RE: encrypt - salt
EVP_BytesToKey implements (a tweak on) the original PKCS#5, which derived a key and IV by iterated hashing of a (reusable but secret) password with random (i.e. unique) salt. Given random salt this gives effectively random IV, but is unnecessarily complicated. This was recognized as a not terribly good plan, and the improved PBKDF2 in PKCS#5v2 derives only the key in a slightly different way (iterated *HMAC* with salt *cumulated*) leaving the IV, if any, as plain random outside the scope of the PBKDF2 primitive. OpenSSL does implement PBKDF2, and can use it for PKCS#8 and PKCS#12 etc., but kept BytesToKey for compatibility with existing ‘enc’ files and ‘legacy’ (pre PKCS#8) keys. (Which don’t even really use the iteration feature; they are hardcoded 1!) Using BytesToKey with random salt to generate the IV is a waste of time, and using it with fixed salt violates its specification. Just use random IV. Unless you don’t trust your RNG. But in that case you’re better off fixing or replacing the RNG, not trying weird things to prop it up. BytesToKey (like PBKDF1) uses the one iteration count to produce data which is returned for both key and IV. It does additional round(s) if and only if necessary, a PBKDF2-like tweak not in standard PBKDF1, but still using the same count. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Anant Rao Sent: Saturday, May 10, 2014 21:58 To: openssl-users@openssl.org Subject: *** Spam *** encrypt - salt Hi, I'm trying to encrypt non-password data with EVP_aes_256_cbc algo. Here's what I'm currently doing: I have the key already generated by some other means outside of my program - assume it's cryptographically strong. I'm, however, generating the IV with RAND_bytes within my program. When I looked at an example of AES encryption on the page http://saju.net.in/code/misc/openssl_aes.c.txt , I see that there is a call to EVP_BytesToKey to generate the key and the IV. My first question is if generating the IV this way is any stronger than calling RAND_bytes. Just looking at the signature of the function, I tend to think it is as it has an extra param "salt". If the answer is affirmative, then I plan to call the function (with some fixed salt) and use only IV out of it and ignore the key generated (as I already have the key from some external source as mentioned before). Is this a good/workable idea? My second question is if EVP_BytesToKey's "count" param is used (by OpenSSL) in the key generation, IV generation or both. Thanks!
Re: v1.0.1g command line gcm error
On Thu, May 15, 2014 at 2:37 PM, Matt Caswell wrote: > On 15 May 2014 10:39, Jeffrey Walton wrote: >> On Tue, May 13, 2014 at 12:06 PM, Tom stone wrote: >>> >>> Am I missing something or is there a bug in the openssl gcm implementation? >> >> If its any consolation, your question triggered a documentation patch. >> Matt Caswell recently committed it. "Add information to BUGS section >> of enc documentation. PR#3354", >> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=18c4f522f49eb54a61bada6d39a8b137b6751f01hb=18c4f522f49eb54a61bada6d39a8b137b6751f01;hpb=ab6577a46ecee670b640f0ee49e2ebef80ad18a7. >> And http://wiki.openssl.org/index.php/Manual:Enc(1). > > And I'm about to revert it, because Steve Henson just committed a fix > for the bug (i.e. to fail gracefully if you attempt to use an AEAD > cipher)!! Nice ;) Perhaps there should be a note for folks using down level version of the library. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: v1.0.1g command line gcm error
On 15 May 2014 10:39, Jeffrey Walton wrote: > On Tue, May 13, 2014 at 12:06 PM, Tom stone wrote: >> >> Am I missing something or is there a bug in the openssl gcm implementation? > > If its any consolation, your question triggered a documentation patch. > Matt Caswell recently committed it. "Add information to BUGS section > of enc documentation. PR#3354", > https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=18c4f522f49eb54a61bada6d39a8b137b6751f01hb=18c4f522f49eb54a61bada6d39a8b137b6751f01;hpb=ab6577a46ecee670b640f0ee49e2ebef80ad18a7. > And http://wiki.openssl.org/index.php/Manual:Enc(1). And I'm about to revert it, because Steve Henson just committed a fix for the bug (i.e. to fail gracefully if you attempt to use an AEAD cipher)!! Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Unable to set RSA_NO_PADDING?
On Thu, May 15, 2014, Jan Danielsson wrote: > Hello, > >Purely for a test case to see if a small wrapper library for > EVP_DigestSign*() can output the exact same signature twice, I tried > calling: > >if((rc = EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_NO_PADDING)) <= 0) { > print("failed with %d\n", rc); >} > >With plain old PKCS1 and PKCS1/PSS the call is successful, but for > NO_PADDING I get rc=0. In practice this isn't a problem for pretty > obvious reasons, but it worries me slightly, and it makes me wonder if > there's some other problem hiding which I should be aware of. > >Is there some code in there which doesn't allow RSA_NO_PADDING? The > documentation seems quite explicit that EVP_PKEY_CTX_set_rsa_padding() > allows RSA_NO_PADDING, but perhaps there are some caveats? > Currently RSA_NO_PADDING is only supported for encrypt/decrypt and not for sign/verify. One reason is that you can't sanity check the recovered plaintext length without padding. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Windows CE (VC-CE) Compilation problem !
Hello, I did the job many times, last with openssl V100a and V102, using MS EVC compiler instead of Visual Studio. You will find instructions here (from start to end, but it is a long process anyway, and you have to be very careful in modifying various files and scripts...): http://delaage.pierre.free.fr/ There is a lot of compilation issues to compile for WCE. As said, I am NOT using VC compiler, but a free compiler for WCE from MS, called EVC. *** PLEASE note that the EVC download URL has changed (I have to update my webpage), and that you will NOT find it on MS website easily : many links there are removed and/or broken. EVC4 is now there : http://download.microsoft.com/download/C/3/F/C3F8B58B-9753-4C2E-8B96-2DFE3476A2F7/eVC4.exe Then follow my instructions to update it, get the SDK and so on... Basically, compilations options are very similar to ones for VC, but you have also to use the proper WCE SDK, and take care to adapt some script from MS that are NOT always instantly usable "as is". See my web page for guidelines for that. I presently do not have time to recompile the last version of openssl. And some issues around my patches are to be clarified with openssl team before being included in the openssl mainstream. On my page, you will find specific instructions to compile the extra lib "wcecompat". *** Moreover, you should read carefully the thread that you have given link to... In that discussion, I said this " on that page you can find a patch to compile V1.0.2 without FIPS on WCE : http://rt.openssl.org/index.html?q=2350 (user guest / password guest). Particularly check the 2012 contribution. " This is still relevant. Best regards, Pierre Delaage Le 15/05/2014 15:44, RaviVyas a écrit : Hello, Please Give The Basic Steps To Build OPENSSL in WIN CE 6.0. All Steps From Starts To END. I already Performed Steps Which are Mentioned in INSTALL.WCE Text File. Didnt Successed. -- View this message in context: http://openssl.6102.n7.nabble.com/Windows-CE-VC-CE-Compilation-problem-tp45909p50154.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Unable to set RSA_NO_PADDING?
Hello, Purely for a test case to see if a small wrapper library for EVP_DigestSign*() can output the exact same signature twice, I tried calling: if((rc = EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_NO_PADDING)) <= 0) { print("failed with %d\n", rc); } With plain old PKCS1 and PKCS1/PSS the call is successful, but for NO_PADDING I get rc=0. In practice this isn't a problem for pretty obvious reasons, but it worries me slightly, and it makes me wonder if there's some other problem hiding which I should be aware of. Is there some code in there which doesn't allow RSA_NO_PADDING? The documentation seems quite explicit that EVP_PKEY_CTX_set_rsa_padding() allows RSA_NO_PADDING, but perhaps there are some caveats? -- Kind Regards, Jan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: BUILD OPENSSL in WIN CE 6.0
On May 15, 2014 10:59 AM, "RaviVyas" wrote: > > Hello, > Please Help Me To Build OPENSSL on WIN CE 6.0. > I Followed Steps Which are mentioned in INSTALL.WCE Text File. > But Didnt Successed. What were your steps? Where's the output? Dustin > > > > > -- > View this message in context: http://openssl.6102.n7.nabble.com/BUILD-OPENSSL-in-WIN-CE-6-0-tp50152.html > Sent from the OpenSSL - User mailing list archive at Nabble.com. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org
Re: Windows CE (VC-CE) Compilation problem !
Hello, Please Give The Basic Steps To Build OPENSSL in WIN CE 6.0. All Steps From Starts To END. I already Performed Steps Which are Mentioned in INSTALL.WCE Text File. Didnt Successed. -- View this message in context: http://openssl.6102.n7.nabble.com/Windows-CE-VC-CE-Compilation-problem-tp45909p50154.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
BUILD OPENSSL in WIN CE 6.5
hello , i working on windows ce 6.5 and i want to configure openSSL on that. i followed step from https://groups.google.com/forum/#!topic/mailing.openssl.users/Ph9AoofDP0U this link.but i did not compile wcecompat. so i wasn't got my two .lib files succesfully.so,please help me out from this problem i am stuck with it from 2 weeks. Thanx in advanced, from Ravi vyas(vadodara) -- View this message in context: http://openssl.6102.n7.nabble.com/BUILD-OPENSSL-in-WIN-CE-6-5-tp50153.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
BUILD OPENSSL in WIN CE 6.0
Hello, Please Help Me To Build OPENSSL on WIN CE 6.0. I Followed Steps Which are mentioned in INSTALL.WCE Text File. But Didnt Successed. -- View this message in context: http://openssl.6102.n7.nabble.com/BUILD-OPENSSL-in-WIN-CE-6-0-tp50152.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: v1.0.1g command line gcm error
On Tue, May 13, 2014 at 12:06 PM, Tom stone wrote: > Using openssl-1.0.1g command line for simple file encryption/decryption, > when I issue the commands > > openssl enc -aes-256-cbc -k secret -in file.txt -out file.ssl > openssl enc -d -aes-256-cbc -k secret -in file.ssl > > The contents of file.txt go to stdout as expected. However, when I issue the > commands > > openssl enc -aes-256-gcm -k secret -in file.txt -out file.ssl > openssl enc -d -aes-256-gcm -k secret -in file.ssl > > The contents of file.txt go to stdout but the string "bad decrypt" goes to > stderr. > > Am I missing something or is there a bug in the openssl gcm implementation? If its any consolation, your question triggered a documentation patch. Matt Caswell recently committed it. "Add information to BUGS section of enc documentation. PR#3354", https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=18c4f522f49eb54a61bada6d39a8b137b6751f01hb=18c4f522f49eb54a61bada6d39a8b137b6751f01;hpb=ab6577a46ecee670b640f0ee49e2ebef80ad18a7. And http://wiki.openssl.org/index.php/Manual:Enc(1). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org