Updating OpenSSL for Pharo

06 Jun 2020

Pharo is transitioning from OpenSSL 1.0.x to OpenSSL 1.1.1. There are C API changes between the two OpenSSL versions that break many tests, basic things like XXX_create() becoming XXX_new(), XXX_init() becoming XXX_reset() etc. As such, I've created the branches openssl_1_0 and openssl_1_1 to match the versions used by Pharo.

To load, for OpenSSL 1.0.x:

Metacello new
  baseline: 'OpenSSL';
  repository: 'github://PierceNg/OpenSSL-Pharo:openssl_1_0/src-st';

To load, for OpenSSL 1.1.x:

Metacello new
  baseline: 'OpenSSL';
  repository: 'github://PierceNg/OpenSSL-Pharo:openssl_1_1/src-st';
Tags: cryptography, OpenSSL, security


18 Mar 2018

I've just added RIPEMD160 to the EVP interface in OpenSSL-Pharo. This post serves as a HOWTO.

OpenSSL's C interface defines RIPEMD160 thusly:

const EVP_MD *EVP_ripemd160(void);

Create LcLibCrypto>>apiEvpRIPEMD160 for it:

  ^ self ffiCall: #(EVP_MD* EVP_ripemd160 ())
    module: self library

Next, create LcEvpRIPEMD160 as a subclass of LcEvpMessageDigest:

LcEvpMessageDigest subclass: #LcEvpRIPEMD160
  instanceVariableNames: ''
  classVariableNames: ''
  package: 'OpenSSL-EVP'

  super initialize.
  handle := LcLibCrypto current apiEvpRIPEMD160.
  self errorIfNull: handle

Add class-side accessors:

LcEvpRIPEMD160 class>>blocksize
  ^ 64

LcEvpRIPEMD160 class>>hashsize
  ^ 20

And that's it! Using the test vectors from the RIPEMD160 home page and RFC 2286, the unit tests verify that we can now use RIPEMD160 for hashing and HMAC from within Pharo:

  | msg result |

  msg := ''.
  result := ByteArray readHexFrom: '9c1185a5c5e9fc54612808977ee8f548b2258d31' readStream.
  self assert: (md hashMessage: msg) equals: result

  | msg result expectedResult |

  msg := 'Hi There'.
  key := ByteArray readHexFrom: '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b' readStream.
  expectedResult := ByteArray readHexFrom: '24cb4bd67d20fc1a5d2ed7732dcc39377f0a5668' readStream.
  result := (HMAC on: LcEvpRIPEMD160)
    key: key;
    digestMessage: msg asByteArray.
  self assert: result equals: expectedResult
Tags: cryptography, OpenSSL, security

OpenSSL for Pharo on Github

21 Dec 2017

I've migrated OpenSSL-Pharo to Github.

Metacello new
  baseline: 'OpenSSL';
  repository: 'github://PierceNg/OpenSSL-Pharo:master/src-st';
Tags: cryptography, OpenSSL, security

OpenSSL for Pharo on Windows

20 Dec 2017

OpenSSL-Pharo now works on Windows. Tested on Windows 10 with a fresh 32-bit Pharo 6.1 zip package downloaded from pharo.org. On Windows this library uses libeay.dll which is bundled with the Pharo VM.

Metacello new
  baseline: 'OpenSSL';
  smalltalkhubUser: 'PierceNg' project: 'OpenSSL-Pharo';
Tags: cryptography, OpenSSL, security

Creating an X.509 certificate request

06 Dec 2017

From within Pharo:

| rsa |
rsa := LcRSA generateKey: 2048.
LcX509Request new
  setSubject: 'www.samadhiweb.com';
  setPublicKey: (LcEvpPublicKey setRSA: rsa);

The output is an X.509 certificate request, suitable for Let's Encrypt:

Tags: cryptography, OpenSSL

OpenSSL wrapper for Pharo

29 Oct 2017

I've put up the beginnings of a wrapper for OpenSSL on STH:

Metacello new
  baseline: 'OpenSSL';
  smalltalkhubUser: 'PierceNg' project: 'OpenSSL-Pharo';

Verified on Pharo 6 32- and 64-bit.

My near term goal is to wrap enough libcrypto functionality to implement the client-side of Let's Encrypt.

I meant to put it up on GH, for the ease of forking and PRs, but I couldn't get Iceberg to work, and gitfiletree also failed to load, so STH it is for now.

Collaboration welcome.

Tags: cryptography, OpenSSL, security