKeyInfo" fails to find a decoder. The rest is decoded by
OpenSSL

But if I add provider "default" in the command line:
openssl x509 -in "myuri .." -provider mytest -provider default -text
It works completely.

Am I missing something or  is it a bug ?

--
Best Regards
Alex Dankow

Re: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0

2021-10-25 Thread Matt Caswell 

Caveat: I've not tested or compiled the following...but something like this:

if (EVP_PKEY_is_a(evpKey, "RSA)) {
keysz = EVP_PKEY_get_bits(evpKey) / 8;
/* some code */
} else if (EVP_PKEY_is_a(evpKey, "EC")) {
char *name;
size_t namesize;

if (!EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
NULL, 0, ))
/* error */;
name = OPENSSL_malloc(namesize + 1);
if (name == NULL)
/* error */
if (!EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
name, namesize + 1, 0))
/* error */
/* This gets you the curve name as a string. If you really need as
 * an integer you can additionally do the following - but note that
 * some providers might add curves that libcrypto doesn't know about
 * so this could fail
 */
ecGrpId = OBJ_txt2nid(name);
if (ecGrpId == NID_undef)
/* error */;
OPENSSL_free(name);
/* some code */
}

On 25/10/2021 10:21, Paramashivaiah, Sunil wrote:

Hi Matt,

Thanks for the reply. I need to replace the below code.

   int keysz,ecGrpId;

 switch(evpKey->type)
 {
 case NID_rsaEncryption:
 {
 if(evpKey->pkey.rsa)
 {
 keysz = BN_num_bits(evpKey->pkey.rsa->n);
 .
 .
/* some code */
 }
 break;
 }
 case NID_X9_62_id_ecPublicKey:
 {
 ecGrpId = EC_GROUP_get_curve_name(evpKey->pkey.ec->group);
 /* some code follows*/

Thanks and Regards,
Sunil

-Original Message-
From: Matt Caswell 
Sent: Monday, October 25, 2021 2:23 PM
To: Paramashivaiah, Sunil ; 
openssl-users@openssl.org
Subject: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL 
1.0.2 to 3.0



On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:

Hi All,

      I need get APIs for accessing the members of  EVP_PKEY.
Please suggest APIs to get following members of EVP_PKEY

evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group.


EVP_PKEY_get_id() will get you the `evpkey->type` value. But note that in the provider 
world an external provider could add key types that are unknown to libcrypto. 
"EVP_PKEY_is_a" is a more future proof way to go.

https://clicktime.symantec.com/3TPr6AZe5xYBkrduooQtHHv6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_PKEY_is_a.html

E.g.

if (EVP_PKEY_is_a(pkey, "RSA")) ...;
if (EVP_PKEY_is_a(pkey, "EC")) ...;


The "evppkey->pkey.rsa" value can be obtained via EVP_PKEY_get0_RSA() but note 
that this is deprecated. You are encouraged to not use the RSA structure at all in 3.0 (all 
the functions that take an RSA structure are deprecated). So you should look at what you are 
trying to do with
evpkey->pkey.rsa and refactor things to not need it. Why do you want this?

Similar comments apply to "pubkey->pkey.ec". You can get the EC_KEY object using 
EVP_PKEY_get0_EC_KEY() but this is deprecated. You can get the group from an EC_KEY using 
EC_KEY_get0_group() - but this is also deprecated. Instead you might consider getting the "group 
name" for the EC key which will tell you what curve is in use, e.g.

EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
 NULL, 0, ); name = 
OPENSSL_malloc(namesize + 1); EVP_PKEY_get_utf8_string_param(pkey, 
OSSL_PKEY_PARAM_GROUP_NAME,
 name, namesize + 1, 0);

https://clicktime.symantec.com/36qEeyKryNCZ32uxNgfFe4p6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_PKEY_get_utf8_string_param.html

Matt




Thanks and Regards,

Sunil


Notice: This e-mail together with any attachments may contain
information of Ribbon Communications Inc. and its Affiliates that is
confidential and/or proprietary for the sole use of the intended
recipient. Any review, disclosure, reliance or distribution by others
or forwarding without express permission is strictly prohibited. If
you are not the intended recipient, please notify the sender
immediately and then delete all copies, including any attachments.


Notice: This e-mail together with any attachments may contain information of 
Ribbon Communications Inc. and its Affiliates that is confidential and/or 
proprietary for the sole use of the intended recipient. Any review, disclosure, 
reliance or distribution by others or forwarding without express permission is 
strictly prohibited. If you are not the intended recipient, please notify the 
sender immediately and then delete all copies, including any attachments.

RE: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0

2021-10-25 Thread Paramashivaiah, Sunil 
Hi Matt,

   Thanks for the reply. I need to replace the below code.

  int keysz,ecGrpId;

switch(evpKey->type)
{
case NID_rsaEncryption:
{
if(evpKey->pkey.rsa)
{
keysz = BN_num_bits(evpKey->pkey.rsa->n);
.
.
   /* some code */
}
break;
}
case NID_X9_62_id_ecPublicKey:
{
ecGrpId = EC_GROUP_get_curve_name(evpKey->pkey.ec->group);
/* some code follows*/

Thanks and Regards,
Sunil

-Original Message-
From: Matt Caswell  
Sent: Monday, October 25, 2021 2:23 PM
To: Paramashivaiah, Sunil ; 
openssl-users@openssl.org
Subject: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL 
1.0.2 to 3.0



On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:
> Hi All,
> 
>      I need get APIs for accessing the members of  EVP_PKEY. 
> Please suggest APIs to get following members of EVP_PKEY
> 
> evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group.

EVP_PKEY_get_id() will get you the `evpkey->type` value. But note that in the 
provider world an external provider could add key types that are unknown to 
libcrypto. "EVP_PKEY_is_a" is a more future proof way to go.

https://clicktime.symantec.com/3TPr6AZe5xYBkrduooQtHHv6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_PKEY_is_a.html

E.g.

if (EVP_PKEY_is_a(pkey, "RSA")) ...;
if (EVP_PKEY_is_a(pkey, "EC")) ...;


The "evppkey->pkey.rsa" value can be obtained via EVP_PKEY_get0_RSA() but note 
that this is deprecated. You are encouraged to not use the RSA structure at all 
in 3.0 (all the functions that take an RSA structure are deprecated). So you 
should look at what you are trying to do with 
evpkey->pkey.rsa and refactor things to not need it. Why do you want this?

Similar comments apply to "pubkey->pkey.ec". You can get the EC_KEY object 
using EVP_PKEY_get0_EC_KEY() but this is deprecated. You can get the group from 
an EC_KEY using EC_KEY_get0_group() - but this is also deprecated. Instead you 
might consider getting the "group name" for the EC key which will tell you what 
curve is in use, e.g.

EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
NULL, 0, ); name = 
OPENSSL_malloc(namesize + 1); EVP_PKEY_get_utf8_string_param(pkey, 
OSSL_PKEY_PARAM_GROUP_NAME,
name, namesize + 1, 0);

https://clicktime.symantec.com/36qEeyKryNCZ32uxNgfFe4p6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_PKEY_get_utf8_string_param.html

Matt


> 
> Thanks and Regards,
> 
> Sunil
> 
> 
> Notice: This e-mail together with any attachments may contain 
> information of Ribbon Communications Inc. and its Affiliates that is 
> confidential and/or proprietary for the sole use of the intended 
> recipient. Any review, disclosure, reliance or distribution by others 
> or forwarding without express permission is strictly prohibited. If 
> you are not the intended recipient, please notify the sender 
> immediately and then delete all copies, including any attachments.

Notice: This e-mail together with any attachments may contain information of 
Ribbon Communications Inc. and its Affiliates that is confidential and/or 
proprietary for the sole use of the intended recipient. Any review, disclosure, 
reliance or distribution by others or forwarding without express permission is 
strictly prohibited. If you are not the intended recipient, please notify the 
sender immediately and then delete all copies, including any attachments.

Re: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0

2021-10-25 Thread Matt Caswell 




On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:

Hi All,

     I need get APIs for accessing the members of  EVP_PKEY. Please 
suggest APIs to get following members of EVP_PKEY


evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group.


EVP_PKEY_get_id() will get you the `evpkey->type` value. But note that 
in the provider world an external provider could add key types that are 
unknown to libcrypto. "EVP_PKEY_is_a" is a more future proof way to go.


https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_is_a.html

E.g.

if (EVP_PKEY_is_a(pkey, "RSA")) ...;
if (EVP_PKEY_is_a(pkey, "EC")) ...;


The "evppkey->pkey.rsa" value can be obtained via EVP_PKEY_get0_RSA() 
but note that this is deprecated. You are encouraged to not use the RSA 
structure at all in 3.0 (all the functions that take an RSA structure 
are deprecated). So you should look at what you are trying to do with 
evpkey->pkey.rsa and refactor things to not need it. Why do you want this?


Similar comments apply to "pubkey->pkey.ec". You can get the EC_KEY 
object using EVP_PKEY_get0_EC_KEY() but this is deprecated. You can get 
the group from an EC_KEY using EC_KEY_get0_group() - but this is also 
deprecated. Instead you might consider getting the "group name" for the 
EC key which will tell you what curve is in use, e.g.


EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
   NULL, 0, );
name = OPENSSL_malloc(namesize + 1);
EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
   name, namesize + 1, 0);

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_get_utf8_string_param.html

Matt




Thanks and Regards,

Sunil


Notice: This e-mail together with any attachments may contain 
information of Ribbon Communications Inc. and its Affiliates that is 
confidential and/or proprietary for the sole use of the intended 
recipient. Any review, disclosure, reliance or distribution by others or 
forwarding without express permission is strictly prohibited. If you are 
not the intended recipient, please notify the sender immediately and 
then delete all copies, including any attachments.

Re: Matching keys between providers

2021-10-25 Thread Tomas Mraz 
On Sat, 2021-10-23 at 11:04 +0700, Alex Dankow wrote:
> Hi OpenSSL users and its glorious developers, 
> 
> Thank you very much for OpenSSL 3!
> 
> My question is about writing a provider. I decided to start from a
> Windows certificate storage provider. It already works with "openssl
> storeutl" command, but can't make it work with "openssl ca".
> 
> When openssl expects a certificate, I return an encoded certificate
> directly. OpenSSL parses it and the public key belongs to the "OpenSSL
> RSA" provider. I can't give private keys from Windows cert. storage and
> return something virtual from my key management provider.
> 
> At the next step, openssl.exe does matching, compares key types: public
> key's type is "OpenSSL RSA" and the private key type of "MYPKEY". It is
> done in  evp_keymgmt_util_match.
> I was hoping it would be called OSSL_FUNC_KEYMGMT_MATCH for both
> providers, but it only compares strings and says types are different.
> If I declare that my key management also handles RSA in OSSL_ALGORITHM
> as "MYPKEY:RSA" OpenSSL tool gives an error that RSA has an existing
> different identity.
> 
> I'm exploring the source, but I'm stuck. Is it the wrong approach or I
> missed something ?

This is something that should be resolved by:

https://github.com/openssl/openssl/pull/16725

The key type for RSA keys must be "RSA". And the PR linked above should
ensure that the unexportable RSA keys from the keystore would be
handled by your provider.

-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
  Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]