RE: encrypt - salt

2014-05-15 Thread Dave Thompson 
EVP_BytesToKey implements (a tweak on) the original PKCS#5, which derived a key 
and IV 

by iterated hashing of a (reusable but secret) password with random (i.e. 
unique) salt.

Given random salt this gives effectively random IV, but is unnecessarily 
complicated.

 

This was recognized as a not terribly good plan, and the improved PBKDF2 in 
PKCS#5v2 

derives only the key in a slightly different way (iterated *HMAC* with salt 
*cumulated*) 

leaving the IV, if any, as plain random outside the scope of the PBKDF2 
primitive.

OpenSSL does implement PBKDF2, and can use it for PKCS#8 and PKCS#12 etc.,

but kept BytesToKey for compatibility with existing ‘enc’ files and ‘legacy’ 
(pre PKCS#8) keys.

(Which don’t even really use the iteration feature; they are hardcoded 1!)

 

Using BytesToKey with random salt to generate the IV is a waste of time, 

and using it with fixed salt violates its specification. Just use random IV.

Unless you don’t trust your RNG. But in that case you’re better off fixing or 

replacing the RNG, not trying weird things to prop it up.

 

BytesToKey (like PBKDF1) uses the one iteration count to produce data which is 
returned 

for both key and IV. It does additional round(s) if and only if necessary, a 
PBKDF2-like tweak 

not in standard PBKDF1, but still using the same count.

 

 

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Anant Rao
Sent: Saturday, May 10, 2014 21:58
To: openssl-users@openssl.org
Subject: *** Spam *** encrypt - salt

 

Hi, 

 

I'm trying to encrypt non-password data with EVP_aes_256_cbc algo.

 

Here's what I'm currently doing:

I have the key already generated by some other means outside of my program - 
assume it's cryptographically strong. I'm, however, generating the IV with 
RAND_bytes within my program.

 

When I looked at an example of AES encryption on the page 
http://saju.net.in/code/misc/openssl_aes.c.txt , I see that there is a call to 
EVP_BytesToKey to generate the key and the IV.

 

My first question is if generating the IV this way is any stronger than calling 
RAND_bytes. Just looking at the signature of the function, I tend to think it 
is as it has an extra param "salt". If the answer is affirmative, then I plan 
to call the function (with some fixed salt) and use only IV out of it and 
ignore the key generated (as I already have the key from some external source 
as mentioned before). Is this a good/workable idea?

 

My second question is if EVP_BytesToKey's "count" param is used (by OpenSSL) in 
the key generation, IV generation or both.

 

Thanks!

Re: v1.0.1g command line gcm error

2014-05-15 Thread Jeffrey Walton 
On Thu, May 15, 2014 at 2:37 PM, Matt Caswell  wrote:
> On 15 May 2014 10:39, Jeffrey Walton  wrote:
>> On Tue, May 13, 2014 at 12:06 PM, Tom stone  wrote:
>>>
>>> Am I missing something or is there a bug in the openssl gcm implementation?
>>
>> If its any consolation, your question triggered a documentation patch.
>> Matt Caswell recently committed it. "Add information to BUGS section
>> of enc documentation. PR#3354",
>> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=18c4f522f49eb54a61bada6d39a8b137b6751f01hb=18c4f522f49eb54a61bada6d39a8b137b6751f01;hpb=ab6577a46ecee670b640f0ee49e2ebef80ad18a7.
>> And http://wiki.openssl.org/index.php/Manual:Enc(1).
>
> And I'm about to revert it, because Steve Henson just committed a fix
> for the bug (i.e. to fail gracefully if you attempt to use an AEAD
> cipher)!!
Nice ;)

Perhaps there should be a note for folks using down level version of
the library.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: v1.0.1g command line gcm error

2014-05-15 Thread Matt Caswell 
On 15 May 2014 10:39, Jeffrey Walton  wrote:
> On Tue, May 13, 2014 at 12:06 PM, Tom stone  wrote:
>>
>> Am I missing something or is there a bug in the openssl gcm implementation?
>
> If its any consolation, your question triggered a documentation patch.
> Matt Caswell recently committed it. "Add information to BUGS section
> of enc documentation. PR#3354",
> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=18c4f522f49eb54a61bada6d39a8b137b6751f01hb=18c4f522f49eb54a61bada6d39a8b137b6751f01;hpb=ab6577a46ecee670b640f0ee49e2ebef80ad18a7.
> And http://wiki.openssl.org/index.php/Manual:Enc(1).

And I'm about to revert it, because Steve Henson just committed a fix
for the bug (i.e. to fail gracefully if you attempt to use an AEAD
cipher)!!

Matt
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Unable to set RSA_NO_PADDING?

2014-05-15 Thread Dr. Stephen Henson 
On Thu, May 15, 2014, Jan Danielsson wrote:

> Hello,
> 
>Purely for a test case to see if a small wrapper library for
> EVP_DigestSign*() can output the exact same signature twice, I tried
> calling:
> 
>if((rc = EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_NO_PADDING)) <= 0) {
>   print("failed with %d\n", rc);
>}
> 
>With plain old PKCS1 and PKCS1/PSS the call is successful, but for
> NO_PADDING I get rc=0.  In practice this isn't a problem for pretty
> obvious reasons, but it worries me slightly, and it makes me wonder if
> there's some other problem hiding which I should be aware of.
> 
>Is there some code in there which doesn't allow RSA_NO_PADDING?  The
> documentation seems quite explicit that EVP_PKEY_CTX_set_rsa_padding()
> allows RSA_NO_PADDING, but perhaps there are some caveats?
> 

Currently RSA_NO_PADDING is only supported for encrypt/decrypt and not
for sign/verify. One reason is that you can't sanity check the recovered
plaintext length without padding.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Windows CE (VC-CE) Compilation problem !

2014-05-15 Thread Pierre DELAAGE 

Hello,
I did the job many times, last with openssl V100a and V102, using MS EVC 
compiler instead of Visual Studio.


You will find instructions here (from start to end, but it is a long 
process anyway, and you have to be very careful in modifying various 
files and scripts...):


http://delaage.pierre.free.fr/

There is a lot of compilation issues to compile for WCE.
As said, I am NOT using VC compiler, but a free compiler for WCE from 
MS, called EVC.


*** PLEASE note that the EVC download URL has changed (I have to update 
my webpage), and that you will NOT find it on MS website easily :

many links there are removed and/or broken.

EVC4 is now there :
http://download.microsoft.com/download/C/3/F/C3F8B58B-9753-4C2E-8B96-2DFE3476A2F7/eVC4.exe

Then follow my instructions to update it, get the SDK and so on...

Basically, compilations options are very similar to ones for VC, but you 
have also to use the proper WCE SDK,
and take care to adapt some script from MS that are NOT always instantly 
usable "as is".


See my web page for guidelines for that.

I presently do not have time to recompile the last version of openssl.
And some issues around my patches are to be clarified with openssl team 
before being included in the openssl mainstream.


On my page, you will find specific instructions to compile the extra lib 
"wcecompat".


*** Moreover, you should read carefully the thread that you have given 
link to...

In that discussion, I said this

"
on that page you can find a patch to compile V1.0.2 without FIPS on WCE :
http://rt.openssl.org/index.html?q=2350
(user guest / password guest).
Particularly check the 2012 contribution.
"

This is still relevant.


Best regards,
Pierre Delaage


Le 15/05/2014 15:44, RaviVyas a écrit :

Hello,
Please Give The Basic Steps To Build OPENSSL in WIN CE 6.0.
All Steps From Starts To END.
I already Performed Steps Which are Mentioned in INSTALL.WCE Text File.
Didnt Successed.



--
View this message in context: 
http://openssl.6102.n7.nabble.com/Windows-CE-VC-CE-Compilation-problem-tp45909p50154.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Unable to set RSA_NO_PADDING?

2014-05-15 Thread Jan Danielsson 
Hello,

   Purely for a test case to see if a small wrapper library for
EVP_DigestSign*() can output the exact same signature twice, I tried
calling:

   if((rc = EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_NO_PADDING)) <= 0) {
  print("failed with %d\n", rc);
   }

   With plain old PKCS1 and PKCS1/PSS the call is successful, but for
NO_PADDING I get rc=0.  In practice this isn't a problem for pretty
obvious reasons, but it worries me slightly, and it makes me wonder if
there's some other problem hiding which I should be aware of.

   Is there some code in there which doesn't allow RSA_NO_PADDING?  The
documentation seems quite explicit that EVP_PKEY_CTX_set_rsa_padding()
allows RSA_NO_PADDING, but perhaps there are some caveats?

-- 
Kind Regards,
Jan
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: BUILD OPENSSL in WIN CE 6.0

2014-05-15 Thread Dustin Oprea 
On May 15, 2014 10:59 AM, "RaviVyas"  wrote:
>
> Hello,
> Please Help Me To Build OPENSSL on WIN CE 6.0.
> I Followed Steps Which are mentioned in INSTALL.WCE Text File.
> But Didnt Successed.

What were your steps? Where's the output?

Dustin

>
>
>
>
> --
> View this message in context:
http://openssl.6102.n7.nabble.com/BUILD-OPENSSL-in-WIN-CE-6-0-tp50152.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org

Re: Windows CE (VC-CE) Compilation problem !

2014-05-15 Thread RaviVyas 
Hello,
Please Give The Basic Steps To Build OPENSSL in WIN CE 6.0.
All Steps From Starts To END.
I already Performed Steps Which are Mentioned in INSTALL.WCE Text File.
Didnt Successed.



--
View this message in context: 
http://openssl.6102.n7.nabble.com/Windows-CE-VC-CE-Compilation-problem-tp45909p50154.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

BUILD OPENSSL in WIN CE 6.5

2014-05-15 Thread RaviVyas 
hello ,

i working on windows ce 6.5 and i want to configure openSSL on that.
i followed step from
https://groups.google.com/forum/#!topic/mailing.openssl.users/Ph9AoofDP0U
this link.but i did not compile wcecompat.
so i wasn't got my two .lib files succesfully.so,please help me out from
this problem i am stuck with it from 2 weeks.

Thanx in advanced,
from Ravi vyas(vadodara)



--
View this message in context: 
http://openssl.6102.n7.nabble.com/BUILD-OPENSSL-in-WIN-CE-6-5-tp50153.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

BUILD OPENSSL in WIN CE 6.0

2014-05-15 Thread RaviVyas 
Hello,
Please Help Me To Build OPENSSL on WIN CE 6.0.
I Followed Steps Which are mentioned in INSTALL.WCE Text File.
But Didnt Successed.




--
View this message in context: 
http://openssl.6102.n7.nabble.com/BUILD-OPENSSL-in-WIN-CE-6-0-tp50152.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: v1.0.1g command line gcm error

2014-05-15 Thread Jeffrey Walton 
On Tue, May 13, 2014 at 12:06 PM, Tom stone  wrote:
> Using openssl-1.0.1g command line for simple file encryption/decryption,
> when I issue the commands
>
> openssl enc -aes-256-cbc -k secret -in file.txt -out file.ssl
> openssl enc -d -aes-256-cbc -k secret -in file.ssl
>
> The contents of file.txt go to stdout as expected. However, when I issue the
> commands
>
> openssl enc -aes-256-gcm -k secret -in file.txt -out file.ssl
> openssl enc -d -aes-256-gcm -k secret -in file.ssl
>
> The contents of file.txt go to stdout but the string "bad decrypt" goes to
> stderr.
>
> Am I missing something or is there a bug in the openssl gcm implementation?

If its any consolation, your question triggered a documentation patch.
Matt Caswell recently committed it. "Add information to BUGS section
of enc documentation. PR#3354",
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=18c4f522f49eb54a61bada6d39a8b137b6751f01hb=18c4f522f49eb54a61bada6d39a8b137b6751f01;hpb=ab6577a46ecee670b640f0ee49e2ebef80ad18a7.
And http://wiki.openssl.org/index.php/Manual:Enc(1).
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org