23B0ECFB11E1E7EA228861F4363DBA8D478A7E44F1DEB77A3904FBD90CAA41E291A2E094ABCBD5134146FB1C0F42BC8D7B4829DEFEE7BACDFC024FB8B9FAF16F225EB3C96D866C535B2A06E83DCF007
Thanks,
Thulasi.
On Sat, 20 Feb 2021 at 00:40, Alon Bar-Lev wrote:
> Thanks!
> Was about to write... I tested both 1.1 and master branches and result is
> the same.
>
>
> On Fri, 19 Feb 2021 at 21:04
ktor Dukhovni
wrote:
> On Fri, Feb 19, 2021 at 11:19:42PM +0530, Thulasi Goriparthi wrote:
>
> > I am able to reproduce this issue with 1.1.1i
>
> OpenSSL 1.1.1j has been released. Do you still see the problem with
> 1.1.1j?
>
> --
> Viktor.
>
Hi Alon,
I am able to reproduce this issue with 1.1.1i
echo "hello world" > msg
/* pkcs1 */
openssl cms -sign -in msg -text -signer cert1.pem -out 1.cms
openssl cms -verify -in 1.cms -CAfile ca.pem
openssl cms -resign -in 1.cms -signer cert2.pem -out 2.cms
openssl cms -verify -in 2.cms
Hello,
Is there any option either in 1.1.1 or 3.0.0 to encode ECX(x25519, x448,
ed25519, ed448) private keys along with optional/implicit public key as
specified in https://tools.ietf.org/html/rfc8410#page-7
Is there any plan to provide this support in future?
I ask this as I have come across
OCSP responder app is trying to read OCSP_RESPONSE instead of OCSP_REQUEST
in do_responder function.
Created https://github.com/openssl/openssl/issues/13904
Thanks,
Thulasi.
ease take a look the attachment which has the complete flow, and
> provide your views which helps us to change it to PEM_read_PrivateKey()
> or variants as you suggested
>
>
>
> Regards,
>
> Sunil
>
>
>
> *From:* Thulasi Goriparthi
> *Sent:* 29 January 2021 17:
> https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_decrypt_init.html
>
> We need to use an RSA private key
>
>
>
> Please suggest.
>
>
>
> Regards,
>
> Sunil
>
> *From:* Thulasi Goriparthi
> *Sent:* 29 January 2021 13:07
> *To:* Narayana, Sunil K
Hope, you are referring to
https://www.openssl.org/docs/man1.0.2/man3/EVP_PKEY_encrypt.html
Use PEM_read_bio_PUBKEY to get EVP_PKEY.
eng is for engine reference. If you have no engine, it can be NULL.
Thanks,
Thulasi.
On Fri, 29 Jan 2021 at 10:13, Narayana, Sunil Kumar
wrote:
> Dear Openssl
I am trying to provide a test certificate generated by
openssl-3.0.0-alpha10 to a third party certificate parser/manager. This
software expects AlgorithmIdentifier to either have parameters or to have
null encoded (05 00) parameters which seems to be missing in the
certificate.
Certificate
Hello,
Is it acceptable for an openssl provider to implement an algorithm
(rsaEncryption) as asym_cipher or signature algorithm without implementing
corresponding keymgmt or redirecting the same to the 'default' provider?
I ask, as our engine implementation handles key import dynamically at time
CMS_Decrypt doesn't need to feed this information explicitly and it will
part of CMS envelope of the encrypted data.
https://tools.ietf.org/html/rfc3560#page-4
Thanks,
Thulasi.
On Tue, 18 Feb 2020 at 17:16, Thulasi Goriparthi <
thulasi.goripar...@gmail.com> wrote:
> Sorry for th
Sorry for this. I see that you already knew about it.
On Tue, 18 Feb, 2020, 17:08 Thulasi Goriparthi, <
thulasi.goripar...@gmail.com> wrote:
> https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html
>
> Thanks,
> Thulasi.
>
> On Tue, 18 Feb, 2020, 16:43 Ru
https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html
Thanks,
Thulasi.
On Tue, 18 Feb, 2020, 16:43 RudyAC, wrote:
> Hello Thulasi,
>
> thank you for your quick response.
>
> the encryption takes not place in the HSM because we only store the private
> keys inside the HSM. For
Do you mean RSA OAEP decryption done by HSM fails?
Possible tests:
1. Try RSA OAEP encryption/decryption with HSM. - basic test.
2. Encrypt with HSM and decrypt using openssl crypto library. - To make
sure RSA OAEP encryption of the HSM works fine.
3. If test 2 fails, check if all the parameters
Operations that a private key can do are decrypt and sign. Similarly,
operations that a public key can do are encrypt and verify.
The legacy priv_enc(raw) just refers to raw signing, and is almost same as
sign(with proper padding mechanisms).
It is just a misnomer, as data encrypted with a
Call to EC_POINT_set_compressed_coodinates() with with x-coordinate and
y-bit will resolve the curve equation for y and chooses y out of two
possible y values based on y-bit input.
You can retrieve the x and y co-ordinates using
EC_POINT_get_affine_coordinates as below, where x-cordinate matches
02 indicates y bit is 0
03 indicates y bit is 1
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.202.2977=rep1=pdf
Thanks,
Thulasi.
On Fri, 25 Oct 2019 at 16:50, Luca Di Mauro wrote:
>
> Mh, maybe I didn't understand.
>
> If I have an x-point which follows this representation
>
tation and not a bug, shouldn't the limitation be
> documented on a man page somewhere? And shouldn't my second call to
> EVP_CipherUpdate fail?
>
> Norm Green
>
>
> On 9/30/2019 8:04 PM, Thulasi Goriparthi wrote:
>
> As 512 byte blocks are independently encrypted, the
As 512 byte blocks are independently encrypted, they should be decrypted
similarly. This is how XTS mode is defined.
i.e Try to decrypt 512 byte blocks separately with two CipherUpdates.
Thanks,
Thulasi.
On Tue, 1 Oct 2019 at 06:43, Norm Green
wrote:
> Hi all,
>
> I'm using OpenSSL 1.1.1d on
RSA keys wouldn't have parameters that are separated from key
components. So, EVP_PKEY_cmp() is applicable, but not
EVP_PKEY_cmp_parameters().
DH keys, which are generally used for key exchange, are short lived,
though the group parameters can be comparatively valid for longer
duration (let's say
>> For such tests, it's always better safe than sorry.
Not sure, if repeating the same test (or the test of the same value)
would add any safety.
Thanks,
Thulasi.
On Fri, 2 Nov 2018 at 16:53, Jakob Bohm via openssl-users
wrote:
>
> On 02/11/2018 08:50, Thulasi Goriparthi w
Hi,
I am going through the checks done by EC_KEY_check_key method. I see
the following checks in order.
1. Is point at infinity? - reject.
2. Is point not on curve? reject.
3. Is point not in the primary subgroup? reject.
4. If priv key(scalar) available, then check if scalar * G != point.
If
Hello Jan,
Decide on what your public exponent(e) should be, and either use
RSA_X931_derive_ex() if you are using an older openssl which supports
this function or follow rsa_builtin_keygen() from crypto/rsa/rsa_gen.c
on how to derive private exponent(d) and modulus(n).
By the way, technically,
Hello,
You can register a verify callback function using
X509_STORE_set_verify_cb() and X509_verify_cert() will call this
function, which can be used to by-pass targeted errors like
X509_V_ERR_INVALID_PURPOSE etc.
Check callb function from apps/x509.c
Thanks,
Thulasi.
On 16 July 2018 at
X509_STORE_add_cert increments the reference count of the each cert, but
only by 1.
X509_STORE_free decrements the ref count by 1. So after decrementing, if
ref_count is 0, certificate will be freed.
Jakob is saying that if you want them to stay even after X509_STORE_free,
explicitly increment
On 10 June 2015 at 16:47, Jakob Bohm jb-open...@wisemo.com wrote:
On 10/06/2015 12:41, Thulasi Goriparthi wrote:
X509_STORE_add_cert increments the reference count of the each cert,
but only by 1.
Sounds like there should be X509_STORE_add0_cert() and
X509_STORE_add1_cert() like
On 10 June 2015 at 18:05, Thulasi Goriparthi thulasi.goripar...@gmail.com
wrote:
On 10 June 2015 at 16:47, Jakob Bohm jb-open...@wisemo.com wrote:
On 10/06/2015 12:41, Thulasi Goriparthi wrote:
X509_STORE_add_cert increments the reference count of the each cert,
but only by 1.
Sounds
On 10 June 2015 at 18:45, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:
On Wed, Jun 10, 2015 at 04:11:45PM +0530, Thulasi Goriparthi wrote:
Jakob is saying that if you want them to stay even after X509_STORE_free,
explicitly increment the ref count before calling free using something
Thanks Remy for asking the question in my mind.
ENGINE_set_default_EC_METHOD will be perfect to offload EC Point
multiplication, doubling and addition offered by some h/w crypto
accelerators.
Hi Matt,
What is the reason to keep ec_method, ecdh_method and ecdsa_method
structure definitions in
Hi Piotr,
As you have found out, choosing the per message random number in ECDSA
signature is crucial for the security of private key.
Leaving this responsibility on users is dangerous. This is the reason you
won't find any crypto API to feed the random number for ECDSA signature.
If you want
Hi all,
What is the reason behind keeping ecdh_method and ecdsa_method structure
definitions in local header files ech_locl.h and ecs_locl.h respectively
unlike their peers.. dh_method, dsa_method, rsa_meth_st and rand_meth_st
which are defined in exported header files?
Thanks,
Thulasi.
I had similar trouble a while ago.
I understood that if crypto/ssl application need to use RAND method before
the intended engine is loaded, default_RAND_method would be populated with
RAND_SSLeay().
ENGINE_set_RAND wouldn't overwrite this as rand wrappers prefer
default_RAND_method than
One can't change the encrypted finished size unless one is using variable
padding. encrypted finished size depends on 3 parameters: protocol version,
cipher type, MAC type,
Protocol version decides if explicit IV is included in the record and
unencrypted finished message size.
For SSL3 and
A correction regarding padding.
On 11 December 2014 at 16:53, Thulasi Goriparthi
thulasi.goripar...@gmail.com wrote:
One can't change the encrypted finished size unless one is using variable
padding. encrypted finished size depends on 3 parameters: protocol version,
cipher type, MAC type
On 27 October 2014 14:03, Gayathri Manoj gayathri.an...@gmail.com wrote:
Hi All,
How can I replace RSA_public_decrypt() with EVP_Verify*().
I wanted to replace the below api with EVP_verify*()
RSA_public_decrypt(Len, SgnData, dBuffer, rsa_pub_key, RSA_PKCS1_PADDING);
I have tried with
On 19 September 2014 22:34, Stromas, Aaron aaron.stro...@rsa.com wrote:
Greetings,
I am looking for help with a problem I've ran into a using
mod_proxy/mod_ssl. The Apache HTTP server on SLES 11 SP3 64 bit, OpenSSL
1.0.1.f acts as SSL proxy to the Weblogic 10.3 running on Redhat. The
SSLv23_client_method supports all protocols by default and connects using
the highest protocol that server supports(as received from server hello)
I suggest you try disabling TLS 1.0 along with SSL2 if you want to force
your client to use SSL3 without changing the context's method.
Assuming you are not using your own session id generation callback
function, I guess there is something wrong with your rand function/method
which is not able to generate a unique session id in 10 attempts.
-- Debug def_generate_session_id function in ssl/ssl_sess.c
-- Debug RAND_pseudo_bytes and
thread callback funcs are missing.
openssl FAQ says..
Multi-threaded applications must provide two callback functions to OpenSSL
by calling CRYPTO_set_locking_callback() and CRYPTO_set_id_callback(), for
all versions of OpenSSL up to and including 0.9.8[abc...].
As of version 1.0.0,
$ openssl genrsa 2048 key.pem
$ openssl req -new -x509 -key key.pem -out cert.pem -sha256
On Tue, Aug 12, 2014 at 11:08 AM, Abdul Anshad ab...@visolve.com wrote:
Could you please provide me the steps for creating a self signed
certificate meeting the current FIPS standard ?
Thank you for
Assuming that finish you meant is Handshake Finished messages of SSL/TLS
protocol, I assure you, you can see them with openssl too.
Implementations can't (won't deliberately) change the protocol.
Run s_server and s_client of openssl with -msg -debug -state options to see
the handshake messages
On Mon, Aug 4, 2014 at 4:50 AM, David Li dlipub...@gmail.com wrote:
Hi Thulasi/Rich,
Thanks! This prompted me to uncover another bug in the code. I did encrypt
an extra block of zeros! Now everything makes sense.
Can't help to dig a little deeper into this: In AES-CBC mode, the
decryption
On Thu, Jul 31, 2014 at 5:10 PM, Laurent Broussy lbrou...@elbeconseil.com
wrote:
Hi,
Like describe in the FIPS 46-3 a DES key must have it heavy bit as parity
bit. I try to encipher with a key without no correct parity bits and with
this key where I put the correct parity bits the same
the padding.
David
On Thu, Jul 31, 2014 at 8:22 PM, Thulasi Goriparthi
thulasi.goripar...@gmail.com wrote:
On Fri, Aug 1, 2014 at 5:46 AM, David Li dlipub...@gmail.com wrote:
Hi,
I am using openssl 1.0.1h and AES128 CBC mode to encrypt some arbitrary
long ASCII string.
I
On Fri, Aug 1, 2014 at 3:07 AM, Nayna Jain naynj...@in.ibm.com wrote:
Hi all,
We got one of our openssl version upgraded to openssl 1.0.1e version.
But after that I am facing this error at client side.
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
But I am not sure
On Fri, Aug 1, 2014 at 5:46 AM, David Li dlipub...@gmail.com wrote:
Hi,
I am using openssl 1.0.1h and AES128 CBC mode to encrypt some arbitrary
long ASCII string.
I encountered an issue at decryption. If I use EVP_DecryptFinal_ex then
the output is unrecognizable. If I remove the following
On Jul 25, 2014 5:15 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Thu, Jul 24, 2014, Denis Berezhnoy wrote:
Hi guys,
I have a question regarding TLS1.0 and TLS1.2 performance.
Is it a correct expectation is that TPS (transactions per seconds)
performance is worse with TLS1.2
Seems -iter option is added to master only in the below commit. By date,
it is later than 1.0.1g and probably 1.0.1h too.
commit 8a6c6bbf21cc11ea0fed69a106250af0d734d786
Author: Naftuli Tzvi Kay rfkro...@gmail.com
Date: Tue Jun 3 12:48:06 2014 -0700
Added custom PBKDF2 iteration count to
and probably 1.0.1h too.
OK, thanks. Would that be a 1.0.2 option; or a 1.1.0 option?
On Wed, Jul 23, 2014 at 2:41 AM, Thulasi Goriparthi
thulasi.goripar...@gmail.com wrote:
Seems -iter option is added to master only in the below commit. By
date,
it is later than 1.0.1g and probably 1.0.1h too
Version that is sent by Client in Client Hello may not necessarily be the
version of communication. It gets adjusted with what Server can support.
In your case, as you force the server to support only TLSv1, communication
protocol gets adjusted to TLSv1(03 01) even though client supports
In the example, only internal_bio is set using SSL_set_bio as below.
*SSL_set_bio(ssl, internal_bio, internal_bio);*
network_bio is not linked to SSL session. So it has to be freed explicitly.
On Fri, Jul 18, 2014 at 2:01 AM, Iñaki Baz Castillo i...@aliax.net wrote:
2014-07-17 14:29
*Guessing the context that is sent to EVP_PKEY_derive_set_peer is
initialized/created with a pkey belonging to different group. *
*In other words, EC keys of both parties in DH are not of the same group. *
On Mon, Jun 30, 2014 at 10:13 AM, pratyush parimal
pratyush.pari...@gmail.com wrote:
Hi
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof(gcm_tag), gcm_tag);
When you change tag length with the above statement, you are telling
the decrypt context to consider only those many number of bytes
for tag comparision.
On Wed, Jun 18, 2014 at 4:52 PM, Michel msa...@paybox.com wrote:
PM, Michel msa...@paybox.com wrote:
Thank for your answer.
But isn't this strategy very hazardous ?
And why just for GCM and not CCM ?
Le 18/06/2014 14:37, Thulasi Goriparthi a écrit :
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof(gcm_tag), gcm_tag);
When you change tag length
when tag length of decryption was equal to tag length of encryption.
:-(
It just works for : tag length of decryption = tag length of encryption =
16.
Thanks again for your help.
Le 18/06/2014 16:14, Thulasi Goriparthi a écrit :
Truncate-able tags gave a way to truncated hmac extension
One more thing to correct myself.
2 as tag length is not allowed. only 4, 6, 8, 10, 12, 14, 16 are allowed.
On Wed, Jun 18, 2014 at 11:55 PM, Thulasi Goriparthi
thulasi.goripar...@gmail.com wrote:
In the test program, you are feeding a fixed ccm_tag to decryption
process. This will not work
Or use another hash type for signature which can produce not more than 53
bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using 512-bit
keys. OpenSSL by default uses SHA512 hash for signature. Change the code to
use any other hash.
512 bit(64 byte) RSA key can only encrypt 53 bytes at
On Wed, Feb 27, 2013 at 1:39 AM, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:
On Wed, Feb 27, 2013 at 12:49:55AM +0530, Thulasi Goriparthi wrote:
Or use another hash type for signature which can produce not more than 53
bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using
Can somebody please tell me what were the attacks which made SSL 3.0 record
padding to be modified in TLS 1.x forcing each byte in the padding data to
contain padding length instead of leaving them arbitrary except for the
last byte?
Will it be a problem, If I let SSL 3.0 records to be padded
s-s3-tmp.key_block
s-s3-tmp.key_block_length
I think, these are the variables you are looking for.. Memory for the
key_block is allocated in ssl3_setup_key_block() or tls1_setup_key_block()
functions. Key Block contains keys and IVs in the following order as
specified in RFC.
client write
60 matches
Mail list logo