Re: [openssl-users] Adding EVP cipher into SSL library

This more recent PR adds a symmetric cipher to libcrypto: https://github.com/openssl/openssl/pull/2337 It doesn't include TLS support however. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message-

Re: [openssl-users] Documentation for Integrating New Cipher Creation Request

I think this is worthwhile too. Just before I submitted the ARIA addition, I drafted such a document which you could use as a basis. The PR had some modifications made before being merged, so it isn't completely accurate. I'll forward this directly. Pauli -- Oracle Dr

Re: [openssl-users] Replacing CRYPTO_NUM_LOCKS on migration 101 to 110

OpenSSL 1.1.x handle the locking themselves. You don't need to install the locking call backs and don't need to provide locking functionality. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From:

Re: [openssl-users] Replacing CRYPTO_NUM_LOCKS on migration 101 to 110

Yes. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Charles Mills [mailto:charl...@mcn.org] Sent: Thursday, 19 October 2017 7:20 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Repla

Re: [openssl-users] Where is mttest.c?

Are you sure you are using the correct man pages? There is no reference to mttest.c in the repository anymore. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Charles Mills [mailto:charl...@mcn.org]

Re: [openssl-users] Compiling on AIX

It’s been like this for about three weeks now.  I’ve not had a chance to look into addressing the issue.   Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia   From: Jerry L [mailto:artlem...@gmail.com] Sent: Friday

Re: [openssl-users] How to make OpenSSL engine usage application specific?

Try RSA_new_method when allocating the RSA_METHOD.  It takes an engine argument which will be used for related operations.   Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia   From: Jayalakshmi

[openssl-users] TLS 1.3 is here!

The standard is approved: https://www.ietf.org/mail-archive/web/ietf-announce/current/msg17592.html Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-users mailing list To unsubscribe: https://mta.openssl

Re: [openssl-users] /dev/random in FIPS mode Error: PRNG not seeded

In FIPS mode, the default entropy gathering is not performed. You, the user, must supply all entropy to the module. See section 6.1.1 of the OpenSSL FIPS User Guide (https://www.openssl.org/docs/fips/UserGuide-2.0.pdf). Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

catches this case earlier and thus the test can never pass.   I don’t think dropping the check down into the algorithm implementations makes sense.  A more generic mechanism at the EVP would.       Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

There is nothing S390 specific in this, it is a requirement to use GCM based ciphers for TLS when running in a FIPS validated environment.  The check will be cheaper than trying to avoid it by conditioning on FIPS mode -- hence it’s unconditional.     Pauli -- Oracle Dr Paul Dale

Re: [openssl-users] Could we have more details on the FIPS 3.0 plans?

x27;m confident some aspects of the first two points are known, they've not been formally codified. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Nelson Caro [mailto:nc...@compunetix.com]

Re: [openssl-users] Seeding before RSA key generation

Not mentioned thus far is that if you are using 1.0.2 with FIPS support, the random number generator does not self-seed. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Andres Trau

[openssl-users] Low severity timing attack in ECDSA (CVE-2018-0735)

updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- openssl-users mailing

[openssl-users] Low severity timing attack in DSA (CVE-2018-0734)

Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -BEGIN PGP MESSAGE- Version: GnuPG v2 owGlVGtsFFUU3j4kMHRThCYEELyQCm3ZZ7cvCkUXlodSaNltEaSF3s7c3Rk6O3eZ me2wWOWRtipSqaFQEBAt8ggEtVSKUiQQEaxEQXkUKAjlIZZHKVVIsJ

Re: [openssl-users] FIPS module v3

There are no committed to dates of any kind at present. The project is underway but it is too early to set a schedule, yet alone a completion date. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Alibek Jorajev

Re: [openssl-users] FIPS Module for OpenSSL 1.1.1

The answer hasn't changed: there is no firm date. Progress is being made however. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia From: Jason Schultz [mailto:jetso...@hotmail.com] Sent: Wednesday, 13

RE: Build the FIPS Object Module issue on Ubuntu 18.04

Just noting that any module built in this manner is *not* FIPS compliant. The distribution must be unmodified and build exactly as per the documentation. Any change to the files or the build process renders the result invalid from a FIPS perspective. Pauli -- Oracle Dr Paul Dale

RE: why does RAND_add() take "randomness" as a "double"?

Double makes sense. Entropy is often estimated as a real value. E.g. we have the aforementioned coin flipper feeding data serially. Adding each bit sequentially means 0.125 bytes of entropy per call. Not the best example Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security

Re: OpenSSL 1.0.2 EOL and new FIPS-validated crypto module

Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 21 Oct 2019, at 9:11 pm, Salman Baset wrote: > > Hello everyone, > > I was wondering if there is any update on getting a new FIPS-validated module > f

OpenSSL blog post by APNIC

An APNIC article loosely based on the OpenSSL presentation at AusCERT earlier this year: https://blog.apnic.net/2019/10/21/openssl-3-0-accelerating-forwards/ <https://blog.apnic.net/2019/10/21/openssl-3-0-accelerating-forwards/> Pauli -- Dr Paul Dale | Distinguished Architect | Cryptog

Re: OpenSSL 1.0.2 EOL and new FIPS-validated crypto module

The FIPS module source code can’t be changed without losing validation. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 22 Oct 2019, at 11:46 pm, Salman Baset wrote: > > Thank you very much. This is helpful.

Re: Openssl3.0. Fips release

The expected date for submission to NIST for validation is Q4 2020. The actual validation will occur at some point after this. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 24 Dec 2019, at 3:01 pm, Manish Pati

Re: openssl-fips-2.0.16 : RSA key generation !!

FOM will not be revalidated. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 2 Jan 2020, at 3:11 pm, Hareesh D wrote: > > Hi, > > In the openssl-fips-2.0.16 version, I see that some validati

Re: Are RAND_bytes and RAND_priv_bytes thread safe?

Yes. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 11 Feb 2020, at 9:56 am, Hal Murray wrote: > > I didn't find any mention of threads in their man pages. > > > -- > These are my opinions. I hate spam. > > >

Re: CRYPTO_secure_malloc_init() fails without error message

his instead: CRYPTO_secure_malloc_init(OPENSSL_MIN_HEAP_SIZE, 16); Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 21 Feb 2020, at 8:33 pm, Clay Shields wrote: > > Unfortunately that didn’t seem to be it. Upda

Re: OpenSSL 3.0

You should be able to set the environment variable OPENSSL_CONF to test/fips.cnf which will then load a FIPS only configuration. Teething problems are expected. Not everything has been activated in the FIPS module but enough has to do some TLS. Pauli -- Dr Paul Dale | Distinguished

Re: New inlcudes needed for OpenSSL V1.1.1 sockets

All of the include files mentioned are standard ones which have always been used. You are building 1.1.1 differently to 1.0.2. Debug your build environment first. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On

Re: liblegacy.a does not work unless compiled with -static

I’ve been wondering if an option to build the legacy provider into libcrypto (like the null and default providers) is worthwhile. Given this conservation, it seems it might be. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: Extracting the public modulus from an RSA public key?

Might I suggest reading the documentation? RSA_get0_n() is the function you are wanting. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 6 May 2020, at 2:20 pm, Thomas Dwyer III wrote: > > I'm po

Re: Asymetric crypto and OpenSSL 3.0 deprecated functions

I’ll note that encryption is _not_ an integrity check. Depending on how the AES encryption is done, this could be a significant hole. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 25 May 2020, at 10:12 pm, To

Re: PKEY CMAC timings

How does it look for large input? As in many kilobytes or megabytes? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 18 Jun 2020, at 1:18 pm, Hal Murray wrote: > > Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz &

Re: PKEY CMAC timings

I honestly believe that the various contexts should be reusable. Without this, the recent provider additions will impose a significant overhead. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 18 Jun 2020, at 4:27

Re: OpenSSL shared library in FIPS mode

not and never have been FIPS compliant. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 7 Jul 2020, at 3:36 pm, Shirisha Dasari via openssl-users > wrote: > > Hi All, > > We have been trying to in

Re: OpenSSL user guide for 1.1.1g

There is not and never will be FIPS support for OpenSSL 1.1.1. You’ll have to wait for the upcoming 3.0 release for FIPS support. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 25 Jul 2020, at 12:32 am, Faraj Ra

Re: openssl fipsinstall

a pull request that allowed either or both options. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 28 Jul 2020, at 6:19 am, Thomas Dwyer III wrote: > > Hi all, > > I'm replacing OpenSSL 1.0.2 wi

Re: openssl fipsinstall

e next planning meeting. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 28 Jul 2020, at 9:51 am, Thomas Dwyer III wrote: > > On Mon, Jul 27, 2020 at 3:39 PM Dr Paul Dale <mailto:paul.d...@oracle.com>

Re: New NID for acmeIdentifier

This would require a line in crypto/objects/objects.txt and a "make update”. A pull request would be the way to get this in. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 26 Aug 2020, at 11:41 pm, Angus R

Re: Integration of new algorithms

the ground up to support what you want. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 27 Aug 2020, at 2:21 am, Kris Kwiatkowski wrote: > > Hello, > > I'm working on development of OpenSSL EN

Re: PRNG not available when multiple providers are configured?

us() started working for me. So > THANKS for that! :-) Not producing any diagnostic output for a failed checksum seems like a bug. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia

Re: PRNG not available when multiple providers are configured?

Adding: config_diagnostics = 1 At the same level as the openssl_conf line should produce more output. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 4 Nov 2020, at 4:41 am, Thomas Dwyer III wrote: > > On

Re: HMAC is deprecated in 3.0 getting error 'HMAC' was not declared in this scope

There is no direct replacement for the MHAC call at this point, EVP_MAC needs to be used. I’d suggest reading the EVP_MAC(3) man page. There is an example down the bottom. Does SSL_set_mtu() do what you require? Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations

Re: Question related to default RAND usage and update with engine RAND

Have you tried RAND_set_rand_method()? This should replace the RNG with yours. In 3.0, there will be a different scheme and an engine isn’t the ideal way to go. Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 1

Re: OpenSSL 1.1.1g Windows build slow rsa tests

Try building without the no-asm configuration option. Pauli On 21/1/21 6:18 am, Dan Heinz wrote: Hello, I’m building openssl 1.1.1g  on multiple platforms and I found that the rsa speed tests are significantly slower in my build than on the other OS platforms (Linux and macOS). I downloade

Re: OpenSSL 1.1.1g Windows build slow rsa tests

. Pauli On 21/1/21 10:37 am, Michael Wojcik wrote: From: openssl-users On Behalf Of Dr Paul Dale Sent: Wednesday, 20 January, 2021 16:19 Try building without the no-asm configuration option. That was my first thought, but according to Dan's message, the firedaemon version is also bu

Re: PKCS12 APIs with fips 3.0

I'm not even sure that NIST can validate the PKCS#12 KDF. If it can't be validated, it doesn't belong in the FIPS provider. Pauli On 26/1/21 10:48 pm, Tomas Mraz wrote: On Tue, 2021-01-26 at 11:45 +, Matt Caswell wrote: On 26/01/2021 11:05, Jakob Bohm via openssl-users wrote: On 2021-01

Re: PKCS12 APIs with fips 3.0

going forward that would allow reading and writing to a key store while only using the fips provider? Thanks, Zeke Evans Micro Focus -Original Message- From: openssl-users On Behalf Of Dr Paul Dale Sent: Tuesday, January 26, 2021 5:22 PM To: openssl-users@openssl.org Subject: Re

Re: PKCS12 APIs with fips 3.0

quot;default" provider remains available? Remember that in other software systems, such as OpenSSL 1.0.x and MS CryptoAPI, FIPS mode causes all non-validated algorithms to fail hard, so all higher level operations are guaranteed to use only FIPS- validated crypto. On 2021-01-27 02:01, Dr Paul

Re: Openssl-3.0.0 POST

Have a look at the openssl-fipsinstall manual page. The self tests are run when the FIPS provider is installed. You can run the install manually using: openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips I think that a verify command will also run them: openssl fipsinst

Re: How to store openSSL EVP_MD and EVP_MD_CTX in local buffers

Structures are opaque after OpenSSL 1.0.  There is no way to do what you want. The recommended path is to call EVP_MD_CTX_dup() to create a copy of the context and use that the second time around. Pauli On 24/3/21 2:03 pm, Vuthur Pavankumar wrote: Hi All, I was implementing SHA3 multi-ca

Re: OpenSSL 3.0 - providing entropy to EVP_RAND ?

RAND_add() forces a reseed to the DRBGs and uses the passed material (not as entropy but as additional input). EVP_RAND_reseed() is a more direct interface but remember that the built in DRBGs are free to ignore what the user claims is /entropy/. History has shown us time and again that /entro

Re: FIPs algorithm code vs default implementation

1> Can you please help to understand the differences in the FIPs algorithm implementation code vs default? Are there additional validations performed in FIPs code? There are some additional validations, there are other differences. Grep the source code for FIPS_MODULE to find all the code

Re: Unable to load the FIPs config file OpenSSL 3.0

Our general suggestion is to keep the FIPS configuration in it's own file and include that -- this helps when updating. Does a full path to the providers directory help? Could you try a build with debugging symbols so it's possible to see what's going on better? Set a breakpoint on OSSL_PROVID

Re: Why does OpenSSL report google's certificate is "self-signed"?

Perhaps ask Qualys to answer your concerns directly?  They must have a reason for including this warning. Pauli On 1/4/21 5:43 pm, Jan Just Keijser wrote: On 31/03/21 19:43, Michael Wojcik wrote: From: openssl-users On Behalf Of Viktor Dukhovni Sent: Wednesday, 31 March, 2021 10:31 To:open

Re: Regarding RAND_set_rand_method

There isn't an easy a way to do what you want in 1.1.1. RAND_set_rand_method replaces the RNG for all of OpenSSL.  In theory your RAND_METHOD could detect which thread it is running in and do different things for each.  I'm not sure this is a good idea however. Why aren't the random number fro

Re: openssl-users Digest, Vol 77, Issue 4

o     openssl-users-requ...@openssl.org You can reach the person managing the list at     openssl-users-ow...@openssl.org When replying, please edit your Subject line so it is more specific than "Re: Contents of openssl-users digest..." Today's Topics:    1. Re: Regarding RAND_set_ran

Re: openssl-users Digest, Vol 77, Issue 6

t;Re: Contents of openssl-users digest..." Today's Topics:    1. Re: openssl-users Digest, Vol 77, Issue 4 (Dr Paul Dale) -- Message: 1 Date: Sat, 3 Apr 2021 18:48:48 +1000 From: Dr Paul Dale To: openssl-users@openssl.org

Re: EVP_MAC_init() in 3.0 alpha 13

Does EVP_MAC_CTX_dup() after the MAC context has been initialised do what you want? Pauli On 5/4/21 10:51 pm, Hal Murray wrote: It used to take just a ctx. Now it also wants a key+length and a params. I have some simple/hack code to time 2 cases. The first gives it the key each time. The

Re: error: redefinition of ‘struct rsa_meth_st’

You shouldn't be accessing the internal of a private structure. That structure was made private for a reason and duplicating it in your engine will break when we change the structure's contents. Your engine should be using the EVP_PKEY_meth_set_* function to do what you want (for 1.1.1).  For

Re: EVP_MAC_init() in 3.0 alpha 13

Did you attempt to pass NULL for the key and zero for it's length to the EVP_MAC_init() call? Pauli On 5/4/21 10:51 pm, Hal Murray wrote: It used to take just a ctx. Now it also wants a key+length and a params. I have some simple/hack code to time 2 cases. The first gives it the key each ti

Re: OpenSSL 3.0 - providing entropy to EVP_RAND ?

s with OpenSSL 3.0? Thank you for your help in this. Thanks Bala On Wednesday, 24 March, 2021, 11:56:18 am IST, Dr Paul Dale wrote: RAND_add() forces a reseed to the DRBGs and uses the passed material (not as entropy but as additional input). EVP_RAND_reseed() is a more direct interface b

Re: Sp800 56a rev3

These are all questions for your FIPS lab. Pauli On 15/4/21 4:19 am, Nagarjun J wrote: Hi, Suppose if any one submitted for FIPS 140-2 certification in Nov 2020 , what is the deadline to meet sp800 56 a rev3 revision requirement to avoid certificate going into historical list. And if we meet

Re: OpenSSL 3.0 - providing entropy to EVP_RAND ?

ed up in this case for the test data vectors 0 acvp_test.c 1341 const struct drbg_st *tst = &drbg_data[id]; 1 acvp_test.c 1468 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data)); Try: grep drbg_data test/* Thanks Bala On Wednesday, 14 April, 2021, 05:02:22 pm IST, Dr Paul Dale wr

Re: Load and unload of engines at runtime

Why would you believe that ENGINE_register / ENGINE_unregister are the calls to load/unload an engine?  These calls are for _after_ the engine has been loaded: /*- Manage registration of ENGINEs per "table". For each type, there are 3  * functions;  *   ENGINE_register_***(e) - re

Re: Switch hangs for significant amount of time when using RAND_write_file API with openssl version 1.1.1h and above.

My guess would be that OpenSSL is waiting for the system randomness source to properly seed.  This was an intentional change.  Without it security will likely be lost. Paul Dale On 6/5/21 8:34 pm, Sravani Maddukuri via openssl-users wrote: Hi, I have updated the openssl version running on

Re: OpenSSL version 3.0.0-beta1 published

However, I was wondering if anyone has ported/refactored the pkcs11 engine stuff for OpenSSL 3.0 already?  is this on the TODO list for the OpenSC/pkcs11 team?  If I wanted to try to refactor the opensc-pkcs11 module, how would I start? PKCS #11 support is one (of many) possible items tha

Re: EVP_MAC_init - specify the hash algorithm

Please don't do it the PKEY way :) Your code should look more like: OSSL_PARAMS params[2]; EVP_MAC *mac = EVP_MAC_new(NULL, "HMAC", NULL); EVP_MAC_CTX *mac_ctx = EVP_MAC_CTX_new(mac); EVP_MAC_free(mac); /* Now or later is all good and depends on the app reusing it or not */ pa

Re: OpenSSL 3.0.0 beta1 link issues on Solaris 10

ed out a work around, including details of what you needed to do would be very useful.  Putting them up as a pull request would be even better. Paul Dale On 26/7/21 7:14 am, Dennis Clarke via openssl-users wrote: I am not sure what testing is happening with old Solaris 10 but I can tell

Re: Accessing bignums of a RSA key with OpenSSL 3.0?

Try: include/openssl/core_names.h The names are "n", "e" and "d" in this case. Pauli On 30/7/21 10:57 pm, Olivier Mascia via openssl-users wrote: Dear all, Testing migration to OpenSSL 3.0. Got to update some code building a JWK (in relation to ACME LetsEncrypt protocols). Having an EVP_PK

Re: OpenSSL Beta 2, report of successful migration

Thanks! The OpenSSL team has wondered how many people were trying out 3.0 during the beta period without any way of knowing for sure.  That you've had what seems like a fairly smooth transition is wonderful. Pauli On 2/8/21 8:10 pm, Olivier Mascia via openssl-users wrote: Hello, Just want

Re: OpenSSL beta testing on Solaris and z/OS

ly too late now. Paul Dale On 4/8/21 1:26 am, Dennis Clarke wrote: From another thread : The OpenSSL team has wondered how many people were trying out 3.0 during the beta period without any way of knowing for sure. If your curious about the old legacy Solaris 10 on reasonably new Fujit

Re: openssl 3.0 genpkey

GitHub issues would be better.  They are harder to missing accidentally. Pauli On 6/8/21 7:59 am, Ken Goldman wrote: Should these be posted here or as github issues?  (May be user error) 1 openssl genpkey -algorithm rsa -outform der -out key.der -quiet returns: genpkey: Option -quiet need

Re: openssl 3.0 genpkey

Ken, I've created issue #16238 for these.  Any chance you could add version information or other useful tidbits? Thanks, Pauli On 6/8/21 7:59 am, Ken Goldman wrote: Should these be posted here or as github issues?  (May be user error) 1 o

Re: Hi team, I modified openssl code and make test failed. What should I do with the failed cases. Thx in advance.

I suggest working out why they failed and getting them working again.  You've broken something with your modifications, you need to understand what's broken and why before continuing. Paul Dale On 14/8/21 9:56 am, Ma Zhenhua wrote: Hi team, I modified openssl code and make t

Re: One iOS App - 2 OpenSSL libraries.

t configuration time; * the processor is detected, at run time, as being unable to support what we supply; * there isn't such an implementation available. I'm assuming that this is what you meant by "Bit-Code". Paul Dale On 16/8/21 10:57 pm, Goetzke, Arnold (A.P.) wrote: Hi

Re: Replacement for AES_set_encrypt_key and AES_encrypt to support 3.0

You don't want to use these and there is no direct replacement.  You want to use the EVP calls instead:  EVP_CipherInit_ex2, EVP_CipherUpdate, EVP_CipherFinal_ex and friends. See this manual page:     https://www.openssl.org/docs/manmaster/man3/EVP_EncryptInit.html Pauli On 17/8/21 5:11 pm,

Re: Help Needed for deprecated functions and macros like "CRYPTO_num_locks()" , "CRYPTO_LOCK" ......etc

Locking in OpenSSL 1.1.1 and later is completely different.  You no longer need to and should not try to register the locking callbacks. Pauli On 17/8/21 11:59 pm, Kumar Mishra, Sanjeev wrote: Hi All, I am upgrading the code from OpenSSL 1.0.1 to OpenSSL 3.0. I am getting compilation errors f

Re: Congratulations! Missing 3.0.0 tag?

With the change to (almost) semantic versioning, we also decided to make the tags easier to type. Pauli On 9/9/21 9:03 am, Steffen Nurpmeso wrote: Benjamin Kaduk wrote in <2021090848.gx19...@akamai.com>: |On Thu, Sep 09, 2021 at 12:15:44AM +0200, Steffen Nurpmeso wrote: |> |> P.S.

Re: EVP_MAC_init - specify the hash algorithm

t are they documented? Case sensitive?  Which is preferred? You use EVP_MAC_new, which is undocumented.  The doc sample uses EVP_MAC_fetch.  Which is preferred? On 7/13/2021 7:06 PM, Dr Paul Dale wrote: Your code should look more like:     OSSL_PARAMS params[2];     EVP_MAC *mac = EVP_MAC_new

Re: OpenSSL 3.0.0 two tests fail on Solaris 10 SPARC64 ( Oracle/Fujitsu )

What Ben suggests is a great start. Note that none of the core developers have Solaris access, so that debugging could be problematic. Pauli On 12/9/21 1:39 pm, Benjamin Kaduk via openssl-users wrote: On Sat, Sep 11, 2021 at 10:29:07PM -0400, Dennis Clarke via openssl-users wrote: This is

Re: OpenSSL 3.0.0 custom entropy source

Try working from providers/implementations/rands/seed_src.c  You'll need to reimplement seed_src_generate() to use your RNG. To use your custom seed source, you can either use the OpenSSL configuration file to set a "random" section that includes a "seed" setting or you can call RAND_set_seed_

Re: Reducing the footprint of a simple application

> ...low security RNGs and other antifeatures. Huh  Where?  Why plural? The only **one** I'm aware of is the one I added to stochastically flush the property cache where it doesn't need to be cryptographically secure. Pauli

Re: Openssl 3.0.0. EVP_PKEY RSA is NULL

On 15/9/21 9:19 am, Ken Goldman wrote: irc = EVP_PKEY_fromdata_init(ctx); irc = EVP_PKEY_fromdata(ctx, (EVP_PKEY **)rsa_pub_key, /* freed by caller */     EVP_PKEY_PUBLIC_KEY, params); Do you mean :     irc = EVP_PKEY_fromdata(ctx, &rsa_pub_key, EVP_PKEY_PUBLIC_KEY, pa

Re: Reducing the footprint of a simple application

f bits. Pauli On 15/9/21 11:34 pm, Jakob Bohm via openssl-users wrote: On 2021-09-14 12:14, Dr Paul Dale wrote: > ...low security RNGs and other antifeatures. Huh  Where?  Why plural? The only **one** I'm aware of is the one I added to stochastically flush the prop

Re: openssl 3.0.0 equivalent to RSA_get0_key

No. The deprecated functions are not going away any time soon but there is no direct replacement. Pauli On 21/9/21 6:46 am, Ken Goldman wrote: ... and RSA_get0_factors. I know about EVP_PKEY_get_bn_param().  However, that allocates new bignums.  Therefore, the caller has to say, if >3.0.0

Re: Openssl aes-256 ctr drbg

The number you asked for typically. Pauli On 21/9/21 4:49 pm, Nagarjun J wrote: Hi, What is the Number of Bytes Returned by aes-256 ctr drbg ? Thanks, Nagarjun

Re: OpenSSL 3.0.0 FIPS compatible ECDH-KAS

Adding that should be enough to force only FIPS validated algorithms are used. Just doing that isn't enough, there is more you are going to need to do.  E.g. you will need to load the FIPS and base providers either via config or explicitly. It's possible to set the default properties via con

Re: RSA provider use example

What about: apps/rsa.c, apps/rsautl.c and apps/genrsa.c 3.0 doesn't use the RSA structure in the non-deprecated public API. You probably want the EVP_PKEY_fromdata call. Pauli On 24/9/21 8:55 pm, Antonio Santagiuliana wrote: Hello Is there any app or command in the current Openssl master rep

Re: RSA provider use example

On 24/9/21 9:15 pm, Angus Robertson - Magenta Systems Ltd wrote: I've been wondering if this is more efficient than getting the parameters one at a time using multiple EVP_PKEY_get_xx_param which also calls EVP_PKEY_get_params. I'd be surprised if there was a lot of difference. If I had to g

Re: tpm2-openssl, a TPM 2.0 provider for OpenSSL 3.0 released

Great work! Pauli On 30/9/21 4:13 am, Petr Gotthard wrote: Hello, I just released a first version of the tpm2-openssl provider. TPM is a hardware crypto-processor, which can generate, store, and use cryptographic keys. The tpm2-openssl is a provider for integration of TPM 2.0 to OpenSSL 3.

Re: fips 140-2 module conditions and compilation target app

I think you've got the fist of the restriction.  You cannot make any changes to the source code, build files or the commands you use to build the FOM.  None are acceptable if you want a FIPS validate outcome.  I.e. you will lose the FIPS 140-2 validation state if you change anything. Pauli

Re: OpenSSL 3.0.0 FIPS compatible ECDH-KAS

seed source? The whole purpose of this exercise was to create a NIST SP-800-90B compliant entropy source for FIPS. Thanks, Kory On Sep 22, 2021, at 3:51 PM, Dr Paul Dale wrote: If you are only using functions that are deprecated, you'll get away without for the moment. Pauli On 23/9/21 8

Re: OpenSSL 3.0 FIPS questions

There are several approaches you could take.  With two library contexts: fips_libctx = OSSL_LIB_CTX_new(); non_fips_libctx = OSSL_LIB_CTX_new(); fipsp = OSSL_PROVIDER_load(fips_libctx, "fips"); basep = OSSL_PROVIDER_load(fips_libctx,"base");  /* can't load keys without this */

Re: OpenSSL 3.0 FIPS questions

Oops, the second time this occurs "defp = OSSL_PROVIDER_load(non_fips_libctx, "default");" it should be "defp = OSSL_PROVIDER_load(NULL, "default");" Pauli On 24/10/21 10:06 am, Dr Paul Dale wrote: defp = OSSL_PROVIDER_load(non_fips_libctx, "default");

Re: OpenSSL 3.0 FIPS questions

ds, Jason *From:* openssl-users on behalf of Dr Paul Dale *Sent:* Sunday, October 24, 2021 12:28 AM *To:* openssl-users@openssl.org *Subject:* Re: OpenSSL 3.0 FIPS questions Oops, the second time this occurs "defp = OSSL_PROVIDER_load(non_fips_l

Re: OpenSSL 3.0 FIPS questions

hould be doing it if I use the first method as well. Regards, Jason *From:* openssl-users on behalf of Dr Paul Dale *Sent:* Sunday, October 24, 2021 11:12 PM *To:* openssl-users@openssl.org *Subject:* Re: OpenSSL 3.

Re: OpenSSL-3.+ how to configure [random]?

Currently there is exactly one seed source that is usable in OpenSSL 3.0: "SEED-SRC".  It is documented in EVP_RAND-SEED-SRC.  The reason the seed source can be set is to allow you to use a third party provider than includes one. If you want to force RDRAND as the only seeding source, this nee

Re: OpenSSL-3.+ how to configure [random]?

make is so simple there are obviously no deficiencies. The other is to make it so complex there are no obvious deficiencies. - C. A. R. Hoare On 11/9/21, 21:4

Re: OpenSSL-3.+ how to configure [random]?

There is documentation: https://www.openssl.org/docs/man3.0/man5/config.html I don't think the rdrand engine takes any extras. Pauli On 10/11/21 1:38 pm, Blumenthal, Uri - 0553 - MITLL wrote: On 11/9/21, 22:23, "Dr Paul Dale" wrote: Currently I've no idea and can

Re: OpenSSL-3.+ how to configure [random]?

I'm pretty sure the underlying problem is that there is a call to RAND_set_rand_method() or RAND_set_rand_engine() occurring (likely the latter). These completely replace the built in RNG infrastructure with the RAND_METHOD/engine.  If the engine then fails to produce output for any reason, t

  1   2   >