[openssl-dev] [openssl.org #4590] accessors without const return arguments

[Richard Levitte via RT]

On Fri Jul 22 14:09:12 2016, steve wrote:
> On Sat Jun 25 22:09:59 2016, open...@roumenpetrov.info wrote:
> >
> > Above is reason the request to remove const from return argument of
> > get0
> > methods.
> >
>
> We had a discussion about this and the preference was to have get
> methods
> retain const for various reasons.
>
> Instead the DSA_SIG/ECDSA_SIG structures now no longer pre-allocate
> r/s so they
> aren't immediately freed when you set them.
>
> > The issue is not only for ECDSA but also for DSA_SIG and RSA, DSA, DH
> > keys where situation is similar.
> >
>
> Do you have some examples of how this affects other structures? For
> RSA/DSA/DH
> keys the fields are NULL initially unless I've missed something.

Can this ticket be closed?

--
Richard Levitte
levi...@openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4590
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] DRBG entropy

[John Denker]

On 08/01/2016 02:17 AM, Leon Brits wrote:

> Am I correct to state that for a tested entropy source of 2b/B and
> the same assumptions as in the paragraph, I need to return 8 blocks
> of 16B each in my get_entropy() callback?

No, that is not correct, for the reasons previously explained.

> Again assume it is uniform (e.g. we don't get 8 bits of entropy in byte 1 and 
> nothing in the next 7).

That assumption is invalid, if we believe the LRS test.
Quoting from LRS.py:

>> # Length of the Longest Repeated Substring Test - Section 5.2.5
>> # This test checks the IID assumption using the length of the longest 
>> repeated
>> # substring. If this length is significantly longer than the expected value,
>> # then the test invalidates the IID assumption.

Accumulating 8 or more blocks might make sense if the data were IID,
but it isn't.  Either that or the LRS test itself is broken, which
is a possibility that cannot be ruled out.  By way of analogy, note
that the p(max) reported by the Markov test is clearly impossible
and inconsistent with the reported min-entropy.

Suggestion:  Modify LRS.py to print (in hex) the longest repeated
substring.  Then verify by hand that the string really does recur
in the data.
 -- If it doesn't, then the test is broken.
 -- If it does, then either the chip is broken or you're using it wrong.

Remind your boss that the whole point of the certification process is to
make sure that broken hardware doesn't get certified.

Also:
 *) Please stop using "entropy" as a synonym for randomness.  Some things
  have very little entropy but are still random enough for a wide range
  of purposes.  Meanwhile other things have large entropy but are not
  random enough.
 *) Please stop using "entropy" as a synonym for "min-entropy".  The
  latter is a two-word idiomatic expression.  A titmouse is not a mouse.
  Buckwheat is not a form of wheat.  The Holy Roman Empire was neither
  holy, nor Roman, nor an empire.

Just because openssl is sloppy about this doesn't make it OK.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4572] SSL_set_bio and friends

[Matt Caswell via RT]

On 30/07/16 23:45, David Benjamin via RT wrote:
>  It is a behavior change, but
> one I'm sure will break no one.

Unfortunately I don't share your optimism that it won't break any one :-(

Matt


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4572
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to overlapping regions check

[Michel via RT]

Hi David,
After checking you are obviously right.
Contrary to my belief, my internal buffer was always larger than the longest
line I read.
:-(
Sorry for the noise, but thanks David for the explanations.
It helps me to fix my software (even if I will keep some spare bytes for
some time)
;-(
 


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] DRBG entropy

[Leon Brits]

Kurt,

> -Original Message-
> From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
> Kurt Roeckx
> Sent: 30 July 2016 12:19 AM
> To: openssl-dev@openssl.org
> Subject: Re: [openssl-dev] DRBG entropy

> Have you tried running NIST's software
> (https://github.com/usnistgov/SP800-90B_EntropyAssessment)
> yourself?  Can you run it in verbose mode and give the results of all the
> tests it ran?

Yes, this is the test that indicated an entropy of 2b/B. I ran the test on 1M 
and 4M and the result was 2.19 and 2.35 respectively. The 4MB file test output 
is appended below.
Now in the OpenSSL UG2.0 section 6.1.1 a paragraph states:
"Now suppose we have a low grade entropy source which provides just 1 bit of 
entropy per byte. Again assume it is uniform (e.g. we don't get 8 bits of 
entropy in byte 1 and nothing in the next 7). Again let's have a block size of 
16 bytes. This time to get 256 bits of entropy the source must provide it in a 
256 byte buffer. An extra block is required which makes 272 bytes but because 
we only have 1 bit of entropy per byte it just needs to supply 272 bits of 
entropy."

Am I correct to state that for a tested entropy source of 2b/B and the same 
assumptions as in the paragraph, I need to return 8 blocks of 16B each in my 
get_entropy() callback?

Thanks
LJB

**
Read in file randomness.bin, 4194304 bytes long.
Dataset: 4194304 8-bit symbols, 256 symbols in alphabet.
Output symbol values: min = 0, max = 255

Running entropic statistic estimates:
- Most Common Value Estimate: p(max) = 0.00411016, min-entropy = 7.92659
- Collision Estimate: p(max) = 0.00873199, min-entropy = 6.83947
- Markov Estimate (map 6 bits): p(max) = 9.71537e-228, min-entropy = 5.89156
- Compression Estimate: p(max) = 0.00743246, min-entropy = 7.07194
- t-Tuple Estimate: p(max) = 0.00495551, min-entropy = 7.65675
- LRS Estimate: p(max) = 0.155747, min-entropy = 2.68272

Running predictor estimates:
Computing MultiMCW Prediction Estimate: 99 percent complete
Pglobal: 0.003997
Plocal: 0.001358
MultiMCW Prediction Estimate: p(max) = 0.00399729, min-entropy = 7.96676

Computing Lag Prediction Estimate: 99 percent complete
Pglobal: 0.004009
Plocal: 0.001358
Lag Prediction Estimate: p(max) = 0.00400879, min-entropy = 7.96262

Computing MultiMMC Prediction Estimate: 99 percent complete
Pglobal: 0.004934
Plocal: 0.195448
MultiMMC Prediction Estimate: p(max) = 0.195448, min-entropy = 2.35514

Computing LZ78Y Prediction Estimate: 99 percent complete
Pglobal: 0.004034
Plocal: 0.195448
LZ78Y Prediction Estimate: p(max) = 0.195448, min-entropy = 2.35514
---
min-entropy = 2.35514



-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to overlapping regions check

[Michel]

Hi David,
After checking you are obviously right.
Contrary to my belief, my internal buffer was always larger than the longest
line I read.
:-(
Sorry for the noise, but thanks David for the explanations.
It helps me to fix my software (even if I will keep some spare bytes for
some time)
;-(
 

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4638] Fwd: Missing const EC_KEY *EC_KEY_dup(EC_KEY *src);

[Matt Caswell via RT]

Fix for this was merged as 4a9a0d9bcb. Closing.

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4638
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4584] Self test failures under X32

[Matt Caswell via RT]

On Mon Jul 25 08:49:27 2016, matt wrote:
> Ping Jeff?

Ping again?

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4584
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4584] Self test failures under X32

[Richard Levitte via RT]

On Mon Aug 01 16:50:21 2016, matt wrote:
> On Mon Jul 25 08:49:27 2016, matt wrote:
> > Ping Jeff?
> 
> Ping again?
> 
> Matt

It's worth mentioning that time is getting short, next beta in a few days, 
final in 3 weeks. 

-- 
Richard Levitte
levi...@openssl.org
-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4584
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4572] SSL_set_bio and friends

[Matt Caswell via RT]

Closing this ticket.

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4572
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4590] accessors without const return arguments

[Stephen Henson via RT]

This has addressed the original issue. If there are any cases for DH/DSA/RSA
you feel need addressing please give details in a new ticket.

Steve.;
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4590
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4637] Fwd: Missing accessor - DSA key length

[Stephen Henson via RT]

Added now, thanks for the report.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4637
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4639] Missing const and docs X509_get_notBefore, X509_get_notAfter

[Stephen Henson via RT]

Added documentation now and constified a few more cases.

Thanks for the report.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4639
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4584] Self test failures under X32

[noloa...@gmail.com via RT]

On Tue, Jul 19, 2016 at 10:01 AM, Matt Caswell  wrote:
>
>
> On 19/07/16 14:41, Richard Levitte via RT wrote:
>> Hi Jeff,
>>
>> I'm going to assume that a newer checkout of the master branch won't change
>> much, so if you please, try this command and send mack the result:
>
> Who is Mack? ;-)
>
>>
>> make test TESTS='test_afalg test_rehash'
>
> Did you mean to include "VERBOSE=1"?
>
> VERBOSE=1 make TESTS='test_afalg test_rehash' test

The tests run as root because its a Debian Chroot, I did not bother
with rehash because it would fail.

Here is the result from afalg:

# VERBOSE=1 make TESTS='test_afalg' test
make depend && make _tests
make[1]: Entering directory '/openssl'
make[1]: Leaving directory '/openssl'
make[1]: Entering directory '/openssl'
( cd test; \
  SRCTOP=../. \
  BLDTOP=../. \
  PERL="perl" \
  EXE_EXT= \
  OPENSSL_ENGINES=.././engines \
perl .././test/run_tests.pl test_afalg )
../test/recipes/30-test_afalg.t ..
1..1
ALG_PERR: afalg_fin_cipher_aio: io_read failed : Bad address
test_afalg_aes_128_cbc() failed encryption
../util/shlib_wrap.sh ./afalgtest => 1
not ok 1 - running afalgtest

#   Failed test 'running afalgtest'
#   at ../test/recipes/30-test_afalg.t line 23.
# Looks like you failed 1 test of 1.
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/1 subtests

Test Summary Report
---
../test/recipes/30-test_afalg.t (Wstat: 256 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
Files=1, Tests=1,  0 wallclock secs ( 0.02 usr  0.01 sys +  0.03 cusr
0.00 csys =  0.06 CPU)
Result: FAIL
Failed 1/1 test programs. 1/1 subtests failed.
Makefile:148: recipe for target '_tests' failed
make[1]: *** [_tests] Error 1
make[1]: Leaving directory '/openssl'
Makefile:146: recipe for target 'tests' failed
make: *** [tests] Error 2


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4584
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev