RE: OpenSSL 1.0.1 and TLSv1.2
Steve, Thanks for the answer. What I meant by TLSv1.1+ was a way to show only TLSv1.1 and TLSv1.2 ciphers in order to get a result as the one below. -bash-3.2$ ./openssl ciphers -v 'ALL' | grep TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256 ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256 AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD What I was looking for was a way to have apache HTTPD propose all TLSv1.2 ciphers and then other ciphers (like RC4 and HIGH) without having to explicitly name the TLSv1.2 related ciphers in the SSLCipherSuite directive. If I use AESGCM, I still miss 8 out of the 24 available ciphers. Martin -Message d'origine- De : owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] De la part de Dr. Stephen Henson Envoyé : lundi 26 mars 2012 18:25 À : openssl-users@openssl.org Objet : Re: OpenSSL 1.0.1 and TLSv1.2 On Mon, Mar 26, 2012, KUTILEK Martin wrote: Hi, I am doing some testing with openssl 1.0.1 and I am trying to find the proper syntax to display only TLSv1.1+ ciphers. When I look in ./ssl/ssl.h, I see #define SSL_TXT_TLSV1_2 TLSv1.2 but what ever I try, I always get: Error in cipher list error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1164: -bash-3.2$ ./openssl version OpenSSL 1.0.1 14 Mar 2012 -bash-3.2$ ./openssl ciphers -v 'TLSv1.2' Error in cipher list 3086808716:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1164: -bash-3.2$ ./openssl ciphers -v TLSv1.2 Error in cipher list 3086939788:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1164: -bash-3.2$ ./openssl ciphers -v -TLS1.2 Error in cipher list 3086755468:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1312: -bash-3.2$ ./openssl ciphers -v -tls1.2 Error in cipher list 3086632588:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1312: -bash-3.2$ ./openssl ciphers -v -tls1_2 Error in cipher list 3086866060:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1312: Any help would be really appreciated. Currently there isn't an option to do that. What do you mean by only TLSv1.1+ ciphers? There are no ciphersuites that can only be used with TLS v1.1 (i.e. exist in TLS v1.1 but not TLS 1.0 or earlier) and currently only the AES GCM ciphersuites are the ones exclusive to TLS v1.2. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org This message and any files transmitted with it are legally privileged and intended for the sole use of the individual(s) or entity to whom they are addressed. If you are not the intended recipient, please notify the sender by reply and delete the message and any attachments from your system. Any
error LNK2019: unresolved external symbol _AES_cbc_encrypt referenced in function
When I am using AES_ecb_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key, const int enc); then there is no linking error in my code but when i use AES_cbc_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, unsigned char *ivec, const int enc); then it give error unresolved external symbol _AES_cbc_encrypt referenced in function private: static wchar_t const * __cdecl CCrack::tryAES(wchar_t const *) (?tryAES@CCrack@@CAPB_WPB_W@Z) While both function are declare in aes.h header file. I am not understand where is problem both file aes_ecb.c and aes_cbc.c are located in same folder. How solve this linking error Plz Help me. Thanks. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSL error: SSL error code 336151528 (a seemingly rare error/bug?)
While working on postgres driver in Go, I began getting these errors in my postgres logs: SSL error: SSL error code 336151528 I spoke with a postgres team member and they aren't sure exactly where this is coming from. A little more research on my side found someone else getting a very similar error on OS X: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg14704.html Triangulation of the error points to OpenSSL right now. Any thoughts/help would be very much appreciated. I don't have a deep understanding of SSL so I'm not sure I'll be able to find the root of the problem; but will keep looking. -blake __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL error: SSL error code 336151528 (a seemingly rare error/bug?)
Hello, $ echo obase=16;336151528 | bc 140943E8 $ openssl errstr 140943E8 error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000) Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 03/27/2012 01:09:56 AM: Blake Mizerany blake.mizer...@gmail.com Sent by: owner-openssl-us...@openssl.org 03/27/2012 09:24 AM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject SSL error: SSL error code 336151528 (a seemingly rare error/bug?) While working on postgres driver in Go, I began getting these errors in my postgres logs: SSL error: SSL error code 336151528 I spoke with a postgres team member and they aren't sure exactly where this is coming from. A little more research on my side found someone else getting a very similar error on OS X: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg14704.html Triangulation of the error points to OpenSSL right now. Any thoughts/help would be very much appreciated. I don't have a deep understanding of SSL so I'm not sure I'll be able to find the root of the problem; but will keep looking. -blake __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
BIO set cipher
I programming using BIO and I have a question about the BIO_set_cipher parameter. Now,i did my research and I read that BIO_set_cipher() sets the cipher of BIO b to cipher using key key and IV iv. enc should be set to 1 for encryption and zero for decryption. So correct me if im wrong, but all i would have to do to decrpyt something is to change BIO_set_cipher(cipher, EVP_aes_256_ecb(), key, NULL, 1); toBIO_set_cipher(cipher, EVP_aes_256_ecb(), key, NULL, 0); ?
How to do encryption using AES in Openssl
I am trying to write a sample program to do AES encryption using Openssl. I tried going through Openssl documentation( it's a pain), could not figure out much. I went through the code and found the API's using which i wrote a small program as below (please omit the line numbers). I don't see any encryption happening... am i missing something? PS: I don't get any errors upon compilation. 1 #include stdio.h 2 #include openssl/aes.h 3 4 static const unsigned char key[] = { 5 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 6 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 7 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 8 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 9 }; 10 11 void main() 12 { 13 unsigned char text[]=virident; 14 unsigned char out[10]; 15 unsigned char decout[10]; 16 17 AES_KEY wctx; 18 19 AES_set_encrypt_key(key, 128, wctx); 20 AES_encrypt(text, out, wctx); 21 22 printf(encryp data = %s\n, out); 23 24 AES_decrypt(out, decout, wctx); 25 printf( Decrypted o/p: %s \n, decout); 26 27 28 } Please help me to figure this out... -- View this message in context: http://old.nabble.com/How-to-do-encryption-using-AES-in-Openssl-tp33544797p33544797.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
On 3/27/2012 1:33 PM, pkumarn wrote: I am trying to write a sample program to do AES encryption using Openssl. I tried going through Openssl documentation( it's a pain), could not figure out much. I went through the code and found the API's using which i wrote a small program as below (please omit the line numbers). I don't see any encryption happening... am i missing something? Define I don't see any encryption happening. PS: I don't get any errors upon compilation. 1 #includestdio.h 2 #includeopenssl/aes.h 3 4 static const unsigned char key[] = { 5 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 6 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 7 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 8 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 9 }; It's strange to define a 256 bit key and use 128 bits. 10 11 void main() 12 { 13 unsigned char text[]=virident; The input must be equal to the AES block size. 14 unsigned char out[10]; The output must be equal to the AES block size. 15 unsigned char decout[10]; Same here. 16 17 AES_KEY wctx; 18 19 AES_set_encrypt_key(key, 128,wctx); 20 AES_encrypt(text, out,wctx); This is a raw encrypt, which assumes input and output are one AES block. 21 22 printf(encryp data = %s\n, out); The encrypted data is binary, not a printable C string. 23 24 AES_decrypt(out, decout,wctx); 25 printf( Decrypted o/p: %s \n, decout); 26 27 28 } Please help me to figure this out... __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
On Tue, Mar 27, 2012, pkumarn wrote: I am trying to write a sample program to do AES encryption using Openssl. I tried going through Openssl documentation( it's a pain), could not figure out much. I went through the code and found the API's using which i wrote a small program as below (please omit the line numbers). I don't see any encryption happening... am i missing something? You should really be using EVP instead of the low level routines. They are well documented with examples. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: On Tue, Mar 27, 2012, pkumarn wrote: I am trying to write a sample program to do AES encryption using Openssl. I tried going through Openssl documentation( it's a pain), could not figure out much. I went through the code and found the API's using which i wrote a small program as below (please omit the line numbers). I don't see any encryption happening... am i missing something? You should really be using EVP instead of the low level routines. They are well documented with examples. Where, precisely? I didn't find it either when I was looking a few years ago, so I settled on the obvious low level APIs too. -- Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 call:+4531131610 This message is only for its intended recipient, delete if misaddressed. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
On 3/27/2012 3:51 PM, Jakob Bohm wrote: On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: You should really be using EVP instead of the low level routines. They are well documented with examples. Where, precisely? I didn't find it either when I was looking a few years ago, so I settled on the obvious low level APIs too. In fact, neither the low level or the EVP APIs are documented. I don't see any AES documentation at all. I also use the low level APIs, just because they were easier to find and understand in the source. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman kgold...@us.ibm.com wrote: On 3/27/2012 3:51 PM, Jakob Bohm wrote: On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: You should really be using EVP instead of the low level routines. They are well documented with examples. Where, precisely? I didn't find it either when I was looking a few years ago, so I settled on the obvious low level APIs too. In fact, neither the low level or the EVP APIs are documented. I don't see any AES documentation at all. Digest (search for openssl evp digest example): http://www.openssl.org/docs/crypto/EVP_DigestInit.html Encrypt (search for openssl evp encrypt example): http://www.openssl.org/docs/crypto/EVP_EncryptInit.html Sign (search for openssl evp sign example): http://www.openssl.org/docs/crypto/EVP_SignInit.html Verify (search for openssl evp verify example): http://www.openssl.org/docs/crypto/EVP_VerifyInit.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
On 3/27/2012 10:42 PM, Jeffrey Walton wrote: On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldmankgold...@us.ibm.com wrote: On 3/27/2012 3:51 PM, Jakob Bohm wrote: On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: You should really be using EVP instead of the low level routines. They are well documented with examples. Where, precisely? I didn't find it either when I was looking a few years ago, so I settled on the obvious low level APIs too. In fact, neither the low level or the EVP APIs are documented. I don't see any AES documentation at all. Digest (search for openssl evp digest example): http://www.openssl.org/docs/crypto/EVP_DigestInit.html At least this one is outdated, it recommends SHA1, does not mention any of the larger algorithms and still shows the old SSL MD5+SHA1 288 bit length as the maximum MD size. openssl/evp.h has later definitions but no documentation in it. This document also gives two good reason not to use this interface when retrofitting existing code: 1. The state structure (EVP_MD_CTX) requires an extra call to free internal memory, which may not fit into existing code that doesn't have such a requirement of its own. 2. The EVP_DigestInit_ex() function is documented as loading a specific implementation if NULL is passed, thus almost certainly ensuring that said specific implementation will be linked into programs that don't use it at all. It is also unclear how referencing a specific engine avoids loading the entire feature set of that engine when only a subset is needed. Such granularity issues basic questions one should always consider in any library design. Encrypt (search for openssl evp encrypt example): http://www.openssl.org/docs/crypto/EVP_EncryptInit.html Sign (search for openssl evp sign example): http://www.openssl.org/docs/crypto/EVP_SignInit.html Verify (search for openssl evp verify example): http://www.openssl.org/docs/crypto/EVP_VerifyInit.html (I have not checked out those yet). Explicitly adding the word EVP to those searches was non-obvious because as a programmer I tend not to consider parts of identifiers as separate search words (except when doing a raw grep). And besides, how should a newcomer to OpenSSL guess that something called EVP is of any significance? -- Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 call:+4531131610 This message is only for its intended recipient, delete if misaddressed. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to do encryption using AES in Openssl
On Tue, Mar 27, 2012 at 5:19 PM, Jakob Bohm jb-open...@wisemo.com wrote: On 3/27/2012 10:42 PM, Jeffrey Walton wrote: On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldmankgold...@us.ibm.com wrote: On 3/27/2012 3:51 PM, Jakob Bohm wrote: On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: You should really be using EVP instead of the low level routines. They are well documented with examples. Where, precisely? I didn't find it either when I was looking a few years ago, so I settled on the obvious low level APIs too. In fact, neither the low level or the EVP APIs are documented. I don't see any AES documentation at all. Digest (search for openssl evp digest example): http://www.openssl.org/docs/crypto/EVP_DigestInit.html At least this one is outdated, it recommends SHA1, does not mention any of the larger algorithms and still shows the old SSL MD5+SHA1 288 bit length as the maximum MD size. openssl/evp.h has later definitions but no documentation in it. This document also gives two good reason not to use this interface when retrofitting existing code: 1. The state structure (EVP_MD_CTX) requires an extra call to free internal memory, which may not fit into existing code that doesn't have such a requirement of its own. 2. The EVP_DigestInit_ex() function is documented as loading a specific implementation if NULL is passed, thus almost certainly ensuring that said specific implementation will be linked into programs that don't use it at all. It is also unclear how referencing a specific engine avoids loading the entire feature set of that engine when only a subset is needed. Such granularity issues basic questions one should always consider in any library design. Encrypt (search for openssl evp encrypt example): http://www.openssl.org/docs/crypto/EVP_EncryptInit.html Sign (search for openssl evp sign example): http://www.openssl.org/docs/crypto/EVP_SignInit.html Verify (search for openssl evp verify example): http://www.openssl.org/docs/crypto/EVP_VerifyInit.html (I have not checked out those yet). Explicitly adding the word EVP to those searches was non-obvious because as a programmer I tend not to consider parts of identifiers as separate search words (except when doing a raw grep). And besides, how should a newcomer to OpenSSL guess that something called EVP is of any significance? Good point. I think I learned it the hard way some time ago. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL Wiki (was: How to do encryption using AES in Openssl)
On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman kgold...@us.ibm.com wrote: On 3/27/2012 3:51 PM, Jakob Bohm wrote: On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: You should really be using EVP instead of the low level routines. They are well documented with examples. Where, precisely? I didn't find it either when I was looking a few years ago, so I settled on the obvious low level APIs too. In fact, neither the low level or the EVP APIs are documented. I don't see any AES documentation at all. Perhaps its time to bring up a wiki style documentation (again). Under wiki, users who get get frustrated enough about lack of/dated documentation can spend some time copy/pasting code in between pre tags. It would also relieve the docmaster from updating the current documentation. He or she could approve wiki account requests instead. Wiki style documentation has worked well for other similar libraries, such as OWASP ESAPI and Crypto++. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: error LNK2019: unresolved external symbol _AES_cbc_encrypt referenced in function
On Mon, Mar 26, 2012 at 11:28 AM, anu anujc...@gmail.com wrote: When I am using AES_ecb_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key, const int enc); then there is no linking error in my code but when i use AES_cbc_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, unsigned char *ivec, const int enc); then it give error unresolved external symbol _AES_cbc_encrypt referenced in function private: static wchar_t const * __cdecl CCrack::tryAES(wchar_t const *) (?tryAES@CCrack@@CAPB_WPB_W@Z) While both function are declare in aes.h header file. I am not understand where is problem both file aes_ecb.c and aes_cbc.c are located in same folder. See if the function is actually exported from libcrypto (or is it libssl?): nm -D --defined-only --extern-only libcrypto.so | grep AES_cbc_encrypt Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to use AES_wrap_key() in openssl
On Mon, Mar 26, 2012 at 1:49 AM, Prashanth kumar N prashanth.kuma...@gmail.com wrote: [SNIP] : In my case, i would be storing the wrapped key and not the original key. So when user tries to decrypt the wrapped key, he would get the original key but how do i make sure that is the right key. So the suggestion is to see if i can get the same IV i have used to encrypt which indirectly proves that the key decrypted is the right one. No, you should not do this. The Handbook of Applied Cryptography specifically warns against the meaningful decrypted text syndrome. From page 364: A common misconception is that encryption provides data origin authentication and data integrity, under the argument that if a message is decrypted with a key shared only with party A, and the message is meaningful, then it must have originated from A. Even if you could recover the IV instead of supplying it, as this wrap algorithm *could* do (unlike normal CBC etc.), it doesn't prove the unwrapped=decrypted key is correct. CBC modes are often vulnerable to blockwise attacks (although I haven't worked out this one specifically). In general most encryption schemes don't attempt to provide integrity protection and shouldn't be relied on for that; If your scheme is not authenticating its data, then your scheme is probably broken. In memory keys might have a different threat model so that the attacker never gets access to a program's memory. But then it begs the question: why wrap at all? Padding Oracles and the Beast Attack are possible because the encryption system is broken. They were not using Authenticated Encryption properly. I'd encourage folks who are combining primitives (AES, HMACs, or using 'padding' as an authenticagtion tag) to review Hugo Krawczyk 2001 paper, The Order of Encryption and Authentication for Protecting Communications. From the Krawczyk paper, we learned SSH was broken, and SSL could be broken under the right circumstances. The only protocol which was provably correct was IPSec. The folks who are using padding as an authentication tag remind me of these comments (they are actully doing a bit worse than described): ...people had been doing rather poorly when they tried to glue together a traditional (privacy-only) encryption scheme and a message authentication code (MAC) - Bellare, Rogaway, and Wagner in A Conventional Authenticated-Encryption Mode and ...it is very easy to accidentally combine secure encryption schemes with secure MACs and still get insecure authenticated encryption schemes - Kohno, Viega, Whiting in The CWC Authenticated Encryption (Associated Data) Mode. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Successfully building openssl-1.0.1 with Microsoft Visual Studio.
On Sun, Mar 25, 2012 at 7:31 PM, jeremy hunt jere...@optimation.com.au wrote: Thomas J. Hruska wrote: On 3/23/2012 12:53 AM, jeremy hunt wrote: This posting is to help people to build OpenSSL 1.0.1 with Microsoft Visual Studio. It may also indicate a required change to the build instructions for Microsoft Visual Studio. Summary: -- I found I needed to install the Windows SDK and manually configure my build environment to successfully build OpenSSL 1.0.1 Details: (cut out for this reply, refer to my original posting if you need help) Regards, Jeremy If you had to do that, then your command line build environment on your new machine was not set up correctly to begin with. Most modern projects would probably not have built (not just OpenSSL). As a Windows developer, the Windows SDK is an implied requirement for any project. Thanks for that Thomas. Generally what you say in this list is good but in this case I do not think your statement is very helpful. It would be more collaborative to suggest a way to do that just for those people who have missed it, ... as I attempted to do in my original posting. I was pointing out that the standard tools did not do that for you. Perhaps you do not use the Microsoft Visual Studio Command Prompt Window for builds as I do. If there is a previous requirement for a build, the documentation generally states it. I am trying to help by suggesting a small change in the documentation which might cut down questions in this list. If you think things that you take for granted are too trivial to tell the list, that is fine. I prefer to let people know problems I have had in the past in the hope it will help some of them and make them and this list more productive. By the way I had built a number of other Windows products on the new build environment before building OpenSSL, ... successfully and without the Windows SDK. As I stated it was a new build environment. OpenSSL was the fifth product I had built on the new environment and the first that required the Windows SDK, so I am unsure if I agree with your statement. Wouldn't it be better to explicitly state the requirement, rather than rely on previous knowledge. Personally I am surprised that OpenSSL uses a native crypto lib, not that I have investigated why. Just guessing: CryptGenRandom function to help gather entropy (http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx). I know OpenSSL can also do a heap walk, too. Perhaps it does both. I also believe OpenSSL interacts with Windows certificate store. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Successfully building openssl-1.0.1 with Microsoft Visual Studio.
From: Jeffrey Walton noloa...@gmail.com To: openssl-users@openssl.org Sent: Tuesday, March 27, 2012 9:49:58 PM Subject: Re: Successfully building openssl-1.0.1 with Microsoft Visual Studio. On Sun, Mar 25, 2012 at 7:31 PM, jeremy hunt jere...@optimation.com.au wrote: Thomas J. Hruska wrote: On 3/23/2012 12:53 AM, jeremy hunt wrote: This posting is to help people to build OpenSSL 1.0.1 with Microsoft Visual Studio. It may also indicate a required change to the build instructions for Microsoft Visual Studio. Summary: -- I found I needed to install the Windows SDK and manually configure my build environment to successfully build OpenSSL 1.0.1 Details: (cut out for this reply, refer to my original posting if you need help) Regards, Jeremy If you had to do that, then your command line build environment on your ... Thanks for that Thomas. Generally what you say in this list is good but in this case I do not think your statement is very helpful. ... Just guessing: CryptGenRandom function to help gather entropy (http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx). I know OpenSSL can also do a heap walk, too. Perhaps it does both. I also believe OpenSSL interacts with Windows certificate store. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org Yes, am quite sure OpenSSL interacts with the Windows Certificate Store via the capi engine - happen to have just been researching this. Seem dependent on proper compile, and proper configuration of OpenSSL in order to enable the engine, but it's in there. Lou Picciano