[openssl-dev] Feature discussion - Zero-knowledge-proofs

[Ábrahám Endre]

I know, I know, zero knowledge proofs are not crypto. But:
We live in the post-snowden era. Providers and centralized hosting services
are becomming a larger threat than man-in-the-middle attacks. People
(including me) are loosing their trust in cryptography that's only meant to
protect sensitive data between the communicating nodes in transit, not on
the nodes themselves.

OpenSSL's philosophy is to bring primitives for algorithms that provide
software-level privacy and otherwise require expertise/academic knowledge.
Zero-knowledge technologies will (and already started to) get reputation
and currently is in the premature state that cryptography was before
OpenSSL. No low-level primitives, no high level "standard" API-s.

I'm a researcher of zero-knowledge proofs and would be happy to contribute
into openssl introducing this kind of privacy-protecting technology that in
my opinion is not that far from cryptography or OpenSSL concept.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Openssl 1.0.2 snapshot bug

[Salz, Rich]

Fixed now.

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Openssl 1.0.2 snapshot bug

[Richard Levitte]

Yup, we have a fix coming up:

https://github.com/openssl/openssl/pull/2713

In message <20170223125425.ga77...@doctor.nl2k.ab.ca> on Thu, 23 Feb 2017 
05:54:25 -0700, The Doctor <doc...@doctor.nl2k.ab.ca> said:

doctor> 
doctor> Script started on Thu Feb 23 05:41:55 2017
doctor> You have mail.
doctor> root@doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170223 # 
makeless /usr/contrib/b in/configopenssl
doctor> 
doctor> [?1h=
doctor> #!/usr/local/bin/bash
doctor> CC=/usr/local/bin/clang39  ./Configure --prefix=/usr/ BSD-x86_64 fips 
enable-gmp  experimental-jpake enable-rfc3779 enable-shared zlib-dynamic 
disable-sctp exper imental-store enable-ssl-trace enable-unit-test; make depend
doctor> /usr/contrib/bin/configopenssl (END)
doctor> [?1l>root@doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170223 # 
make
doctor> 
doctor> making all in crypto...
doctor> making all in crypto/objects...
doctor> making all in crypto/md4...
doctor> making all in crypto/md5...
doctor> making all in crypto/sha...
doctor> making all in crypto/mdc2...
doctor> making all in crypto/hmac...
doctor> making all in crypto/ripemd...
doctor> making all in crypto/whrlpool...
doctor> making all in crypto/des...
doctor> making all in crypto/aes...
doctor> making all in crypto/rc2...
doctor> making all in crypto/rc4...
doctor> making all in crypto/idea...
doctor> making all in crypto/bf...
doctor> making all in crypto/cast...
doctor> making all in crypto/camellia...
doctor> making all in crypto/seed...
doctor> making all in crypto/modes...
doctor> making all in crypto/bn...
doctor> making all in crypto/ec...
doctor> making all in crypto/rsa...
doctor> making all in crypto/dsa...
doctor> making all in crypto/ecdsa...
doctor> making all in crypto/dh...
doctor> making all in crypto/ecdh...
doctor> making all in crypto/dso...
doctor> making all in crypto/engine...
doctor> making all in crypto/buffer...
doctor> making all in crypto/bio...
doctor> making all in crypto/stack...
doctor> making all in crypto/lhash...
doctor> making all in crypto/rand...
doctor> making all in crypto/err...
doctor> making all in crypto/evp...
doctor> making all in crypto/asn1...
doctor> making all in crypto/pem...
doctor> making all in crypto/x509...
doctor> making all in crypto/x509v3...
doctor> making all in crypto/conf...
doctor> making all in crypto/txt_db...
doctor> making all in crypto/pkcs7...
doctor> making all in crypto/pkcs12...
doctor> making all in crypto/comp...
doctor> making all in crypto/ocsp...
doctor> making all in crypto/ui...
doctor> making all in crypto/krb5...
doctor> making all in crypto/cms...
doctor> making all in crypto/pqueue...
doctor> making all in crypto/ts...
doctor> making all in crypto/jpake...
doctor> making all in crypto/srp...
doctor> making all in crypto/store...
doctor> making all in crypto/cmac...
doctor> if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then  (cd ..; make 
libcrypto.so.1.0.0);  fi
doctor> [ -z "libcrypto" ] || /usr/local/bin/clang39 -fPIC -DOPENSSL_PIC 
-DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT 
-DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O3 -Wall -DOPENSSL_EXPERIMENTAL_JPAKE 
-DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include 
-DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM 
-DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -Iinclude  
-DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso   
/usr/local/ssl/fips-2.0/lib/fips_premain.c 
/usr/local/ssl/fips-2.0/lib/fipscanister.o  libcrypto.a 
doctor> libcrypto.a(ec_asn1.o): In function `EC_GROUP_get_basis_type':
doctor> ec_asn1.c:(.text+0x37): undefined reference to `OSSL_NELEM'
doctor> ec_asn1.c:(.text+0x64): undefined reference to `OSSL_NELEM'
doctor> libcrypto.a(ec_asn1.o): In function `ec_asn1_group2pkparameters':
doctor> ec_asn1.c:(.text+0x116b): undefined reference to `OSSL_NELEM'
doctor> ec_asn1.c:(.text+0x118d): undefined reference to `OSSL_NELEM'
doctor> clang-3.9: error: linker command failed with exit code 1 (use -v to see 
invocation)
doctor> *** Error code 1
doctor> 
doctor> Stop.
doctor> make[2]: stopped in /usr/source/openssl-1.0.2-stable-SNAP-20170223
doctor> *** Error code 1
doctor> 
doctor> Stop.
doctor> make[1]: stopped in 
/usr/source/openssl-1.0.2-stable-SNAP-20170223/crypto
doctor> *** Error code 1
doctor> 
doctor> Stop.
doctor> make: stopped in /usr/source/openssl-1.0.2-stable-SNAP-20170223
doctor> root@doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170223 # exit
doctor> 
doctor> exit
doctor> 
doctor> Script done on Thu Feb 23 05:4

Re: [openssl-dev] Integrate EVP Cipher into OpenSSL cli Speed Test

[Short, Todd]

Look at some of the changes to pull in Poly1305 and SipHash in to EVP:

https://github.com/openssl/openssl/commit/52ad5b60e3a1fef12a1a5ea01527a90b8f92a34b
https://github.com/openssl/openssl/commit/3f5616d734a92fdf99ab827f21e5b6cab85e7194

--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea, three if by the Internet."

On Feb 22, 2017, at 11:00 PM, Schmicker, Robert 
> wrote:


Hello,

I successfully managed to integrate an encryption cipher into the EVP and has 
been
tested to work and now I'd like to get some speed tests of the cipher using 
openssl's
integrated speed test via the command line with the "-evp" flag.

What I've done so far to try and integrate it into openssl's speed test

1) Confirmed EVP_mycipher() works

2) Noticed ./apps/speed.c was calling:
 case OPT_EVP:
 evp_cipher = EVP_get_cipherbyname(opt_arg());

3) Then modified ./crypto/objects/objects.txt to include the necessary defines
 # Mycipher
   : MYCIPHER : mycipher

4) Edited crypto/evp/c_allc.c to include my cipher in the loading of all ciphers

EVP_add_cipher(EVP_mycipher());
EVP_add_cipher_alias(SN_mycipher, "mycipher");

5) Ran a make update then make and saw all necessary defines were generated

However, the speed test cannot find my cipher because EVP_get_cipherbyname()
returns NULL.

Am I missing a step here or did I mis-configure something?

It seems as if there's something to edit to tie the NID/SN/LN_mycipher to the 
algorithm.

Any help is much appreciated!

Rob Schmicker


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Openssl 1.0.2 snapshot bug

[Matt Caswell]

On 23/02/17 12:54, The Doctor wrote:
> Please fix!
> 

This fix is already on the way:

https://github.com/openssl/openssl/pull/2713

Matt
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Openssl 1.0.2 snapshot bug

[The Doctor]

Script started on Thu Feb 23 05:41:55 2017
You have mail.
root@doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170223 # 
makeless /usr/contrib/b in/configopenssl

[?1h=
#!/usr/local/bin/bash
CC=/usr/local/bin/clang39  ./Configure --prefix=/usr/ BSD-x86_64 fips 
enable-gmp  experimental-jpake enable-rfc3779 enable-shared zlib-dynamic 
disable-sctp exper imental-store enable-ssl-trace enable-unit-test; make depend
/usr/contrib/bin/configopenssl (END)
[?1l>root@doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170223 # make

making all in crypto...
making all in crypto/objects...
making all in crypto/md4...
making all in crypto/md5...
making all in crypto/sha...
making all in crypto/mdc2...
making all in crypto/hmac...
making all in crypto/ripemd...
making all in crypto/whrlpool...
making all in crypto/des...
making all in crypto/aes...
making all in crypto/rc2...
making all in crypto/rc4...
making all in crypto/idea...
making all in crypto/bf...
making all in crypto/cast...
making all in crypto/camellia...
making all in crypto/seed...
making all in crypto/modes...
making all in crypto/bn...
making all in crypto/ec...
making all in crypto/rsa...
making all in crypto/dsa...
making all in crypto/ecdsa...
making all in crypto/dh...
making all in crypto/ecdh...
making all in crypto/dso...
making all in crypto/engine...
making all in crypto/buffer...
making all in crypto/bio...
making all in crypto/stack...
making all in crypto/lhash...
making all in crypto/rand...
making all in crypto/err...
making all in crypto/evp...
making all in crypto/asn1...
making all in crypto/pem...
making all in crypto/x509...
making all in crypto/x509v3...
making all in crypto/conf...
making all in crypto/txt_db...
making all in crypto/pkcs7...
making all in crypto/pkcs12...
making all in crypto/comp...
making all in crypto/ocsp...
making all in crypto/ui...
making all in crypto/krb5...
making all in crypto/cms...
making all in crypto/pqueue...
making all in crypto/ts...
making all in crypto/jpake...
making all in crypto/srp...
making all in crypto/store...
making all in crypto/cmac...
if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then  (cd ..; make 
libcrypto.so.1.0.0);  fi
[ -z "libcrypto" ] || /usr/local/bin/clang39 -fPIC -DOPENSSL_PIC -DZLIB_SHARED 
-DZLIB -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -DL_ENDIAN -O3 -Wall -DOPENSSL_EXPERIMENTAL_JPAKE 
-DOPENSSL_EXPERIMENTAL_STORE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include 
-DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM 
-DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -Iinclude  
-DFINGERPRINT_PREMAIN_DSO_LOAD -o fips_premain_dso   
/usr/local/ssl/fips-2.0/lib/fips_premain.c 
/usr/local/ssl/fips-2.0/lib/fipscanister.o  libcrypto.a 
libcrypto.a(ec_asn1.o): In function `EC_GROUP_get_basis_type':
ec_asn1.c:(.text+0x37): undefined reference to `OSSL_NELEM'
ec_asn1.c:(.text+0x64): undefined reference to `OSSL_NELEM'
libcrypto.a(ec_asn1.o): In function `ec_asn1_group2pkparameters':
ec_asn1.c:(.text+0x116b): undefined reference to `OSSL_NELEM'
ec_asn1.c:(.text+0x118d): undefined reference to `OSSL_NELEM'
clang-3.9: error: linker command failed with exit code 1 (use -v to see 
invocation)
*** Error code 1

Stop.
make[2]: stopped in /usr/source/openssl-1.0.2-stable-SNAP-20170223
*** Error code 1

Stop.
make[1]: stopped in /usr/source/openssl-1.0.2-stable-SNAP-20170223/crypto
*** Error code 1

Stop.
make: stopped in /usr/source/openssl-1.0.2-stable-SNAP-20170223
root@doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170223 # exit

exit

Script done on Thu Feb 23 05:42:27 2017

Please fix!

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
God is dead! Yahweh lives! Jesus his only begotten Son is the Risen Saviour!!
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev