parsing invalid DER

2022-09-01 Thread Dave Coombs via openssl-users 
Hello,

I have in my possession some smartcards whose pkcs15 objects contain
incorrectly structured DER encodings, and I need to get these cards
working in my card management tool.  I've made structs corresponding to
the relevant parts of pkcs15 using openssl's ASN1 module, but naturally
the invalid encodings are not surviving contact with my d2i_ABC()
functions.

I'm using openssl 1.1.1o, I should say.  I should also add these
structures on the cards are read-only, so I can't even fix them, I just
have to deal with them.

These are the 2 invalid encodings I have seen:

First, a bit-string used for flags, encoded as (hex) 030108.  That is,
the number of unused bits is set to 8, and no other content, presumably
indicating no flags are set.  DER would have this be 030100 instead. 
My d2i is resulting in ASN1_R_INVALID_BIT_STRING_BITS_LEFT in
c2i_ASN1_BIT_STRING().

Second, a positive integer with leading 00 padding which is not
necessary, encoded as 80020042.  (It has an implicit [0] tag.)  DER
would have this be 800142.  My d2i is resulting in
ASN1_R_ILLEGAL_PADDING in c2i_ibuf().

So!  Is it possible to work around these, using ASN1_MACRO trickery or
what-have-you?  It's pretty clear I should end up with an empty bit-
string and integer value 0x42, so is there a way to loosen the parser's
pickiness and achieve this?

I could sanitize the inputs myself first, but at that point I'd be
writing my own parser and I wouldn't need openssl's. :/

Any help would be appreciated.  Thanks,
  -Dave




smime.p7s
Description: S/MIME cryptographic signature

Re: Symbols X509_set_notAfter and X509_set_notBefore are missing

2021-04-10 Thread Dave Coombs 
Is there a chance you're compiling using the 1.0.2 headers but linking
against 1.1.1?

  -D.


On Fri, 2021-04-09 at 20:48 +, Robert Smith via openssl-users
wrote:
> Unfortunately I am unable to link:
> 
> ../bin/arm_release/libAppcrypt.a(Certificate.o): In function 
> `CreateCertificateHandler':
> /home/user/trunk/common/App/Crypt/ATCL/Certificate.cpp:198: undefined 
> reference to `X509_set_notBefore'
> /home/user/trunk/common/App/Crypt/ATCL/Certificate.cpp:202: undefined 
> reference to `X509_set_notAfter'
> 
> Any idea?
> 
> 
> On Friday, April 9, 2021, 04:13:32 PM EDT, Benjamin Kaduk  
> wrote:
> 
> 
> They are macros now.  You should still be able to build code that uses them.
> 
> -Ben
> 
> On Fri, Apr 09, 2021 at 08:03:28PM +, Robert Smith via openssl-users 
> wrote:
> > Hello,
> > I am porting application from openSSL version 1.0.2u to 1.1.1k and linker 
> > complaints that symbols X509_set_notAfter and X509_set_notBefore are 
> > missing.
> > 
> > I've checked both versions 1.0.2u and 1.1.1k and I see that these symbols 
> > really are not present in 1.1.1k. 
> > user@ubuntu_dev_vm:~/tools/openssl$ nm -D --defined-only 
> > 1.0.2u/lib/libcrypto.so.1.0.0 | grep X509_set_not00110994 T 
> > X509_set_notAfter001109fc T X509_set_notBefore 
> > user@ubuntu_dev_vm:~/tools/openssl$ nm -D --defined-only 
> > 1.1.1k/libcrypto.so.1.1 | grep X509_set_not 
> > user@ubuntu_dev_vm:~/tools/openssl$ 
> > I use default builds with NO limiting defines OPENSSL_API_COMPAT as 
> > described in the wiki : 
> > https://urldefense.com/v3/__https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes__;!!GjvTz_vk!BsiPUDmweh0jSUO9gmeu60lRgq1aIS7FPk1Q6SJsI7kns9h5ZO64IagBa0aJZA$
> 
> > 
> > Can anyone clarify how to resolve the issue with X509_set_notAfter and 
> > X509_set_notBefore symbols.
> > 
> > ThanksRobert


smime.p7s
Description: S/MIME cryptographic signature

Re: Help with certificatePolicies section

2020-04-07 Thread Dave Coombs 
Hi,

I could be wrong, but I think the problem may be that [Cert_policy_server] has 
a policyIdentifier with two values.  Try something like:

[server_cert]
certificatePolicies = ia5org, @Cert_policy_server, @Cert_other_policy_server

[Cert_policy_server]
policyIdentifier = GroupeSTIAssurance
CPS.1 = http://cps.groupesti.com

[Cert_other_policy_server]
policyIdentifier = GroupeSTIDevice

Good luck,
  -Dave


> On Apr 7, 2020, at 11:57, Richard Simard  wrote:
> 
> Libor Chocholaty
>  
> openssl ca -config etc/intermediate.cnf -extensions server_cert -days 1825 
> -notext -md sha256 -in intermediate/csr/test.groupesti.com.csr -out 
> intermediate/certs/test.groupesti.com.crt
>  
> Using configuration from etc/intermediate.cnf
> Enter pass phrase for /CA/intermediate/private/intermediate.key: 
>  
> Error Loading extension section server_cert
> 140542588306560:error:0E06D06C:configuration file 
> routines:NCONF_get_string:no 
> value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn
> 140542588306560:error:0E06D06C:configuration file 
> routines:NCONF_get_string:no 
> value:../crypto/conf/conf_lib.c:273:group=CA_default name=rand_serial
> 140542588306560:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first 
> num too large:../crypto/asn1/a_object.c:73:
> 140542588306560:error:2208306E:X509 V3 routines:policy_section:invalid object 
> identifier:../crypto/x509v3/v3_cpols.c:183:section:Cert_policy_server,name:policyIdentifier,value:GroupeSTIAssurance,
>  GroupeSTIDevice
> 140542588306560:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in 
> extension:../crypto/x509v3/v3_conf.c:47:name=certificatePolicies, 
> value=ia5org, @Cert_policy_server
>  
> Intermediate.cnf
>  
> [ openssl_init ]
> oid_section = oids_section
>  
> [ ca ]
> default_ca  = CA_default
>  
> [ CA_default ]
> dir = /CA/intermediate
> certs   = $dir/certs
> crl_dir = $dir/crl
> new_certs_dir   = $dir/newcerts
> database= $dir/index.txt
> serial  = $dir/serial
> RANDFILE= $dir/private/.rand
> private_key = $dir/private/intermediate.key
> certificate = $dir/certs/intermediate.crt
> crlnumber   = $dir/crlnumber
> crl = $dir/crl/intermediate.crl
> crl_extensions  = crl_ext
> default_crl_days= 30
> default_md  = sha256
> name_opt= ca_default
> cert_opt= ca_default
> default_days= 375
> preserve= no
> policy  = policy_loose
>  
> [ policy_strict ]
> countryName = match
> stateOrProvinceName = match
> organizationName= match
> organizationalUnitName  = optional
> commonName  = supplied
> emailAddress= optional
>  
> [ policy_loose ]
> countryName = optional
> stateOrProvinceName = optional
> localityName= optional
> organizationName= optional
> organizationalUnitName  = optional
> commonName  = supplied
> emailAddress= optional
>  
> [ req ]
> default_bits= 2048
> distinguished_name  = req_distinguished_name
> utf8= yes
> string_mask = utf8only
> name_opt= multiline, -esc_msb, utf8
> default_md  = sha256
> x509_extensions = v3_ca
>  
> [ req_distinguished_name ]
> countryName = "1. Nom du pays (2 lettres)  (Ex, 
> CA)  "
> countryName_max = 2
> countryName_default = CA
> stateOrProvinceName = "2. Nom de l'État ou de la province  (Ex, 
> Québec)  "
> stateOrProvinceName_default = Québec
> localityName= "3. Nom de localité  (Ex, 
> Saguenay)"
> localityName_default= Saguenay
> organizationName= "4. Nom de l'organisation(Ex, 
> Groupe Solutions TI) "
> organizationName_default= Groupe Solutions TI Inc.
> organizationalUnitName  = "5. Nom de l'unité organisationnelle (Ex, 
> Service web) "
> organizationalUnitName_default  =
> commonName  = "6. Nom de la personne   (Ex, 
> Jean Tremblay)   "
> commonName_max  = 64
> commonName_default  =
> emailAddress= "7. Adresse courriel (Ex, 
> v...@domain.com  "
> emailAddress_max= 64
> emailAddress_default=
>  
> [ issuer_section ]
> O

Re: sk_X509_OBJECT_num()

2019-11-13 Thread Dave Coombs 
Hi,

They're macros, defined in SKM_DEFINE_STACK_OF() in safestack.h.  If you 
DEFINE_STACK_OF(Foo), you'll automatically end up with a sk_Foo_num() macro.

Cheers,
  -Dave


> On Nov 13, 2019, at 12:20, Jason Schultz  wrote:
> 
> Hello-
> 
> I am updating my Linux application from using OpenSSL 1.0.2 to 1.1.1 in 
> preparation for OpenSSL 3.0 (and of course the EOL of 1.0.2). I'm confused 
> about the function in the subject line as well as other, related sk_X509_* 
> functions. 
> 
> My code has always used these functions, and currently my code compiles and 
> runs successfully against 1.1.1. I was sort of doing an audit of my code, 
> evaluating the API calls that have changed vs not changed when I noticed 
> these functions. I searched for them in the 1.1.1 source. They don't exist, 
> except where called in x509_lu.c. In the 1.0.2 code base, they are called in 
> the same file, as well as are defined in a header, 
> /include/openssl/safestack.h.
> 
> My question is, how are those symbols in my application being resolved since 
> they are no longer found in the safestack.h header file? 
> 
> My system previously had OpenSSL 1.0.2 installed when I installed 1.1.1, but 
> I don't think I have any old headers around that are being found when I 
> compile and link. But for some reason this works. They obviously work within 
> the OpenSSL 1.1.1 code also. 
> 
> I'm thinking I could be missing something basic about the compile/link 
> process that explains this. Any ideas? 
> 
> Thanks in advance.



smime.p7s
Description: S/MIME cryptographic signature

Re: i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

2019-03-18 Thread Dave Coombs 
> This makes sense - however there don’t appear to be any APIs in openssl that 
> allow you to manipulate a X509_REQ_INFO structure. I can create it, and 
> encode/decode it, but there is no X509_REQ_INFO_get_subject_name() (or 
> friends) to populate the structure. X509_REQ_INFO itself is opaque.

I believe you said you're using 1.0.2, right?  The structures aren't opaque 
there.  You can make your X509_REQ and populate its name etc as you already 
are, and then i2d_X509_REQ_INFO its req_info member.

(Even in the 1.1 API, where they are opaque, i2d_re_X509_REQ_tbs will encode a 
given X509_REQ's X509_REQ_INFO for you.)

Good luck,
  -Dave



smime.p7s
Description: S/MIME cryptographic signature

Re: [openssl-users] Engine NID_sha512

2018-11-19 Thread Dave Coombs 
Hi,

>  if (!digest)
>  {
>   static int 
> supported_nids[] = {NID_sha256, NID_sha384, NID_sha512, 0};
>   *nids = 
> supported_nids;
>   return 2;
>  }

I think this should be "return 3", to reflect the number of NIDs you're 
implementing support for.

  -Dave




smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] BIO_printf with ASN1_BIT_STRING and ASN1_INTEGER?

2018-10-16 Thread Dave Coombs 
Depends what you want it to print, I guess...  ASN1_STRING_print_ex() can print 
any ASN1_STRING (including an ASN1_BIT_STRING) but it'll come out binary 
packed.  If you want to do anything fancier like print individual bit values in 
a more human-readable way, you'll have to do it yourself, as far as I know.

  -Dave


> On Oct 16, 2018, at 10:32, Opa114  wrote:
> 
> Hi,
> 
> thanks for this - what about the ASN1_BIT_STRING? Is there such a predefined 
> function?
> 
> Von: openssl-users  <mailto:openssl-users-boun...@openssl.org>> im Auftrag von Dave Coombs 
> mailto:dcoo...@carillon.ca>>
> Gesendet: Dienstag, 16. Oktober 2018 15:17 Uhr
> An: openssl-users@openssl.org <mailto:openssl-users@openssl.org>
> Betreff: Re: [openssl-users] BIO_printf with ASN1_BIT_STRING and ASN1_INTEGER?
>  
> Hi,
> 
> You can use i2a_ASN1_INTEGER() to print an ASN1_INTEGER to a BIO.
> 
>   -Dave
> 
> 
>> On Oct 16, 2018, at 05:37, Opa114 mailto:opa...@web.de>> 
>> wrote:
>> 
>> Hi there,
>> 
>> i have to print out some data, which is an ASN1_BIT_STRING and an 
>> ASN1_INTEGER with BIO_printf. For GENERAL_NAME for example there a 
>> predefined functions i can use like this: GENERAL_NAME_print(bp, 
>> GENERAL_NAME_VAR) <= 0
>> 
>> But for ASN1_INTGER and ASN1_BIT_STRING i haven't found any predefined 
>> function like ASN1_INTEGER_PRINT or something similiar i can use. So can 
>> someone tell me how i print out these two data types with BIO_printf in the 
>> correct and actual way?
>> 
>> thanks a lot.
>> -- 
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users 
>> <https://mta.openssl.org/mailman/listinfo/openssl-users>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] BIO_printf with ASN1_BIT_STRING and ASN1_INTEGER?

2018-10-16 Thread Dave Coombs 
Hi,

You can use i2a_ASN1_INTEGER() to print an ASN1_INTEGER to a BIO.

  -Dave


> On Oct 16, 2018, at 05:37, Opa114  wrote:
> 
> Hi there,
> 
> i have to print out some data, which is an ASN1_BIT_STRING and an 
> ASN1_INTEGER with BIO_printf. For GENERAL_NAME for example there a predefined 
> functions i can use like this: GENERAL_NAME_print(bp, GENERAL_NAME_VAR) <= 0
> 
> But for ASN1_INTGER and ASN1_BIT_STRING i haven't found any predefined 
> function like ASN1_INTEGER_PRINT or something similiar i can use. So can 
> someone tell me how i print out these two data types with BIO_printf in the 
> correct and actual way?
> 
> thanks a lot.
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users 
> 


smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SubjectAltName syntax in openssl.cnf

2018-10-02 Thread Dave Coombs 
Hello,

That syntax looks correct, yes.  It belongs in the [section] name you are 
passing to the "-extensions" argument on the "openssl ca" command when issuing 
the certificate.

I hope this helps.
  -Dave


> On Oct 2, 2018, at 05:47, DUPALUT, Benjamin  wrote:
> 
> Hello,
> 
> Does anyone, please, have informations about my question ?
> 
> Thanks in advance.
> 
> Cordialement,
> 
> Benjamin Dupalut
> Ingénieur système et réseau
> Service Informatique, Télécommunications, Audiovisuel et Reprographie (SITAR)
> ESIEE Paris
> 2 bd Blaise Pascal - 93162 Noisy-le-Grand Cedex
> T : +33 1 45 92 66 17
> benjamin.dupa...@esiee.fr 
> www.esiee.fr  / www.cci-paris-idf.fr 
> 
> 
> 
> Le ven. 28 sept. 2018 à 18:00, DUPALUT, Benjamin  > a écrit :
> Hello,
> 
> i Have to set a SubjectAltName for a server certificate but documentations on 
> the web does not provide the same syntax.
> 
> Is this syntax correct ?
> 
> subjectAltName=DNS:test.example.com 
> 
> Also, does it belong in the [ usr_cert ] section ?
> 
> Thank you for your help.
> 
> Regards,
> 
> Benjamin Dupalut
> Ingénieur système et réseau
> Service Informatique, Télécommunications, Audiovisuel et Reprographie (SITAR)
> ESIEE Paris
> 2 bd Blaise Pascal - 93162 Noisy-le-Grand Cedex
> T : +33 1 45 92 66 17
> benjamin.dupa...@esiee.fr 
> www.esiee.fr  / www.cci-paris-idf.fr 
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] An example issuing an intermediate CA with policy mappings?

2018-09-26 Thread Dave Coombs 
> On Sep 25, 2018, at 14:34, Krehbiel, Richard  wrote:
> 
> For my testing I want to explore the behaviors of policies, policy 
> constraints, and policy mappings.  I have figured out how to request and 
> issue certs with custom policy OIDs, but I haven't yet seen a method of 
> granting an intermediate cert with policy mappings.   Can openssl do this?  
> How?  Thanks.

Yes, I've used "openssl ca" to make certs with policy mappings in the past.  
Try something like this in your openssl.cnf, for use with "openssl ca 
-extensions test_ext" for example.  (I haven't tested with these exact values, 
but it should be a starting point.)

[openssl_init]
oid_section = new_oids
...

[new_oids]
issuerOID = Issuer Domain Policy, 1.2.3.4.5
subjectOID = Subject Domain Policy, 1.3.5.7.9
...

[test_ext]
policyMappings = @policy_mappings
...

[policy_mappings]
issuerOID = subjectOID

And if you want to map more than one subject domain policy OID to the same 
issuer domain policy OID, you can use issuerOID.0, issuerOID.1, issuerOID.2, 
etc, to differentiate them in the policy_mappings section.

Good luck,
  -Dave

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] I need help to implement triple des algorithm with openssl

2018-06-16 Thread Dave Coombs 
> Thank you Matt!,
> yes it odd, the component in C# is from a third an we don't know C#, we think 
> that for a moment we could replace that using openssl command line.
> 
> Could show me how pass a key to the openssl?

To use a specific key instead of deriving it from a passphrase, use -K instead 
of -k, with the key in hex.

Simple example:
$ echo asdf | openssl enc -des-ede3 -K 0123456789abcdef0123456789abcdef | xxd
: 216e eaf3 964d 11bf  !n...M..

If ever you're using CBC mode you would also need to specify an IV (with -iv) 
but you said des-ede3 which is two-key 3DES in ECB, so no need.

  -Dave


> Thank you!
> 
> 
> 
> El vie., 15 de jun. de 2018 a la(s) 10:53, Matt Caswell (m...@openssl.org 
> ) escribió:
> 
> 
> On 15/06/18 14:34, Fernando A wrote:
> > Hi all,
> > 
> > I am not an expert with openssl and I need replace a component in c#
> > that run algorithm Triple DES.
> > I tried in the command line something like this 
> > "openssl enc -des-ede3 -k 1234567890123456ABCDEFGH -in test.txt -out
> > test.enc"
> > 
> > but the result that I obtain is diferent of result launched by the c#
> > component.
> > Of course the passphrase is the same, and always file test.enc contain a
> > phrase
> > that start with "Salted__..." indifferent of the contain of file test.txt.
> > some idea?
> > thanks in advance!
> 
> Is your c# component using a passphrase or a key? If a passphrase, how
> does it generate the key from that passphrase?
> 
> By default the OpenSSL enc command uses its own key derivation function
> (KDF) to generate a key from a passphrase. That KDF uses a random salt
> value which it prepends to the beginning of the file. If the KDF in C#
> is different (which it almost certainly is), and it doesn't use the same
> file format as OpenSSL uses (which it almost certainly doesn't) then
> you're going to get different results.
> 
> You can alternatively pass a key rather than a passphrase to the OpenSSL
> command line.
> 
> It seems odd that you are using the command line to replace a c#
> component, rather than using the OpenSSL APIs.
> 
> Matt
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users 
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CSR verify failure

2018-03-26 Thread Dave Coombs 
Yeah, it looks like the signature is just wrong.  Even setting aside the 
question of padding, I used rsautl -verify -raw on the signature using the 
CSR's public key, and I would expect to see a pair of sequence tags (0x30) with 
sensible lengths somewhere inside, and I don't.

hulk:/tmp $ openssl req -in CSR.pem -pubkey -noout -out pubkey.pem

(not shown: asn1parse to find the offset of the start of the signature)

hulk:/tmp $ openssl asn1parse -in CSR.pem -i -strparse 390 -out /tmp/sig.bin > 
/dev/null 2>&1

hulk:/tmp $ openssl rsautl -verify -pubin -inkey pubkey.pem -in sig.bin -raw | 
xxd
: def6 b025 c8eb d0b0 02b4 dd99 cfe6 81fa  ...%
0010: 12cb 3085 5102 aa40 84c6 d510 222b 8648  ..0.Q..@"+.H
0020: c891 03eb 7440 0ced d43b 4fcf 498b ae80  t@...;O.I...
0030: 0822 3ad1 d77c 3f45 db41 c0ce 6fe4 7390  .":..|?E.A..o.s.
0040: 4b87 db0a b87a 688a 1f5f 1061 e7cd 3b44  Kzh.._.a..;D
0050: a4eb cca6 d4b4 7a8e eb4e 3642 309b 7101  ..z..N6B0.q.
0060: 81fb fbfb 44a5 5b81 8d61 38ec 7785 aced  D.[..a8.w...
0070: 9035 add7 b1d6 1ffd a0dc 58ec 700c 8ae9  .5X.p...
0080: f994 33c5 ffa8 70be 1db2 dc86 0587 b70c  ..3...p.
0090: 185d 7b61 226e 939a 0e6a 41ca 3fa0 ff74  .]{a"n...jA.?..t
00a0: 1ca1 1abd 9203 91a1 0750 07d4 a8da 1114  .P..
00b0: 80f9 2cf8 9d22 309c 203c c92e 6e20 4bd3  ..,.."0. <..n K.
00c0: 2a98 f1e4 9d9a f0c2 5411 2a0d 9931 1ca8  *...T.*..1..
00d0: 5f14 ec51 cbe1 e37f 5d6e 683e 2dab b4ed  _..Q]nh>-...
00e0: 21c5 8632 4b03 af1a 2b66 35f7 9e2a c326  !..2K...+f5..*.&
00f0: 0ebc 84ad 664f b882 83eb 8c5a dc03 6eb4  fO.Z..n.

Contrast with what I pulled out from a known-good sha256WithRSAEncryption CSR:

hulk:/tmp $ openssl rsautl -verify -pubin -inkey pubkey2.pem -in sig2.bin -raw 
| xxd
: 0001         
0010:          
0020:          
0030:          
0040:          
0050:          
0060:          
0070:          
0080:          
0090:          
00a0:          
00b0:          
00c0:       0030 3130  .010
00d0: 0d06 0960 8648 0165 0304 0201 0500 0420  ...`.H.e...
00e0: 52fc 1687 6e70 15a1 7c40 1e1a e083 0c74  R...np..|@.t
00f0: f6bb 761b 9656 4df7 5edd 02ac f414 bd5b  ..v..VM.^..[

Where you can clearly see the two sequence tags after the end of the padding.

hulk:/tmp $ openssl rsautl -verify -pubin -inkey pubkey2.pem -in sig2.bin | 
openssl asn1parse -inform der -i
0:d=0  hl=2 l=  49 cons: SEQUENCE
2:d=1  hl=2 l=  13 cons:  SEQUENCE
4:d=2  hl=2 l=   9 prim:   OBJECT:sha256
   15:d=2  hl=2 l=   0 prim:   NULL
   17:d=1  hl=2 l=  32 prim:  OCTET STRING  [HEX 
DUMP]:52FC16876E7015A17C401E1AE0830C74F6BB761B96564DF75EDD02ACF414BD5B

As to how this *happened*, I'm afraid I've no idea.

  -Dave



> On Mar 26, 2018, at 12:15, Felipe Gasper  wrote:
> 
> I see the same errors with 1.0.2n.
> 
> Going by posts I see out-and-about about this error, there seem to be two 
> possibilities:
> 
> 1) There’s an RSA padding scheme mismatch. Maybe your openssl.cnf has 
> something nonstandard, e.g., raw padding rather than PKCS1?
> 
> 2) The signature is simply incorrect. It’s been a while since I did this, but 
> I *believe* you could check this by extracting the bytes for the first-nested 
> SEQUENCE from the ASN.1 structure, get the signature for that blob against 
> your private key, then compare that to the CSR’s stored signature. They 
> should be the same.
> 
> Also, did you verify that the modulus and exponent as stored in the CSR match 
> up against your private key file?
> 
> -F
> 
>> On Mar 26, 2018, at 11:55 AM, Jon Uriarte  wrote:
>> 
>> Sure, here it is:
>> 
>> $ cat CSR.csr 
>> -BEGIN CERTIFICATE REQUEST-
>> MIIChzCCAW8CAQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0
>> eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEB
>> BQADggEPADCCAQoCggEBAOJuhJcO1eqtGE8Yc7P4cSgSwlwyuAe8AYzseGCqwAEY
>> XHVdAXaPspJcRyP2ndz2AmYfytPPogFEWPnf86WKyaNHp4Aan2LEo0Z345Zqhb8G
>> rApR6hqdAyqATGNrgYchtVZNo1JN2bRgY/MUXqdunfS3W33LEJwg0b7tf4KBHPLw
>> lOqkyWo75xvMROcMISRX+k5NbckAsXkX5H52lryYQrirzqgHR8C8Bqe4pzYHLsqA
>> 2Sw6F+emfOxTGmqhN6O2WQBryP5/9CpySHST1oG5wDtPqZ2EhE1gdpeQDPjHRiaU
>>

Re: [openssl-users] AES_unwrap_key returns 0

2018-01-05 Thread Dave Coombs 
Hello,

This is just a guess, but try AES_set_decrypt_key() before trying to unwrap?

  -Dave


> On Jan 4, 2018, at 13:08, InMotion Man  wrote:
> 
> Hello all,
> I'm having trouble using the AES_unwrap_key function. I have tried different 
> things but it always returns 0 and the out buffer does not get written to. 
> 
> I can wrap a key with the AES_wrap_key. Then I pass the wrapped key output to 
> AES_unwrap_key and it is not able to unwrap it. This is regardless if I use 
> the default IV (passing NULL to the function) or pass an explicit IV.See 
> sample code below. 
> 
> Has anybody seen this issue? Any help will be appreciated.
> I'm using OpenSSL 1.1.0.f
> 
> #include 
> 
> int
> main(int argc, char **argv)
> {
> int i;
> int ret;
> unsigned char wrappedKeyData[24];
> unsigned char KEK[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
> 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
> unsigned char keyData[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 
> 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
> unsigned char IV[8] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
>   
> AES_KEY wrp_key;
> AES_set_encrypt_key(KEK, 128, _key);
> 
> /* wrapping  */
> ret = AES_wrap_key(_key, NULL, wrappedKeyData, keyData, 16);
> printf("openssl wrapping returns %i\n", ret);
> printf("wrapped keyData: ");
> for (i = 0; i < ret; i++) {
> printf ("%02x", wrappedKeyData[i]);
> }
> printf("\n");
> 
> /* unwrapping */
> unsigned char keyDataOut[16];
> ret = AES_unwrap_key(_key, NULL, keyDataOut, wrappedKeyData, 24);
> printf("unwrapping openssl returns %i\n", ret);
> printf("unwrapped keyData: ");
> for (i = 0; i < 16; i++) {
> printf ("%02x", keyDataOut[i]) ;
> }
> printf("\n");
> 
> return EXIT_SUCCESS;
> }
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Unclear docs -- request clarification on X509_STORE_add_cert

2018-01-02 Thread Dave Coombs 
> The observation is correct, but the conclusion is wrong.
> The object is reference counted, and X509_free() is needed
> to avoid a leak (when the store is freed along with the
> context).

My apologies -- I assumed based on its name that X509_OBJECT_up_ref_count was 
upping the refcount on the internal X509_OBJECT, which had taken over the 
X509*, which led to my conclusion that freeing the X509_STORE frees the X509 
too.  However, you're right, it ups the refcount on the underlying X509, and so 
the caller *should* free the underlying object when finished with it.

I've now confirmed with a quick test program and valgrind.

Oops,
  -Dave

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Unclear docs -- request clarification on X509_STORE_add_cert

2018-01-02 Thread Dave Coombs 
Hello,

Looking at the code in x509_lu.c, X509_STORE_add_cert() takes ownership of your 
X509 *cc_cert -- you don't need to (and probably shouldn't) free it.

Cheers,
  -Dave


> On Jan 2, 2018, at 19:38, Karl Denninger  wrote:
> 
> Assume the following code snippet:
> 
> const unsigned char a_cert = {... }; (A DER certificate we wish to load 
> into the context's chain storage)
> int size_a_cert = sizeof(a_cert);
> 
> const unsigned char *cp;
> 
> X509 *cc_cert;
> X509_STORE *cc = SSL_CTX_get_cert_store(a_context);
> if (cc == NULL) {
> panic ("Cannot get chain; fail");
> }
> cp = a_cert;
> cc_cert = d2i_X509(NULL, , size_a_cert);
> if (cc_cert == NULL) {
>   panic("Cert not valid");
> }
> if (!X509_STORE_add_cert(cc, cc_cert)) {/* Push the cert into the 
> chain store */
>  panic ("Cannot add required chain certificate");
> }
> /*  X509_free(cc_cert); */
> The question is the last line and whether it should be there (uncommented) -- 
> does the X509_STORE_add_cert call load the *reference* or does it load the 
> *data* (allocating whatever it   needs internally to do so)?  In other 
> words do I need to keep that X509 structure around that got allocated by the 
> d2i_X509 call or do I free it after I've pushed it into the store?
> 
> The docs are silent on this as far as I can tell but some example code I've 
> seen floating around doesn't free it.
> -- 
> Karl Denninger
> k...@denninger.net 
> The Market Ticker
> [S/MIME encrypted email preferred]
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL SHA algorithm

2017-12-26 Thread Dave Coombs 
Hi,

Wikipedia has some information.

https://en.wikipedia.org/wiki/Secure_Hash_Algorithms

What is produced by "dgst -sha" is what the above link is calling SHA-0 
(originally just called SHA).

All the best,
  -Dave


> On Dec 25, 2017, at 22:44, Swapnil Deshpande  
> wrote:
> 
> Hi all,
> 
> Noob here. I recently discovered that the "-sha1" and "-sha" flags in the 
> "openssl dgst" command produce different outputs. I thought those were the 
> same algorithms but turns out they are not:
> 
> $ echo -n "password" | openssl dgst -sha
> 80072568beb3b2102325eb203f6d0ff92f5cef8e
> 
> $ echo -n "password" | openssl dgst -sha1
> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
> 
> I am aware of SHA1 and the SHA-128 algorithm. 
> 
> 1. What algorithm is used to generate hash when I use the "-sha" option?
> 2. What could I have done to get this answer to #1 in a better way? I am 
> asking this because I tried to find what algorithm is being used through the 
> "help" option as well as trying to search via "man openssl" but couldn't find 
> anything. I also did a basic search for "openssl sha vs sha1" and couldn't 
> find any relevant results. If there was a better way to know more about this 
> option (say by reading some documentation), I'd be glad to know about it. 
> 
> Merry Christmas. 
> 
> Regards,
> Swapnil
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Example code to add several CRL distribution points

2017-11-23 Thread Dave Coombs 
Hi Dirk,

First point: you are populating distpoint->name.relativename (which is a union 
member) but setting the discriminator distpoint->type to 0, which indicates to 
use fullname rather than relativename.  So your structure will not be 
interpreted correctly.

In any case, I think you want to populate fullname, instead of relativename.  
You're using a url, not a relative DN.

Make a GENERAL_NAMES, and add to it a GENERAL_NAME whose type is GEN_URI, and 
whose value (as an IA5String) is the url you want, and then point 
distpoint->name.fullname at the GENERAL_NAMES.

And, as before, you can do this multiple times and add additional DIST_POINTs.

Good luck,
  -Dave


> On Nov 23, 2017, at 03:54, Dirk Menstermann <noadsple...@web.de> wrote:
> Thanks Dave,
> 
> It seems that I do something wrong when filling the STACK_OF(DIST_POINT):
> 
> X509_NAME_ENTRY *nameEntry = X509_NAME_ENTRY_new();
> X509_NAME_ENTRY_set_data (nameEntry, V_ASN1_IA5STRING /*MBSTRING_ASC*/, (const
> unsigned char*) "http://example.com/;, 19);
>   
> STACK_OF (X509_NAME_ENTRY) *nameStack = sk_X509_NAME_ENTRY_new_null();
> sk_X509_NAME_ENTRY_push (nameStack, nameEntry);
> 
> DIST_POINT *distPoint = DIST_POINT_new();
> distPoint->distpoint = DIST_POINT_NAME_new();
> distPoint->distpoint->name.relativename = nameStack;
> distPoint->distpoint->type = 0;
>   
> STACK_OF(DIST_POINT) *distPoints = sk_DIST_POINT_new_null();
> sk_DIST_POINT_push (distPoints, distPoint);
> X509_EXTENSION *ext = X509V3_EXT_i2d (NID_crl_distribution_points, 0, 
> distPoints);
> X509_add_ext (cert, ext, -1);
> X509_EXTENSION_free (ext);
> 
> The extension will be added, but is empty.
> 
> Do you see where it breaks?
> Dirk
> 
> On 22.11.2017 15:04, Dave Coombs wrote:
>> You can use X509V3_EXT_i2d(NID_crl_distribution_points, critical, sk) where 
>> sk is a STACK_OF(DIST_POINT) that you have previously filled with multiple 
>> URIs.
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Example code to add several CRL distribution points

2017-11-22 Thread Dave Coombs 
Hi,

You can use X509V3_EXT_i2d(NID_crl_distribution_points, critical, sk) where sk 
is a STACK_OF(DIST_POINT) that you have previously filled with multiple URIs.

Cheers,
  -Dave


> On Nov 22, 2017, at 06:58, Dirk Menstermann  wrote:
> Hi,
> 
> can anybody share example code to add more than 1 CRL distribution point to a
> certificate?
> 
> The below works only for one URI:
> 
> X509_EXTENSION *ext = X509V3_EXT_conf_nid (NULL, ,
> NID_crl_distribution_points, (char*) "URI:http://exmaple.com/crl;);
> X509_add_ext (certificate, ext, -1);
> 
> Thanks a lot
> Dirk
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to parse DER encoded x509 attributes?

2017-11-20 Thread Dave Coombs 
Hello,

As I said, you could experiment with ASN1_TFLG_SET_OF instead of 
ASN1_TFLG_SEQUENCE_OF.

Also, to free the memory, you should be able to use just one call:
sk_X509_ATTRIBUTE_pop_free(attrs, X509_ATTRIBUTE_free);

This frees each element in the stack, and also frees the stack.

All the best,
  -Dave


> On Nov 20, 2017, at 09:03, Libor Chocholaty <o...@mts.cz> wrote:
> Hello,
> 
> thanks a lot. Works nice. Just it is interesting that I get X509_ATTRIBUTEs 
> what should be a SEQUENCE but need to parse as SET.
> 
> And to free the memory:
> 
> X509_ATTRIBUTE *attr;
> while ((attr = sk_X509_ATTRIBUTE_pop(attrs)) != NULL) {
> X509_ATTRIBUTE_free(attr);
> }
> sk_X509_ATTRIBUTE_free(attrs);
> 
> Looks working.
> 
> Regards,
> Libor
> 
>  
> On 2017-11-15 15:31, Dave Coombs wrote:
> 
>> Hello,
>>  
>> You can do something like the following.
>>  
>> First make a type corresponding to a stack of x509 attributes:
>>  
>>  typedef STACK_OF(X509_ATTRIBUTE) SEQ_X509_ATTRIBUTE;
>>  DECLARE_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE);
>>  
>> Then make an asn1 template that specifies how the stack should be encoded.  
>> (You can use ASN1_TFLG_SET_OF instead of ..SEQUENCE_OF here, depending on 
>> the DER you're trying to interpret, I don't know.)
>>  
>>  ASN1_ITEM_TEMPLATE(SEQ_X509_ATTRIBUTE) =
>>  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, x509attribute, 
>> X509_ATTRIBUTE)
>>  ASN1_ITEM_TEMPLATE_END(SEQ_X509_ATTRIBUTE)
>>  IMPLEMENT_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE)
>>  
>> Now your type has its own d2i and i2d functions, and you can use them:
>>  
>>  STACK_OF(X509_ATTRIBUTE) *attrs = d2i_SEQ_X509_ATTRIBUTE(NULL, , 
>> length);
>>  
>> Cheers,
>>   -Dave
>>  
>> 
>>> On Nov 15, 2017, at 07:26, Libor Chocholaty <o...@mts.cz 
>>> <mailto:o...@mts.cz>> wrote:
>>> Hello,
>>> 
>>> I would like to parse DER encoded x509 attributes and have no clue how to 
>>> use d2i_ASN1_SET_OF_X509_ATTRIBUTE. There are params that cannot find what 
>>> to pass like free_func.
>>> 
>>> I am trying to uderstand by collecting pieces of known code, looking into 
>>> openssl sources but...
>>> 
>>> PKCS7_SIGNER_INFO *p7si = PKCS7_SIGNER_INFO_new();
>>> d2i_ASN1_SET_OF_X509_ATTRIBUTE(>auth_attr, _data, 
>>> der_data_length, d2i_X509_ATTRIBUTE, free_func, V_ASN1_SET, 
>>> V_ASN1_UNIVERSAL);
>>> 
>>> Could somebody help how to do it or give a link to some useful 
>>> documentation?
>>> Search internet looks completely not useful in this topic... or do not know 
>>> how to ask...
>>> 
>>> Regards,
>>> Libor
>>> 
>>>  
>>> -- 
>>> openssl-users mailing list
>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users 
>>> <https://mta.openssl.org/mailman/listinfo/openssl-users>
>>  
>  
>  
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to parse DER encoded x509 attributes?

2017-11-15 Thread Dave Coombs 
Hello,

You can do something like the following.

First make a type corresponding to a stack of x509 attributes:

typedef STACK_OF(X509_ATTRIBUTE) SEQ_X509_ATTRIBUTE;
DECLARE_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE);

Then make an asn1 template that specifies how the stack should be encoded.  
(You can use ASN1_TFLG_SET_OF instead of ..SEQUENCE_OF here, depending on the 
DER you're trying to interpret, I don't know.)

ASN1_ITEM_TEMPLATE(SEQ_X509_ATTRIBUTE) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, x509attribute, 
X509_ATTRIBUTE)
ASN1_ITEM_TEMPLATE_END(SEQ_X509_ATTRIBUTE)
IMPLEMENT_ASN1_FUNCTIONS(SEQ_X509_ATTRIBUTE)

Now your type has its own d2i and i2d functions, and you can use them:

STACK_OF(X509_ATTRIBUTE) *attrs = d2i_SEQ_X509_ATTRIBUTE(NULL, , 
length);

Cheers,
  -Dave


> On Nov 15, 2017, at 07:26, Libor Chocholaty  wrote:
> 
> Hello,
> 
> I would like to parse DER encoded x509 attributes and have no clue how to use 
> d2i_ASN1_SET_OF_X509_ATTRIBUTE. There are params that cannot find what to 
> pass like free_func.
> 
> I am trying to uderstand by collecting pieces of known code, looking into 
> openssl sources but...
> 
> PKCS7_SIGNER_INFO *p7si = PKCS7_SIGNER_INFO_new();
> d2i_ASN1_SET_OF_X509_ATTRIBUTE(>auth_attr, _data, der_data_length, 
> d2i_X509_ATTRIBUTE, free_func, V_ASN1_SET, V_ASN1_UNIVERSAL);
> 
> Could somebody help how to do it or give a link to some useful documentation?
> Search internet looks completely not useful in this topic... or do not know 
> how to ask...
> 
> Regards,
> Libor
> 
>  
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Verifying a timestamp signed using a cert issued by a sub CA (intermediate)

2017-11-14 Thread Dave Coombs 
Hi Marcus,

Try giving -CAfile a concatenated file with both CA certificates inside.

hulk:/tmp $ cat DSS* > chain.pem

hulk:/tmp $ openssl ts -verify -in /tmp/out10.tsp -queryfile /tmp/out10.tsq 
-CAfile chain.pem
Verification: OK

Cheers,
  -Dave


> On Nov 14, 2017, at 02:30, Marcus Lundblad  
> wrote:
> 
> Hi!
> 
> I'm trying to verify a timestamp that was signed using a signer
> certificate that has been issued by an intermediate CA.
> I'm only able to verify when specifying the intermediate CA certificate
> as "-untrusted" and the root CA cert as "-CAfile":
> 
> openssl ts -verify -in /tmp/out10.tsp -queryfile /tmp/out10.tsq -CAfile
> res/test/dss10/DSSRootCA10.cacert.pem -untrusted
> res/test/dss10/DSSSubCA11.cacert.pem 
> Using configuration from /usr/lib/ssl/openssl.cnf
> Verification: OK
> 
> When running with just -CAfile pointing to the intermediate CA cert, I
> get:
> 
> Using configuration from /usr/lib/ssl/openssl.cnf
> Verification: FAILED
> 140693337339136:error:2F06D064:time stamp
> routines:ts_verify_cert:certificate verify
> error:../crypto/ts/ts_rsp_verify.c:182:Verify error:unable to get
> issuer certificate
> 
> And if setting -CAfile to point to the root CA cert:
> 
> Using configuration from /usr/lib/ssl/openssl.cnf
> Verification: FAILED
> 140228374308096:error:2F06D064:time stamp
> routines:ts_verify_cert:certificate verify
> error:../crypto/ts/ts_rsp_verify.c:182:Verify error:unable to get local
> issuer certificate
> 
> I'm thinking both these variants should have worked (the timestamp
> response is including the complete chain in the ESSCertID structure).
> 
> Attached are the CA certs, the signer cert (ts3.pem), the query
> (out10.tsq), and the response (out10.tsp)
> 
> Regards,
> Marcus 
> Lundblad--
>  
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OCSP_BASICRESP_verify() in 1.1.0

2017-11-01 Thread Dave Coombs 
>> It would be nice, though, if the API provided a way to get the signer's 
>> certificate.  There is OCSP_resp_get0_signature(), but that only returns the 
>> bit string.  Comparable functions in other modules (eg: 
>> X509_get0_signature(), X509_REQ_get0_signature(), X509_CRL_get0_signature(), 
>> CMS_SignerInfo_get0_algs()) provide a way to get any combination of bit 
>> string, algorithm, and signer cert.
> 
> Kind of like https://github.com/openssl/openssl/pull/4573 ?

Quite a lot like that, yes.  Neat.  Is there any chance this might be included 
in the 1.1.0 series?

Thanks,
  -Dave

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OCSP_BASICRESP_verify() in 1.1.0

2017-10-31 Thread Dave Coombs 
>> If I pass in a STACK_OF(X509) *certs with only the signer's cert in it, and 
>> NULL for X509_STORE *st since it won't be used, then I think I should get 
>> the desired result, yes, at the cost of ocsp_find_signer(single-entry certs) 
>> and the internal creation/destruction of an unused X509_STORE_CTX.  I'd have 
>> a small performance hit but it probably wouldn't be too bad.
> 
> Probably the construction of that ctx is in the wrong place. It should
> be later in the function. I can't imagine the ocsp_find_signer() hit is
> too great.

Having tried this, I now see that my copying the structs from ocsp_lcl.h into 
the external code masked the fact that the external code is getting the 
signer's cert beforehand by directly accessing OCSP_BASICRESP->certs (and 
->tbsResponseData) anyway, effectively doing what ocsp_find_signer() does.  So 
it is clear that I will need to be rework this, potentially centred around 
OCSP_basic_verify(), while remaining ignorant of the signer cert.

It would be nice, though, if the API provided a way to get the signer's 
certificate.  There is OCSP_resp_get0_signature(), but that only returns the 
bit string.  Comparable functions in other modules (eg: X509_get0_signature(), 
X509_REQ_get0_signature(), X509_CRL_get0_signature(), 
CMS_SignerInfo_get0_algs()) provide a way to get any combination of bit string, 
algorithm, and signer cert.

Cheers,
  -Dave

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OCSP_BASICRESP_verify() in 1.1.0

2017-10-31 Thread Dave Coombs 
Hi Matt, thanks for your response.

>> Is the correct solution to use OCSP_basic_verify(), which feels like
>> overkill for my needs (the code in question is *part of* our own
>> path-validation routine), or might there be some other way?
> 
> Can you use OCSP_basic_verify() passing in OCSP_NOVERIFY in the final
> "flags" argument? This basically finds the signer certificate and
> verifies the signature using OCSP_BASICRESP_verify(), but skips all the
> chain validation bit.

If I pass in a STACK_OF(X509) *certs with only the signer's cert in it, and 
NULL for X509_STORE *st since it won't be used, then I think I should get the 
desired result, yes, at the cost of ocsp_find_signer(single-entry certs) and 
the internal creation/destruction of an unused X509_STORE_CTX.  I'd have a 
small performance hit but it probably wouldn't be too bad.

The alternative would be to change the OCSP_BASICRESP_verify() macro into an 
externally available function, and then both it and OCSP_basic_verify() could 
call the former macro, suitably renamed and internally scoped.  Clearly I'd be 
happy with that, though I understand if you don't want to go that route.

Cheers,
  -Dave

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OCSP_BASICRESP_verify() in 1.1.0

2017-10-31 Thread Dave Coombs 
Hello,

I was fiddling around with OpenSSL 1.1.0 this past weekend, because One Day 
We'll Need To Upgrade (tm), and ran into the following.

We have some code that uses OCSP_BASICRESP_verify() with 1.0.1 / 1.0.2 to 
confirm that the signature on an ocsp response is correct.  This is a macro in 
ocsp.h, which directly accesses the signature, signatureAlgorithm, and 
tbsResponseData members of the OCSP_BASICRESP structure.  In 1.1.0, this 
structure is now opaque, but the macros are still present in the public ocsp.h, 
so any external code that uses this macro can't compile.

I can get around this by copying the struct definitions from ocsp_lcl.h into 
the external code, but that both defeats the purpose of opaque structures and 
will cause me problems if the structure contents ever change.

Is the correct solution to use OCSP_basic_verify(), which feels like overkill 
for my needs (the code in question is *part of* our own path-validation 
routine), or might there be some other way?

Either way, I hereby report you've got a few macros in a public header that 
can't possibly work as things stand. :-)

Thanks,
  -Dave

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users