PEM_read_bio_RSAPublicKey equivalent API which returns EVP_PKEY

Paramashivaiah, Sunil Sunil.Paramashivaiah at rbbn.com
Thu Apr 15 04:30:46 UTC 2021


Hi Skip Carter,

         Thanks for your reply.
         I replaced the code as you suggested, but I am getting below errors.
         It looks like I can't use RSA related APIs and data structures with Openssl 3.0.Please suggest if you know how to resolve these.
         I have included headers #include <openssl/pem.h>,#include <openssl/rsa.h>,#include <openssl/evp.h> and #include <openssl/types.h>

error: 'RSA' was not declared in this scope
     RSA *rsa = NULL;
      ^~~
error: 'rsa' was not declared in this scope
      RSA *rsa = NULL;
           ^~~
note: suggested alternative: 'read'
      RSA *rsa = NULL;
           ^~~
           read
error: 'PEM_read_bio_RSAPublicKey' was not declared in this scope
          rsa = PEM_read_bio_RSAPublicKey(keybio, NULL, NULL, NULL);
                ^~~~~~~~~~~~~~~~~~~~~~~~~
note: suggested alternative: 'PEM_read_bio_PrivateKey'
          rsa = PEM_read_bio_RSAPublicKey(keybio, NULL, NULL, NULL);
                ^~~~~~~~~~~~~~~~~~~~~~~~~
                PEM_read_bio_PrivateKey
error: 'EVP_PKEY_assign_RSA' was not declared in this scope
          EVP_PKEY_assign_RSA(evpkey, rsa);
          ^~~~~~~~~~~~~~~~~~~
note: suggested alternative: 'EVP_PKEY_assign_DSA'
          EVP_PKEY_assign_RSA(evpkey, rsa);
          ^~~~~~~~~~~~~~~~~~~

Thanks and Regards,
Sunil

________________________________
From: Skip Carter <skip at taygeta.com>
Sent: 14 April 2021 20:58
To: Paramashivaiah, Sunil <Sunil.Paramashivaiah at rbbn.com>
Subject: Re: PEM_read_bio_RSAPublicKey equivalent API which returns EVP_PKEY

NOTICE: This email was received from an EXTERNAL sender.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

I accomplished this with:

RSA *rsa = NULL;

rsa = PEM_read_bio_RSAPublicKey(keybio,NULL,0,NULL);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey,rsa);


On Wed, 2021-04-14 at 11:26 +0000, Paramashivaiah, Sunil wrote:
> NEW CODE:
>
> EVP_PKEY *evpkey = NULL;
> BIO *keybio ;
> keybio = BIO_new_mem_buf((void*)key, -1);
>
> if (!keybio)
> {
>    return NULL;
> }
>
> if ( isPKCS1 == false )
> {
>    evpkey = PEM_read_bio_PUBKEY(keybio, NULL, NULL, NULL);
> }
> else
> {
>    // PROBLEM: what is the alternate API to replace PEM_read_bio_RSAPublicKey
>
> }
> --------------------------------------------------------------------------------------
> -----------------------------------------------------------------------------------
>
>
>
> Thanks and Regards,
> Sunil
>
> From: openssl-users <openssl-users-bounces at openssl.org> on behalf of
> openssl-users-request at openssl.org <openssl-users-request at openssl.org>
> Sent: 12 April 2021 22:12
> To: openssl-users at openssl.org <openssl-users at openssl.org>
> Subject: openssl-users Digest, Vol 77, Issue 20
>
> NOTICE: This email was received from an EXTERNAL sender.
>
>
> Send openssl-users mailing list submissions to
>         openssl-users at openssl.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> https://clicktime.symantec.com/37QJxo4UvenQwPJPNZ1QT2K6H2?u=https%3A%2F%2Fmta.openssl.org%2Fmailman%2Flistinfo%2Fopenssl-users
> or, via email, send a message with subject or body 'help' to
>         openssl-users-request at openssl.org
>
> You can reach the person managing the list at
>         openssl-users-owner at openssl.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of openssl-users digest..."
>
>
> Today's Topics:
>
>    1. Re: EVP_MAC_init() in 3.0 alpha 13 (Hal Murray)
>    2. Re: EVP_MAC_init() in 3.0 alpha 13 (Tomas Mraz)
>    3. Re: error: redefinition of ?struct rsa_meth_st? (Shariful Alam)
>    4. Re: PEM_read_bio_RSAPublicKey equivalent API which returns
>       EVP_PKEY (Richard Levitte)
>    5. Re: error: redefinition of ?struct rsa_meth_st? (Matt Caswell)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 12 Apr 2021 05:48:57 -0700
> From: Hal Murray <hmurray at megapathdsl.net>
> To: Dr Paul Dale <pauli at openssl.org>
> Cc: openssl-users at openssl.org
> Subject: Re: EVP_MAC_init() in 3.0 alpha 13
> Message-ID:
>         <20210412124857.623AB40605C at ip-64-139-1-69.sjc.megapath.net>
> Content-Type: text/plain; charset=us-ascii
>
>
> > Did you attempt to pass NULL for the key and zero for it's length to the
> > EVP_MAC_init() call?
>
> Yes.
>
> We can do better.  If we have to use dup/free, we can move the EVP_MAC_init()
> to before the dup, out of the timing path.
>
> My model is that initialization is 2 parts.  The first is turning the key into
> a big table.  The second is initializing a small amount of state that is
> whatever is needed/updated by EVP_MAC_update().
>
> I was hoping that EVP_MAC_init() with NULL key would bypass the first step and
> do the second.
>
> If the second step involves a lot of computation we get into the space/time
> tradeoff of computing it during step one and saving it in case EVP_MAC_init is
> called with NULL key.
>
> If there was a copy operation we could use it instead of dup/free.
>
> Where is the code that does the key setup?  I expect it will be obvious after
> I see it, but I don't know my way around that linkage yet.  I'm using the
> default AES-128-CBC.
>
> ---------
>
> I don't think I've said it explicitly, but thanks for the change to the API
> for EVP_MAC_init()
>
> ----------
>
> Should PKEY be a potentially interesting approach for something like this?  I
> think it was suggested months ago.  One advantage is that the code works with
> 1.1.1.
>
> It's horribly slow in 3.0
>
> alpha14:
> 0.777 CMAC
> 7.533 PKEY
> 3.323 PKEY preload
> 0.392 EVP_MAC
> 0.308 EVP_MAC Preload with dup+free
> 0.102 EVP_MAC Preload (no dup, wrong answer)
>
> 1.1.1k:
> 0.285 CMAC
> 0.550 PKEY
> 0.196 PKEY preload
>
>
>
> --
> These are my opinions.  I hate spam.
>
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 12 Apr 2021 15:05:37 +0200
> From: Tomas Mraz <tomas at openssl.org>
> To: Hal Murray <hmurray at megapathdsl.net>, Dr Paul Dale
>         <pauli at openssl.org>
> Cc: openssl-users at openssl.org
> Subject: Re: EVP_MAC_init() in 3.0 alpha 13
> Message-ID:
>         <348b006ceb83fd4301438cbb0c57b473a4f4ef23.camel at openssl.org>
> Content-Type: text/plain; charset="UTF-8"
>
> On Mon, 2021-04-12 at 05:48 -0700, Hal Murray wrote:
> > > Did you attempt to pass NULL for the key and zero for it's length
> > > to the
> > > EVP_MAC_init() call?
> >
> > Yes.
> >
> > We can do better.  If we have to use dup/free, we can move the
> > EVP_MAC_init()
> > to before the dup, out of the timing path.
> >
> > My model is that initialization is 2 parts.  The first is turning the
> > key into
> > a big table.  The second is initializing a small amount of state that
> > is
> > whatever is needed/updated by EVP_MAC_update().
> >
> > I was hoping that EVP_MAC_init() with NULL key would bypass the first
> > step and
> > do the second.
>
> We would have to introduce the special semantics similar to
> EVP_CipherInit() with EVP_MAC_init(). I.e., that the EVP_CipherInit()
> with NULL key keeps the key schedule from the previous initialization.
>
> > If the second step involves a lot of computation we get into the
> > space/time
> > tradeoff of computing it during step one and saving it in case
> > EVP_MAC_init is
> > called with NULL key.
> >
> > If there was a copy operation we could use it instead of dup/free.
>
> I do not think we want to introduce the copy operation. We are trying
> to get out of the copy() pattern as it is much harder to handle
> correctly than the dup().
>
> > Where is the code that does the key setup?  I expect it will be
> > obvious after
> > I see it, but I don't know my way around that linkage yet.  I'm using
> > the
> > default AES-128-CBC.
> >
> > ---------
> >
> > I don't think I've said it explicitly, but thanks for the change to
> > the API
> > for EVP_MAC_init()
> >
> > ----------
> >
> > Should PKEY be a potentially interesting approach for something like
> > this?  I
> > think it was suggested months ago.  One advantage is that the code
> > works with
> > 1.1.1.
> >
> > It's horribly slow in 3.0
> >
> > alpha14:
> > 0.777 CMAC
> > 7.533 PKEY
> > 3.323 PKEY preload
> > 0.392 EVP_MAC
> > 0.308 EVP_MAC Preload with dup+free
> > 0.102 EVP_MAC Preload (no dup, wrong answer)
> >
> > 1.1.1k:
> > 0.285 CMAC
> > 0.550 PKEY
> > 0.196 PKEY preload
> >
> >
> >
> --
> Tom?? Mr?z
> No matter how far down the wrong road you've gone, turn back.
>                                               Turkish proverb
> [You'll know whether the road is wrong if you carefully listen to your
> conscience.]
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 12 Apr 2021 10:32:32 -0600
> From: Shariful Alam <dipto181 at gmail.com>
> To: Dr Paul Dale <pauli at openssl.org>
> Cc: openssl-users at openssl.org
> Subject: Re: error: redefinition of ?struct rsa_meth_st?
> Message-ID:
>         <CAA0KgGo3P96yHk8JZGT=c1oxqqHiqkntDPF406VFqecdj_HdEg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Dr. Pauli,
> Goodmorning. Thank you for replying. I found the documentation a bit
> difficult for me to understand. I was wondering if you can direct me to a
> sample skeleton code for creating a custom RSA engine.
>
> Regards,
> Shariful Alam
>
> On Sun, Apr 11, 2021 at 6:00 PM Dr Paul Dale <pauli at openssl.org> wrote:
>
> > You shouldn't be accessing the internal of a private structure.  That
> > structure was made private for a reason and duplicating it in your engine
> > will break when we change the structure's contents.
> >
> > Your engine should be using the EVP_PKEY_meth_set_* function to do what
> > you want (for 1.1.1).  For 3.0, you should be writing a provider instead.
> >
> >
> > Pauli
> >
> > On 12/4/21 5:04 am, Shariful Alam wrote:
> >
> > Hello,
> > Hope you guys are doing well. I'm trying to develop an RSA engine. My
> > engine was somewhat working until I try to integrate my engine with an
> > apache httpd server. After installing the httpd from the source code, it
> > turns out that, I can't compile my engine anymore. I get the
> > following error while I try to compile (it was compiling before and I did
> > not make any changes to my engine code).
> >
> > ==============================
> >
> > *$gcc -fPIC -c r_engine.c*
> >
> >
> >
> >
> >
> >
> > *r_engine.c:29:8: error: redefinition of ?struct rsa_meth_st?  struct
> > rsa_meth_st {         ^ In file included from
> > /usr/include/openssl/crypto.h:131:0,                  from r_engine.c:7:
> > /usr/include/openssl/ossl_typ.h:147:16: note: originally defined here
> >  typedef struct rsa_meth_st RSA_METHOD;*
> >
> > =============================
> >
> > and my *struct rsa_meth_st *looks like the following,
> >
> >
> > ================================================================================
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > *struct rsa_meth_st {     const char *name;     int (*rsa_pub_enc) (int
> > flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
> >     int (*rsa_pub_dec) (int flen, const unsigned char *from, unsigned char
> > *to, RSA *rsa, int padding);     int (*rsa_priv_enc) (int flen, const
> > unsigned char *from, unsigned char *to, RSA *rsa, int padding);     int
> > (*rsa_priv_dec) (int flen, const unsigned char *from, unsigned char *to,
> > RSA *rsa, int padding);     int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM
> > *I, RSA *rsa, BN_CTX *ctx);     int (*bn_mod_exp) (BIGNUM *r, const BIGNUM
> > *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
> > int (*init) (RSA *rsa);     int (*finish) (RSA *rsa);     int flags;
> > char *app_data;     int (*rsa_sign) (int type, const unsigned char *m,
> > unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const
> > RSA *rsa);     int (*rsa_verify) (int dtype, const unsigned char *m,
> > unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen,
> > const RSA *rsa);     int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e,
> > BN_GENCB *cb); }; *
> >
> >
> > =================================================================================
> >
> > My sample skeleton code is here
> https://clicktime.symantec.com/33X17gA39DAZvzaTx4AG8ej6H2?u=https%3A%2F%2Fpastebin.com%2FuNXYknEA
> >
> > Can anyone please tell me what I'm I doing wrong?
> >
> > Regards,
> > Shariful Alam
> >
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://clicktime.symantec.com/3swRYpsU9KK78WoSiSrAfr6H2?u=https%3A%2F%2Fmta.openssl.org%2Fpipermail%2Fopenssl-users%2Fattachments%2F20210412%2F3eab5997%2Fattachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Mon, 12 Apr 2021 18:34:51 +0200
> From: Richard Levitte <levitte at openssl.org>
> To: "openssl-users at openssl.org" <openssl-users at openssl.org>
> Subject: Re: PEM_read_bio_RSAPublicKey equivalent API which returns
>         EVP_PKEY
> Message-ID: <87h7kba2c4.wl-levitte at openssl.org>
> Content-Type: text/plain; charset=US-ASCII
>
> On Mon, 12 Apr 2021 06:24:32 +0200,
> Paramashivaiah, Sunil wrote:
> >
> > But, I couldn't find equivallent API to replace "PEM_read_bio_RSAPublicKey" to get
> EVP_PKEY for
> > creating EVP ctx(EVP_PKEY_CTX_new) to use in "EVP_PKEY_encrypt" and
> "EVP_PKEY_decrypt".
>
> I believe that one of these functions would help you:
>
> EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
>
> EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx,
>                                          EVP_PKEY *pkey, const char *propquery);
>
> Cheers,
> Richard
>
> --
> Richard Levitte         levitte at openssl.org
> OpenSSL Project
> https://clicktime.symantec.com/3Mg1WCF9H66r4CYkJ5HJcfU6H2?u=http%3A%2F%2Fwww.openssl.org%2F~levitte%2F
>
>
> ------------------------------
>
> Message: 5
> Date: Mon, 12 Apr 2021 17:42:20 +0100
> From: Matt Caswell <matt at openssl.org>
> To: openssl-users at openssl.org
> Subject: Re: error: redefinition of ?struct rsa_meth_st?
> Message-ID: <f1a6c492-58f3-b35e-4f8b-186df020e080 at openssl.org>
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> You can look at the dummy async engine which wraps the standard RSA
> functions inside an engine (as well as various other crypto primitives).
> You can see it here:
>
> https://clicktime.symantec.com/36mWBLRZPoyFNTFYDsD2yZ26H2?u=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Fblob%2FOpenSSL_1_1_1-stable%2Fengines%2Fe_dasync.c
>
> Matt
>
> On 12/04/2021 17:32, Shariful Alam wrote:
> > Dr. Pauli,
> > Goodmorning. Thank you for replying. I found the documentation a bit
> > difficult for me to understand. I was wondering if you can direct me to
> > a sample skeleton code for creating a custom RSA engine.
> >
> > Regards,
> > Shariful Alam
> >
> > On Sun, Apr 11, 2021 at 6:00 PM Dr Paul Dale <pauli at openssl.org
> > <mailto:pauli at openssl.org>> wrote:
> >
> >     You shouldn't be accessing the internal of a private structure. That
> >     structure was made private for a reason and duplicating it in your
> >     engine will break when we change the structure's contents.
> >
> >     Your engine should be using the EVP_PKEY_meth_set_* function to do
> >     what you want (for 1.1.1).? For 3.0, you should be writing a
> >     provider instead.
> >
> >
> >     Pauli
> >
> >     On 12/4/21 5:04 am, Shariful Alam wrote:
> >>     Hello,
> >>     Hope you guys are doing well. I'm trying to develop an RSA engine.
> >>     My engine was somewhat working until?I try to integrate my engine
> >>     with an apache httpd server. After installing the httpd from the
> >>     source code, it turns out that, I can't compile my engine anymore.
> >>     I get the following?error while I try to compile (it was compiling
> >>     before and I did not make any changes to my engine code).
> >>
> >>     ==============================
> >>
> >>     *$gcc -fPIC -c r_engine.c*
> >>     *r_engine.c:29:8: error: redefinition of ?struct rsa_meth_st?
> >>     ?struct rsa_meth_st {
> >>     ? ? ? ? ^
> >>     In file included from /usr/include/openssl/crypto.h:131:0,
> >>     ? ? ? ? ? ? ? ? ?from r_engine.c:7:
> >>     /usr/include/openssl/ossl_typ.h:147:16: note: originally defined here
> >>     ?typedef struct rsa_meth_st RSA_METHOD;*
> >>
> >>     =============================
> >>
> >>     and my *struct rsa_meth_st *looks like the following,
> >>
> >>
> ================================================================================
> >>
> >>     *struct rsa_meth_st {
> >>
> >>     ? ? const char *name;
> >>     ? ? int (*rsa_pub_enc) (int flen, const unsigned char *from,
> >>     unsigned char *to, RSA *rsa, int padding);
> >>     ? ? int (*rsa_pub_dec) (int flen, const unsigned char *from,
> >>     unsigned char *to, RSA *rsa, int padding);
> >>     ? ? int (*rsa_priv_enc) (int flen, const unsigned char *from,
> >>     unsigned char *to, RSA *rsa, int padding);
> >>     ? ? int (*rsa_priv_dec) (int flen, const unsigned char *from,
> >>     unsigned char *to, RSA *rsa, int padding);
> >>
> >>     ? ? int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
> >>     BN_CTX *ctx);
> >>
> >>     ? ? int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM
> >>     *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
> >>
> >>     ? ? int (*init) (RSA *rsa);
> >>
> >>     ? ? int (*finish) (RSA *rsa);
> >>
> >>     ? ? int flags;
> >>
> >>     ? ? char *app_data;
> >>
> >>     ? ? int (*rsa_sign) (int type, const unsigned char *m, unsigned
> >>     int m_length, unsigned char *sigret, unsigned int *siglen, const
> >>     RSA *rsa);
> >>
> >>     ? ? int (*rsa_verify) (int dtype, const unsigned char *m, unsigned
> >>     int m_length, const unsigned char *sigbuf, unsigned int siglen,
> >>     const RSA *rsa);
> >>
> >>     ? ? int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
> >>
> >>     };
> >>     *
> >>
> >>
> =================================================================================
> >>
> >>     My sample skeleton code is here
> https://clicktime.symantec.com/33X17gA39DAZvzaTx4AG8ej6H2?u=https%3A%2F%2Fpastebin.com%2FuNXYknEA
> >>     <
> https://clicktime.symantec.com/33X17gA39DAZvzaTx4AG8ej6H2?u=https%3A%2F%2Fpastebin.com%2FuNXYknEA
> >
> >>
> >>     Can anyone please tell me what I'm I doing wrong?
> >>
> >>     Regards,
> >>     Shariful Alam
> >
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org
> https://clicktime.symantec.com/37QJxo4UvenQwPJPNZ1QT2K6H2?u=https%3A%2F%2Fmta.openssl.org%2Fmailman%2Flistinfo%2Fopenssl-users
>
>
> ------------------------------
>
> End of openssl-users Digest, Vol 77, Issue 20
> *********************************************
>
> Notice: This e-mail together with any attachments may contain information of Ribbon
> Communications Inc. and its Affiliates that is confidential and/or proprietary for the
> sole use of the intended recipient. Any review, disclosure, reliance or distribution
> by others or forwarding without express permission is strictly prohibited. If you are
> not the intended recipient, please notify the sender immediately and then delete all
> copies, including any attachments.
- --
Dr Everett (Skip) Carter  0x8176163B
skip at taygeta.com
Taygeta Scientific Inc
607 Charles Ave
Seaside CA 93955
831-641-0645 x103
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCQAdFiEEyBZyWQiIsOIlHndA43NIE4F2FjsFAmB3CjsACgkQ43NIE4F2
FjvGlQwAko3nDOgXdfjQaNN6S5+zQSjJW0K6KPURBDDpw0vzSjdynk0DmsapamV4
BWdAaNkp2JobuNQqJOG67dKvKXkK2Ov1uXfja92mJ93C+h592qJAUMGpOgND2Uux
9o4mkUVGhvOA3P4C9civXtHajZKAkW4atqRhT/2lv6QLYPX0w6aSNUqPDYfWDKXN
qK1mI+zvz1v6NBoLAbtNbdsHk8maELsfhnfKFwJhRfDjFD1yCXQvvXxzPLn2NKld
Wu7jSz6txs27I8V75F1915mymmscn+lm6cssjSPkNYZVqETOVXZbBPTNeVFw+/em
rPFCuy7RDZbFgjfEOY9FnDuJVo5qH53e8xAyRVdMP09gb6r5Med4a/qYXJBTYcth
s7SeCgfNW1Kv8zaqDehqLrsYAlX4A9swUa0beQGVZWcazEbJb+YvTa+wv2yhVUwo
7TcX8fZ7sJuIvZHL0cY/24BxuF59MbQmxXSp1x6ZWSrLsQE9cqf4DIE/7pAIZACL
zRvFjYnZ
=g8q8
-----END PGP SIGNATURE-----


Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210415/037e3b97/attachment-0001.html>


More information about the openssl-users mailing list