sign/verify kicking my ass

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
24 messages Options
12
Reply | Threaded
Open this post in threaded view
|

sign/verify kicking my ass

ShaunR
Can anybody help me out, not sure whats going wrong.  My test case right now
is the following

gcc sign.c -o sign -lcrypto
gcc verify.c -o verify -lcrypto
./sign > blah.sig
./verify



[root@devhost1 openssl]# cat sign.c
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>

#include <openssl/bio.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/err.h>

int main(void)
{

        char* message = "blah";
        unsigned char* signature;
        unsigned int slen;
        unsigned int verified;

        static char *privkey = "-----BEGIN RSA PRIVATE
KEY-----\nMIIJKAIBAAKCAgEAwm3C2PotN3uzg6pUqpLMkxa9xsgA/V3TrfG9RbrriIVr5xF7\n8rqtPTgzXUhcYAkEd2ROjtrI4WfZ91G3e9d5sR/1275UD0KAxkzxwOcWWMfZ0Yul\nlcwYQayd4Ke2msLaXbm65Gd0BfmGSCMX7fWHEWUCwSklXEFI0I2Zz7fZsCdeynaL\nGnZupsmKGa+t7XsgiVWfDGsQPcFee7285tnWxEgNUlaahySbLsNh11UAyqdKtDif\nSDUSuuPxnE+tvi3r2O17Yj77m9fnDAbRYHta+wTtKlPoD9iuV5bCoOpMejxBVNNK\nG6ganp117ivMC6OPYs+QxSM5FNOikIETZoLBBZV2M1T84i0pTat901OQZkhwTAPu\niwxSdWPFqHUBwp30g8i/NvhCelWh+pVPhbodn14r8DXMU/arw5EpEqmcj3IPFapr\ncrRRrpsPSiMqo5rdC5CH6Y1+Cel1W4IJp7lo6cgpSjAuNTvLIcJDpAFnImWy/Zr9\nUbGOh5mkF5PsVN9chc1gLjTPbgSQUcN0oX+rQjx0bqT7Tt6Y66W5wCrKLrL5blHq\nm08pAzEiFKb5srEK6ouvoGUv9DnoC9GwbXJq9RJDIwi4SW3LduQ2/vmFyj00LyaL\nOKL6mI3sAS9p8Vkl6KabjY8BdnKp7dnuEmJtQicZVAJkvHy8aThkF/NtfOMCAwEA\nAQKCAgAP4Xk90clps7/o7Du4Jv9wsDXWC7YQ+93zYkBsdqUQZJ14pTPzko3d5z5C\ny0tISNRFkDrebj5kMuBZ1CHhiqsU7aBeT4B8MplkGRrR/84SeFhxRi/DOYVtr9TB\nadF/eJTvfOEoEM8oQcZXFA67UAe1QwPjlSHJFEgHSNmcXs74FW8nqGEaSzwkgWe3\nS2Mwd5MjxIuWLxSHhsjZ4JiSXo6tP5le9VXv3eyS+ECAnx/ObbWrXMid
 1D/wZffx\nJYzycLvH3zXpw203wH3NvKzTbZ/zyuY4Q9w7lx4+Z0EEdb7DaTKI5C00bxmlhQUB\n7C/hb32hu4R+pa7e5Z5soS5dfCaZ0qFJRDAgM2h19zSkbXV/XtMOdbk6sZdAhYOD\nqlpRfdKXuFeeBrffY/zxmjetgv1bJnvIsCG9x92p6ocfd3k7GE5GMnRkCuh3uVQT\nE6rjQty4pwOt+dHg0AV8SLFDZ6T8Vm4rw6BhZDiZO12DKhrAjCTeeLHewsy5owcW\nt/EMpqv5m9eSk81+PmFhuXlUB4NXBVXeRXW5hEyAf99wZ+7ErxaaN2kDNxiJ56PU\nbhm3Bu6tb0atrPYBPWKxToWARJ9VS/GIrXE5l1X9QbJDn9RrMW7ypKYOYZEBxpNX\nUz/t+hENVqrC0h/7qE3VtypQQ6H1t6RM+vK6DFMKx254h4m+sQKCAQEA7peT+fuv\ni/965IwRn4CAs1J6u8ow4+eknivWoiolOvaoEBTyCdTm3GUtB3db2wDNkQDvd/Pr\n9ZnjxwWfMDRz2h6jPRf2+maFmcw9cxEgd5NZcWX9Uir6UB5eue/WHLejWjmOK4nn\nUh+g2zjU14rnCR4wCoapRHi+6YvkKvUE3AQa17UfzkH1k/jeHsmFPBcvTfPsWWVw\nOarVBAb23TU5YMRzQPhEyM2/qZyl/0LDcGsrMFit4TcH640V8rRviJvF/JA+DO7v\nu44jz8463l2TkeEKbo0VV3eocMyGflk3qRbo4dETURVop4b3Qw3kucsdGQnvBJj2\nvcZhxNU7n6I9OwKCAQEA0J1M4oSlefbTUbMTz82rUWC1jfq5xBX4koYDFpvwNePQ\n9tHZgN5vRxoyvcASyeKciJeN68iIcoi587IDfZTwblCk5NtsEtifSFZmFScY+zZl\n84Bf/SkjHadRCdULMjfmSLSROcRYZ7vKK4m1Nq5We40S7fFBhoEIEOc
 ZGwZNA3V7\nLjwiFgOj9yMv+svYdSdkoUWoJ+i/zABFYp82j/PoFLEqB0Z6Sq8xuv3+CKVszm9t\nlKCAneh2TnRGG99/v6XeP+MqqerHCsf8GoF5vF5ZTPZEKH0DOS0sfLeD8PIPPpJZ\n7gKZYWqnSy9NAbZcJVjEOygvasCU9p+bWOiIKELkeQKCAQB1hmCzsJBGK7BDR+Oe\nZ9P9gNFIE06F1KK37uwosQ3pv3oFgeu/gAm/4m6N0POEKx8XIBjVQ2elcQpMDK7f\nNdcjSBgsjdNwgHOq0HosZfFSNVjHjO99PAJU2MDcYhFbz/E9DkDDnYg+YaoAkjv1\neExZp28OoEpcmgWgUPIxXsPoBHWcb3GdTcxD+UCgda+Va+43PcHcPyVKoqWO+Ec9\nq2v6CIqlJCXtq7uPNsRlumM+yutZQzVTTKIwGy0Ggm62IdUilYKbKE8aWee2AuXo\nhrucDffvgLtUfHKSLYzKS/Qo7EoGgdA8Domgi9DcTMmv4ycQIF6GKzrPPBsIs+hM\nt8PlAoIBAFneugWHkWYGcCjtFaba+mfXWr9seOTBdlFhDCmMSiJdH2OFKcc7jAK8\nhYl7Gl0Ak+DAMXKW9DkrL7iNQrWyGRXdBfxVjqxbx9q45cdNDZUDbU5GSpPcSfV3\nZBDxR559uGYv67RQIqmlm8W/0GJbHoShVLtOyKSyJ5Bojkc3IqxPyx4y55hGPzez\nX/MSKBDoRJC5WmS+/wlaQIno/u9q6tsnK2zw7rQH30uoKez9nu8bz8BMmLvuLjFE\nJAPT98vPH/yz12hV7SN23eNpTdFZb+0Y1mn+2QmjrVuZD20YSnrxP26qjfsKoEFi\ngjEvp2irYfX+LNc3WbUZMypNGoMFtjkCggEBAOqIVYAdeRnvlmvzHc9FX2sqyTMS\n8BpwqpNXDh0ThecSnJfxPZvv51gJjToW18i3yu2LrEmVbvzL5MNU27
 Mp7aLxCKl1\nDw2ZDCSByRqTvisiLfPRjY+EQ5H8haiP3mnXldIEceH8/U5B2tFWi0K9W1CT7IDw\nlyfBthZEzTSbbwD5we9OPreM5YYbOketa+FVS7MjxHGYkHYdwZICka1H4OTnQlZn\nAA6O6inwpG5pvj/tE1CFGZFd27VWDyWGB6wqA3so9NzFiKe4EZIxh7qvIiERanZy\nSmdo5+hY6/He2ImkH0LzY/GPd8t8CJelvtmtiW6Su3Ko4bQWFWGkOxIaoNw=\n-----END
RSA PRIVATE KEY-----";


        RSA *private_key;
        BIO *private_bio;

/////////////////////////////////////////////////////

   private_bio = BIO_new_mem_buf(privkey, -1);
   if(private_bio == NULL) {
      ERR_print_errors_fp(stdout);
      return 1;
   }

   private_key = PEM_read_bio_RSAPrivateKey(private_bio, NULL, NULL, NULL);
   if(private_key == NULL) {
      ERR_print_errors_fp(stdout);
   }

        signature = (unsigned char*) malloc(RSA_size(private_key));
        if(RSA_sign(NID_sha1, (unsigned char*) message, strlen(message),
signature, &slen, private_key) != 1) {
                ERR_print_errors_fp(stdout);
        }

        printf("%s", signature);

        RSA_free(private_key);

        return 0;
}







[root@devhost1 openssl]# cat verify.c
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>

#include <openssl/bio.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/err.h>


int main(void)
{

        unsigned char *message = "blah";
        unsigned char signature[4096];
        unsigned int slen;
        unsigned int verified;

        static char *pubkey = "-----BEGIN PUBLIC
KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwm3C2PotN3uzg6pUqpLM\nkxa9xsgA/V3TrfG9RbrriIVr5xF78rqtPTgzXUhcYAkEd2ROjtrI4WfZ91G3e9d5\nsR/1275UD0KAxkzxwOcWWMfZ0YullcwYQayd4Ke2msLaXbm65Gd0BfmGSCMX7fWH\nEWUCwSklXEFI0I2Zz7fZsCdeynaLGnZupsmKGa+t7XsgiVWfDGsQPcFee7285tnW\nxEgNUlaahySbLsNh11UAyqdKtDifSDUSuuPxnE+tvi3r2O17Yj77m9fnDAbRYHta\n+wTtKlPoD9iuV5bCoOpMejxBVNNKG6ganp117ivMC6OPYs+QxSM5FNOikIETZoLB\nBZV2M1T84i0pTat901OQZkhwTAPuiwxSdWPFqHUBwp30g8i/NvhCelWh+pVPhbod\nn14r8DXMU/arw5EpEqmcj3IPFaprcrRRrpsPSiMqo5rdC5CH6Y1+Cel1W4IJp7lo\n6cgpSjAuNTvLIcJDpAFnImWy/Zr9UbGOh5mkF5PsVN9chc1gLjTPbgSQUcN0oX+r\nQjx0bqT7Tt6Y66W5wCrKLrL5blHqm08pAzEiFKb5srEK6ouvoGUv9DnoC9GwbXJq\n9RJDIwi4SW3LduQ2/vmFyj00LyaLOKL6mI3sAS9p8Vkl6KabjY8BdnKp7dnuEmJt\nQicZVAJkvHy8aThkF/NtfOMCAwEAAQ==\n-----END
PUBLIC KEY-----";



        FILE *fp = fopen("blah.sig","r");
        fread(signature, 1, sizeof(signature), fp);
        close(fp);

        slen = strlen(signature);

        RSA *public_key;
        BIO *public_bio;

        public_bio = BIO_new_mem_buf(pubkey, -1);
        if(public_bio == NULL) {
                ERR_print_errors_fp(stdout);
                return 1;
        }

        public_key = PEM_read_bio_RSA_PUBKEY(public_bio, NULL, NULL, NULL);
   if(public_key == NULL) {
      ERR_print_errors_fp(stdout);
   }
        verified = RSA_verify(NID_sha1, message, strlen((char*)message),
signature, slen, public_key);


        printf("VERIFIED: %d\n",verified);

        RSA_free(public_key);

        return 0;
}


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: sign/verify kicking my ass

Victor Duchovni
On Sat, Nov 22, 2008 at 10:38:18AM -0800, Shaun R. wrote:

> Can anybody help me out, not sure whats going wrong.  My test case right
> now is the following
>
>        signature = (unsigned char*) malloc(RSA_size(private_key));
>        if(RSA_sign(NID_sha1, (unsigned char*) message, strlen(message),
> signature, &slen, private_key) != 1) {
>                ERR_print_errors_fp(stdout);
>        }
>
>        printf("%s", signature);

The signature is not a NUL terminated C-string, so using "printf" is
not the right way to save it to a file. You are throwing away "slen",
don't.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: sign/verify kicking my ass

Dr. Stephen Henson
In reply to this post by ShaunR
On Sat, Nov 22, 2008, Shaun R. wrote:

> Can anybody help me out, not sure whats going wrong.  My test case right
> now is the following
>
> gcc sign.c -o sign -lcrypto
> gcc verify.c -o verify -lcrypto
> ./sign > blah.sig
> ./verify
>
>

RSA_sign() and RSA_verify() don't sign arbitrary data they expect the
digest of the data being signed/verified.

If you want an API that does sign arbitrary data use EVP_Sign*() and
EVP_Verify*() instead.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: sign/verify kicking my ass

ShaunR
In reply to this post by Victor Duchovni
I used fwrite(signature,1,strlen(signature),fp) and got the same results.



-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Victor Duchovni
Sent: Saturday, November 22, 2008 1:25 PM
To: [hidden email]
Subject: Re: sign/verify kicking my ass

On Sat, Nov 22, 2008 at 10:38:18AM -0800, Shaun R. wrote:

> Can anybody help me out, not sure whats going wrong.  My test case right
> now is the following
>
>        signature = (unsigned char*) malloc(RSA_size(private_key));
>        if(RSA_sign(NID_sha1, (unsigned char*) message, strlen(message),
> signature, &slen, private_key) != 1) {
>                ERR_print_errors_fp(stdout);
>        }
>
>        printf("%s", signature);

The signature is not a NUL terminated C-string, so using "printf" is
not the right way to save it to a file. You are throwing away "slen",
don't.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: sign/verify kicking my ass

ShaunR
In reply to this post by Dr. Stephen Henson
Well in this case I'm signing blah but I'm really trying to sign a base64
string.  I'm just trying to use sign/verify to ensure that what was sent (a
base64 encoded message that's maybe 1024 chars long max) is real



-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Dr. Stephen Henson
Sent: Saturday, November 22, 2008 1:45 PM
To: [hidden email]
Subject: Re: sign/verify kicking my ass

On Sat, Nov 22, 2008, Shaun R. wrote:

> Can anybody help me out, not sure whats going wrong.  My test case right
> now is the following
>
> gcc sign.c -o sign -lcrypto
> gcc verify.c -o verify -lcrypto
> ./sign > blah.sig
> ./verify
>
>

RSA_sign() and RSA_verify() don't sign arbitrary data they expect the
digest of the data being signed/verified.

If you want an API that does sign arbitrary data use EVP_Sign*() and
EVP_Verify*() instead.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: sign/verify kicking my ass

Victor Duchovni
In reply to this post by ShaunR
On Mon, Nov 24, 2008 at 05:59:39PM -0800, Shaun wrote:

> I used fwrite(signature,1,strlen(signature),fp) and got the same results.

Which part of length of signature != strlen(signature) because signature
is not a NUL terminated C-string is not clear?

Which part of 'you are throwing away "slen"' is not clear?

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Victor Duchovni
> Sent: Saturday, November 22, 2008 1:25 PM
> To: [hidden email]
> Subject: Re: sign/verify kicking my ass
>
> On Sat, Nov 22, 2008 at 10:38:18AM -0800, Shaun R. wrote:
>
> > Can anybody help me out, not sure whats going wrong.  My test case right
> > now is the following
> >
> >        signature = (unsigned char*) malloc(RSA_size(private_key));
> >        if(RSA_sign(NID_sha1, (unsigned char*) message, strlen(message),
> > signature, &slen, private_key) != 1) {
> >                ERR_print_errors_fp(stdout);
> >        }
> >
> >        printf("%s", signature);
>
> The signature is not a NUL terminated C-string, so using "printf" is
> not the right way to save it to a file. You are throwing away "slen",
> don't.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: sign/verify kicking my ass

JoelKatz

> > I used fwrite(signature,1,strlen(signature),fp) and got the
> > same results.

        You seem to have a fundamental misunderstanding about how strings work in
C. That's not good for someone writing security software. The 'strlen'
function computes the length of a C-style string. The signature *IS* *NOT* a
C-style string. It *MUST* *NOT* be passed to 'strlen'.

        Also, this code has a problem:

        if(RSA_sign(NID_sha1, (unsigned char*) message, strlen(message),
signature, &slen, private_key) != 1) {

        You are telling RSA_sign that you are using it to sign a SHA1 hash, but the
message is not a SHA1 hash. I believe this will currently sort of work, but
it's very bad practice.

        You should not be using low-level RSA functions unless you really
understand RSA. You have already gotten, in the previous round, perfectly
clear explanations of this:

"RSA_sign() and RSA_verify() don't sign arbitrary data they expect the
digest of the data being signed/verified.
If you want an API that does sign arbitrary data use EVP_Sign*() and
EVP_Verify*() instead."

        You are still neither calling the EVP_* functions nor generating a hash.

        and

"The signature is not a NUL terminated C-string, so using "printf" is
not the right way to save it to a file. You are throwing away "slen",
don't."

        You are still treating the signature as if it was a C-style string and
throwing away slen.

        What's the point of asking questions if you ignore the answers?

        DS



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: sign/verify kicking my ass

Patrick Patterson-3
In reply to this post by ShaunR
Shaun wrote:
> I used fwrite(signature,1,strlen(signature),fp) and got the same results.
>
>
Ok - strlen does the same thing as printf - it stops at a NULL. Since
the signature is NOT guaranteed to not contain a NULL, you can't use any
function that keys off of a NULL character. Which means that you need to
use read() and write() directly. Either that, or convert the unsigned
char * buffer that you have the signature in to be in a form that is
"string" friendly (base64 or simple hexify) and then print THAT out.

Have fun.

Patrick.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: sign/verify kicking my ass

ShaunR
In reply to this post by Victor Duchovni
Ahh, ok... When you first said that you where just saying printf was wrong
to use because it was not a string, it makes sense that strlen wouldn't work
either, i just missed that.  

I know I'm throwing away slen in the example, I'm curious how I would pass
it along though in my tests with two separate programs, I would have to pass
the size along too somehow right?  Couldn't I use RSA_size(pubkey) to set
slen?


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Victor Duchovni
Sent: Monday, November 24, 2008 6:41 PM
To: [hidden email]
Subject: Re: sign/verify kicking my ass

On Mon, Nov 24, 2008 at 05:59:39PM -0800, Shaun wrote:

> I used fwrite(signature,1,strlen(signature),fp) and got the same results.

Which part of length of signature != strlen(signature) because signature
is not a NUL terminated C-string is not clear?

Which part of 'you are throwing away "slen"' is not clear?

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Victor Duchovni
> Sent: Saturday, November 22, 2008 1:25 PM
> To: [hidden email]
> Subject: Re: sign/verify kicking my ass
>
> On Sat, Nov 22, 2008 at 10:38:18AM -0800, Shaun R. wrote:
>
> > Can anybody help me out, not sure whats going wrong.  My test case right

> > now is the following
> >
> >        signature = (unsigned char*) malloc(RSA_size(private_key));
> >        if(RSA_sign(NID_sha1, (unsigned char*) message, strlen(message),
> > signature, &slen, private_key) != 1) {
> >                ERR_print_errors_fp(stdout);
> >        }
> >
> >        printf("%s", signature);
>
> The signature is not a NUL terminated C-string, so using "printf" is
> not the right way to save it to a file. You are throwing away "slen",
> don't.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: sign/verify kicking my ass

ShaunR
In reply to this post by JoelKatz
Is there another way in C to use openssl's sign/verify/encrypt/decrypt
without using the low-level api?  I got my test prog working, I guess I need
to figure out how to do a SHA1 hash of my data next.

~Shaun

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of David Schwartz
Sent: Monday, November 24, 2008 7:11 PM
To: [hidden email]
Subject: RE: sign/verify kicking my ass


> > I used fwrite(signature,1,strlen(signature),fp) and got the
> > same results.

        You seem to have a fundamental misunderstanding about how strings
work in
C. That's not good for someone writing security software. The 'strlen'
function computes the length of a C-style string. The signature *IS* *NOT* a
C-style string. It *MUST* *NOT* be passed to 'strlen'.

        Also, this code has a problem:

        if(RSA_sign(NID_sha1, (unsigned char*) message, strlen(message),
signature, &slen, private_key) != 1) {

        You are telling RSA_sign that you are using it to sign a SHA1 hash,
but the
message is not a SHA1 hash. I believe this will currently sort of work, but
it's very bad practice.

        You should not be using low-level RSA functions unless you really
understand RSA. You have already gotten, in the previous round, perfectly
clear explanations of this:

"RSA_sign() and RSA_verify() don't sign arbitrary data they expect the
digest of the data being signed/verified.
If you want an API that does sign arbitrary data use EVP_Sign*() and
EVP_Verify*() instead."

        You are still neither calling the EVP_* functions nor generating a
hash.

        and

"The signature is not a NUL terminated C-string, so using "printf" is
not the right way to save it to a file. You are throwing away "slen",
don't."

        You are still treating the signature as if it was a C-style string
and
throwing away slen.

        What's the point of asking questions if you ignore the answers?

        DS



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: sign/verify kicking my ass

Goetz Babin-Ebell
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shaun wrote:
| Is there another way in C to use openssl's sign/verify/encrypt/decrypt
| without using the low-level api?  I got my test prog working, I guess
I need
| to figure out how to do a SHA1 hash of my data next.

Your friends are
* to sign:   EVP_SignInit, EVP_SignUpdate and EVP_SignFinal
* to verify: EVP_VerifyInit, EVP_VerifyUpdate and EVP_VerifyFinal
* to encrypt: EVP_EncryptInit, EVP_EncryptUpdate and EVP_EncryptFinal
* to decrypt: EVP_DecryptInit, EVP_DecryptUpdate and EVP_DecryptFinal

With your experience you really should not use the RSA_* functions
directly.

And beware: all these functions handle *binary* data, calling string
functions on data generated by them is simply wrong.


I think the RSA_sign man page should get a warning and a pointer
to the EVP interface.


Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJLE0d2iGqZUF3qPYRAs2ZAJ9ie6ev4bXXWQxOTdBMNCjnQzjSHgCfSxGK
tOE3jgsenLkcx4TNdNTVRXs=
=yZKz
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: sign/verify kicking my ass

ShaunR
I'm really going to be using php to encrypt/sign (
openssl_private_encrypt(), openssl_sign() ) I don't see any EVP functions
from php, I'm assuming I can use EVP_* to decrypt/verify these?  Is RSA just
a lower level api where as the EVP's are more for the beginner guys like me?
:)

~Shaun



-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Goetz Babin-Ebell
Sent: Tuesday, November 25, 2008 11:08 AM
To: [hidden email]
Subject: Re: sign/verify kicking my ass

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shaun wrote:
| Is there another way in C to use openssl's sign/verify/encrypt/decrypt
| without using the low-level api?  I got my test prog working, I guess
I need
| to figure out how to do a SHA1 hash of my data next.

Your friends are
* to sign:   EVP_SignInit, EVP_SignUpdate and EVP_SignFinal
* to verify: EVP_VerifyInit, EVP_VerifyUpdate and EVP_VerifyFinal
* to encrypt: EVP_EncryptInit, EVP_EncryptUpdate and EVP_EncryptFinal
* to decrypt: EVP_DecryptInit, EVP_DecryptUpdate and EVP_DecryptFinal

With your experience you really should not use the RSA_* functions
directly.

And beware: all these functions handle *binary* data, calling string
functions on data generated by them is simply wrong.


I think the RSA_sign man page should get a warning and a pointer
to the EVP interface.


Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJLE0d2iGqZUF3qPYRAs2ZAJ9ie6ev4bXXWQxOTdBMNCjnQzjSHgCfSxGK
tOE3jgsenLkcx4TNdNTVRXs=
=yZKz
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: sign/verify kicking my ass

Goetz Babin-Ebell
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shaun wrote:
| I'm really going to be using php to encrypt/sign (
| openssl_private_encrypt(), openssl_sign() ) I don't see any EVP functions
| from php,

Hm. There must be something wrong here.
I'm almost sure that the EVP interface is available to PHP.
Could any PHP user please shed some light ?

| I'm assuming I can use EVP_* to decrypt/verify these?  Is RSA just
| a lower level api where as the EVP's are more for the beginner guys
like me?

Absolutely.

The RSA low level encrypt / decrypt / sign functions are
available for special cases for experienced users that really know
what they are doing.

For all normal operations there is the EVP (or even the SMIME/PKCS7)
interface...


Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJLHNs2iGqZUF3qPYRAnuiAJ4nDjYApPZlZq6uuLtpKyDrlqgTnQCZAbRH
sJ0e+meqa+pA8LYZABA6kck=
=D6Oy
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: sign/verify kicking my ass

sajupaul
when building php; include the --with-openssl= option

- on unix/linux platforms it would look something like...

./configure --with-openssl=[DIR]; does a dynamic bind of libssl & libcrypto
libraries.

check the built php binary with the ldd command.

Saju
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Goetz Babin-Ebell
Sent: Tuesday, November 25, 2008 4:52 PM
To: [hidden email]
Subject: Re: sign/verify kicking my ass


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shaun wrote:
| I'm really going to be using php to encrypt/sign (
| openssl_private_encrypt(), openssl_sign() ) I don't see any EVP functions
| from php,

Hm. There must be something wrong here.
I'm almost sure that the EVP interface is available to PHP.
Could any PHP user please shed some light ?

| I'm assuming I can use EVP_* to decrypt/verify these?  Is RSA just
| a lower level api where as the EVP's are more for the beginner guys
like me?

Absolutely.

The RSA low level encrypt / decrypt / sign functions are
available for special cases for experienced users that really know
what they are doing.

For all normal operations there is the EVP (or even the SMIME/PKCS7)
interface...


Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJLHNs2iGqZUF3qPYRAnuiAJ4nDjYApPZlZq6uuLtpKyDrlqgTnQCZAbRH
sJ0e+meqa+pA8LYZABA6kck=
=D6Oy
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: sign/verify kicking my ass

ShaunR
Yes, that's required to use the openssl functions in php... but still
doesn't explain where the EVP functions are...


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Saju Paul
Sent: Tuesday, November 25, 2008 2:03 PM
To: [hidden email]
Subject: RE: sign/verify kicking my ass

when building php; include the --with-openssl= option

- on unix/linux platforms it would look something like...

./configure --with-openssl=[DIR]; does a dynamic bind of libssl & libcrypto
libraries.

check the built php binary with the ldd command.

Saju
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Goetz Babin-Ebell
Sent: Tuesday, November 25, 2008 4:52 PM
To: [hidden email]
Subject: Re: sign/verify kicking my ass


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shaun wrote:
| I'm really going to be using php to encrypt/sign (
| openssl_private_encrypt(), openssl_sign() ) I don't see any EVP functions
| from php,

Hm. There must be something wrong here.
I'm almost sure that the EVP interface is available to PHP.
Could any PHP user please shed some light ?

| I'm assuming I can use EVP_* to decrypt/verify these?  Is RSA just
| a lower level api where as the EVP's are more for the beginner guys
like me?

Absolutely.

The RSA low level encrypt / decrypt / sign functions are
available for special cases for experienced users that really know
what they are doing.

For all normal operations there is the EVP (or even the SMIME/PKCS7)
interface...


Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJLHNs2iGqZUF3qPYRAnuiAJ4nDjYApPZlZq6uuLtpKyDrlqgTnQCZAbRH
sJ0e+meqa+pA8LYZABA6kck=
=D6Oy
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: sign/verify kicking my ass

ShaunR
In reply to this post by Goetz Babin-Ebell
Ok well if the EVP interface and the RSA interface pretty much do the same
thing I would imagine that the php openssl_sign and openssl_private_encrypt
functions will generate a signature/encrypted data that EVP can
verify/decrypt?

At the moment I can get openssl_sign and RSA_sign to generate the same
output.

~Shaun


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Goetz Babin-Ebell
Sent: Tuesday, November 25, 2008 1:52 PM
To: [hidden email]
Subject: Re: sign/verify kicking my ass

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shaun wrote:
| I'm really going to be using php to encrypt/sign (
| openssl_private_encrypt(), openssl_sign() ) I don't see any EVP functions
| from php,

Hm. There must be something wrong here.
I'm almost sure that the EVP interface is available to PHP.
Could any PHP user please shed some light ?

| I'm assuming I can use EVP_* to decrypt/verify these?  Is RSA just
| a lower level api where as the EVP's are more for the beginner guys
like me?

Absolutely.

The RSA low level encrypt / decrypt / sign functions are
available for special cases for experienced users that really know
what they are doing.

For all normal operations there is the EVP (or even the SMIME/PKCS7)
interface...


Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJLHNs2iGqZUF3qPYRAnuiAJ4nDjYApPZlZq6uuLtpKyDrlqgTnQCZAbRH
sJ0e+meqa+pA8LYZABA6kck=
=D6Oy
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: sign/verify kicking my ass

sajupaul
In reply to this post by ShaunR
The EVP functions should be in OpenSSL's crypto library.

some examples written in C

http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node22.html

http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node23.html 

Saju
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Shaun
Sent: Tuesday, November 25, 2008 7:38 PM
To: [hidden email]
Subject: RE: sign/verify kicking my ass

Yes, that's required to use the openssl functions in php... but still
doesn't explain where the EVP functions are...


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Saju Paul
Sent: Tuesday, November 25, 2008 2:03 PM
To: [hidden email]
Subject: RE: sign/verify kicking my ass

when building php; include the --with-openssl= option

- on unix/linux platforms it would look something like...

./configure --with-openssl=[DIR]; does a dynamic bind of libssl & libcrypto
libraries.

check the built php binary with the ldd command.

Saju
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Goetz Babin-Ebell
Sent: Tuesday, November 25, 2008 4:52 PM
To: [hidden email]
Subject: Re: sign/verify kicking my ass


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shaun wrote:
| I'm really going to be using php to encrypt/sign (
| openssl_private_encrypt(), openssl_sign() ) I don't see any EVP functions
| from php,

Hm. There must be something wrong here.
I'm almost sure that the EVP interface is available to PHP.
Could any PHP user please shed some light ?

| I'm assuming I can use EVP_* to decrypt/verify these?  Is RSA just
| a lower level api where as the EVP's are more for the beginner guys
like me?

Absolutely.

The RSA low level encrypt / decrypt / sign functions are
available for special cases for experienced users that really know
what they are doing.

For all normal operations there is the EVP (or even the SMIME/PKCS7)
interface...


Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJLHNs2iGqZUF3qPYRAnuiAJ4nDjYApPZlZq6uuLtpKyDrlqgTnQCZAbRH
sJ0e+meqa+pA8LYZABA6kck=
=D6Oy
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.175 / Virus Database: 270.9.10/1812 - Release Date: 11/25/2008
7:53 PM

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: sign/verify kicking my ass

ShaunR
EVP function in php...

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Saju
Sent: Tuesday, November 25, 2008 5:15 PM
To: [hidden email]
Subject: RE: sign/verify kicking my ass

The EVP functions should be in OpenSSL's crypto library.

some examples written in C

http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node22.html

http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node23.html 

Saju
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Shaun
Sent: Tuesday, November 25, 2008 7:38 PM
To: [hidden email]
Subject: RE: sign/verify kicking my ass

Yes, that's required to use the openssl functions in php... but still
doesn't explain where the EVP functions are...


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Saju Paul
Sent: Tuesday, November 25, 2008 2:03 PM
To: [hidden email]
Subject: RE: sign/verify kicking my ass

when building php; include the --with-openssl= option

- on unix/linux platforms it would look something like...

./configure --with-openssl=[DIR]; does a dynamic bind of libssl & libcrypto
libraries.

check the built php binary with the ldd command.

Saju
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Goetz Babin-Ebell
Sent: Tuesday, November 25, 2008 4:52 PM
To: [hidden email]
Subject: Re: sign/verify kicking my ass


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shaun wrote:
| I'm really going to be using php to encrypt/sign (
| openssl_private_encrypt(), openssl_sign() ) I don't see any EVP functions
| from php,

Hm. There must be something wrong here.
I'm almost sure that the EVP interface is available to PHP.
Could any PHP user please shed some light ?

| I'm assuming I can use EVP_* to decrypt/verify these?  Is RSA just
| a lower level api where as the EVP's are more for the beginner guys
like me?

Absolutely.

The RSA low level encrypt / decrypt / sign functions are
available for special cases for experienced users that really know
what they are doing.

For all normal operations there is the EVP (or even the SMIME/PKCS7)
interface...


Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJLHNs2iGqZUF3qPYRAnuiAJ4nDjYApPZlZq6uuLtpKyDrlqgTnQCZAbRH
sJ0e+meqa+pA8LYZABA6kck=
=D6Oy
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.175 / Virus Database: 270.9.10/1812 - Release Date: 11/25/2008
7:53 PM

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: sign/verify kicking my ass

Ger Hobbelt
Check out the PHP manual pages for openssl_seal() et al here:

http://nl2.php.net/manual/en/function.openssl-sign.php

There's no straight-through API offering the EVP functionality in PHP, AFAIK.

... though, personally, I'd rather code this kind of stuff in C (or
C++) and then bind that through a fresh bit of API into PHP if it's
got to appear in there, but that's probably just me. (I consider it a
'VB coder barrier' (after 15+ years in the biz, I have yet to meet the
first 'VB software engineer'): generally speaking, if you can't handle
'C', well, then that /might/ be a hint you shouldn't try your hand at
crypto unattended. Ah well, sometimes we have to make do...

Best of luck with this!

Ger


On Wed, Nov 26, 2008 at 2:26 AM, Shaun <[hidden email]> wrote:
> EVP function in php...



--
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--------------------------------------------------
web:    http://www.hobbelt.com/
        http://www.hebbut.net/
mail:   [hidden email]
mobile: +31-6-11 120 978
--------------------------------------------------
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: sign/verify kicking my ass

ShaunR
In reply to this post by Goetz Babin-Ebell
OK, i converted over to EVP_*, the sign/verify works but now i'm confused
about decrypt, for EVP_DecryptInit i need to tell it a CIPHER but i dont see
RSA in the cipher listings on
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html#  Looking closer at
the man page it looks like RSA isnt considered a cipher, what should i be
using to decrypt RSA messages?

~Shaun

"Goetz Babin-Ebell" <[hidden email]> wrote in
message news:[hidden email]...

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Shaun wrote:
> | Is there another way in C to use openssl's sign/verify/encrypt/decrypt
> | without using the low-level api?  I got my test prog working, I guess
> I need
> | to figure out how to do a SHA1 hash of my data next.
>
> Your friends are
> * to sign:   EVP_SignInit, EVP_SignUpdate and EVP_SignFinal
> * to verify: EVP_VerifyInit, EVP_VerifyUpdate and EVP_VerifyFinal
> * to encrypt: EVP_EncryptInit, EVP_EncryptUpdate and EVP_EncryptFinal
> * to decrypt: EVP_DecryptInit, EVP_DecryptUpdate and EVP_DecryptFinal
>
> With your experience you really should not use the RSA_* functions
> directly.
>
> And beware: all these functions handle *binary* data, calling string
> functions on data generated by them is simply wrong.
>
>
> I think the RSA_sign man page should get a warning and a pointer
> to the EVP interface.
>
>
> Goetz
>
> - --
> DMCA: The greed of the few outweighs the freedom of the many
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.4-svn0 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJLE0d2iGqZUF3qPYRAs2ZAJ9ie6ev4bXXWQxOTdBMNCjnQzjSHgCfSxGK
> tOE3jgsenLkcx4TNdNTVRXs=
> =yZKz
> -----END PGP SIGNATURE-----
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List
> [hidden email]
> Automated List Manager
> [hidden email]
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
12