Re: Why does openssl still pad data for aes-128-cbc encrypting when the file-size%16==0?

It makes the response unambiguous. If a 16 byte file was not padded, how does the receiver know whether the file was 16 bytes or 1-15 bytes plus padding. By having at least one byte of padding, and (in some padding schemes) having the padding itself define the number of padding bits, one can

Re: Why does openssl still pad data for aes-128-cbc encrypting when the file-size%16==0?

It makes the response unambiguous. If a 16 byte file was not padded, how does the receiver know whether the file was 16 bytes or 1-15 bytes plus padding. By having at least one byte of padding, and (in some padding schemes) having the padding itself define the number of padding bits, one can

Re: Why does openssl still pad data for aes-128-cbc encrypting when the file-size%16==0?

It depends on the padding scheme. E.g., PKCS#7 / RFC2630 pads with k bytes, all with value k. So you decrypt the 32 bytes and look at the pad bytes. If the pad values are 16, the actual size is 16. If they're 15, the actual size is 17. On 3/20/2012 12:04 AM, Nicle wrote: And I have more

reading openssl list through gmane

Sorry for the administrative questions: I just started reading the openssl mailing list through gmane, and I like the newsreader interface far better than the email interface. Does anyone else use a newsreader? Two questions: 1 - Is there a way to remain 'subscribed' to the list so I'm auth

Re: How to do encryption using AES in Openssl

On 3/27/2012 1:33 PM, pkumarn wrote:> I am trying to write a sample program to do AES encryption using Openssl. I tried going through Openssl documentation( it's a pain), could not figure out much. I went through the code and found the API's using which i wrote a small program as below (please om

Re: How to do encryption using AES in Openssl

On 3/27/2012 3:51 PM, Jakob Bohm wrote: On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: You should really be using EVP instead of the low level routines. They are well documented with examples. Where, precisely? I didn't find it either when I was looking a few years ago, so I settled on the ob

Re: How to do encryption using AES in Openssl

On 3/28/2012 3:01 AM, Prashanth kumar N wrote: Here is the modified program [snip] 18 AES_KEY ectx; 19 AES_KEY dectx; 20 21 AES_set_encrypt_key(key, 256, &ectx); 22 AES_encrypt(text, out, &ectx); 23 24 printf("encryp data = %s\n", out); 25 26 AES_set_encr

Re: How to do encryption using AES in Openssl

I agree with you in general. I assumed the OP was just experimenting. I use the raw AES_encrypt() because the standard I'm complying to uses a non-standard counter mode. I had to construct it from scratch. On 3/28/2012 10:56 AM, Marek.Marcola- wrote: If you want to use low-level AES functi

Re: How to do encryption using AES in Openssl

On 3/29/2012 1:40 AM, Prashanth kumar N wrote: Thanks Ken for pointing out the mistake... after changing to AES_Decrypt(), it worked but i still see issue when i print the decrypted output as it has extra non-ascii characters in it. That's what happens in C if you try to printf an array that's

Re: (unknown)

On 3/29/2012 7:58 AM, Chandrasekhar wrote: Hi , I am new to this openssl libraries. You can't use strlen() on binary data, only C strings. __ OpenSSL Project http://www.openssl.org User Suppor

Re: Hitting seg fault in AES_wrap_key() when Key is 512 bits in length

On 4/5/2012 7:46 PM, Dave Thompson wrote: Get out of the habit of outputting 'partial' lines (not terminated by \n) in C. Sometimes it works and sometimes it doesn't. It appears in this case on your system it didn't. The standard requires complete lines to work (up to possibly a reasonable docum

Re: Please tell me about encryption API of OpenSSL 1.0.1

The standard answer: If this is a real security project, hire an expert. If you design your own crypto algorithm, you will get it wrong. If this is just for fun, to learn about openssl, CTR mode will give you random access. On 4/16/2012 6:41 PM, MauMau wrote: As for Q4, yes, decrypting bl

Re: header file for EC_KEY

On 5/8/2012 3:13 AM, Bodo Moeller wrote: I noticed that EC_KEY (ec_key_st) is not defined in ec.h but in ec_lcl.h which is not a public header file, not like RSA(rsa_st) in rsa.h and DSA in dsa.h. Is that correct? Yes, this is intentional - this intentionally prevents application

Re: header file for EC_KEY

On 5/8/2012 3:00 PM, Bin Lu wrote: How do you solve the problem like the following without directly accessing to this object: I have one EVP_PKEY contains the ECDSA private key and another EVP_PKEY contains the public key, and I need to determine if the public key and the private key are the ri

Re: header file for EC_KEY

On 5/8/2012 5:47 PM, Dr. Stephen Henson wrote: EVP_PKEY_cmp(), see the manual page for details. I just walked the man page starting with http://www.openssl.org/docs/crypto/evp.html# If it's there, it's not obvious. __ OpenS

Re: Custom free routine is invoked with NULL argument in openssl 1.0.1

On 5/25/2012 11:03 AM, Steffen DETTMER wrote: I think crashing with NULL is quite good: a must-not-happen situation leads to a defined dead of SIGSEGVs, at least for platforms supporting that, typically with good aid for debuggin (like core files or halting debuggers providing a backtrace). Mayb

Re: Custom free routine is invoked with NULL argument in openssl 1.0.1

On 5/25/2012 3:33 AM, Jakob Bohm wrote: ANSI C and POSIX free() is NOT required to handle free(NULL) as a NOP. I checked reputable sources (Plauger, Harbison and Steele, the ANSI spec, and the IEEE POSIX spec). All agree that (e.g. ANSI) "If ptr is a null pointer, no action occurs." ___

Re: Custom free routine is invoked with NULL argument in openssl 1.0.1

On 5/25/2012 12:09 PM, Jeffrey Walton wrote: My typical design pattern is: void *ptr = NULL; do stuff which may in some branches allocate the pointer free(ptr); This is very old, and has not evolved as security needs have changed (forgive me if I read too much into it). For example, the ret

Re: Custom free routine is invoked with NULL argument in openssl 1.0.1

On 5/25/2012 11:41 AM, Carter Browne wrote: That's not the normal library behavior. My typical design pattern is: void *ptr = NULL; do stuff which may in some branches allocate the pointer free(ptr); If the library crashes on free(NULL), you're just making people like me do this everywhere:

Re: variable response size of "openssl rand" on windows

A typical openssl user error is treating binary data as text. Random numbers are not text until you convert them with -hex. My guess is that Windows is treating some binary character specially, and this causes your version of wc to fail. Linux is handling the binary correctly. So I doubt it

Re: openssl Signature Verification Failure : “RSA_padding_check_PKCS1_type_1:block type is not 01”

I typically divide the problem in two. Do a raw public key operation. If you see something that looks random, then the public key doesn't match the private key used to generate the signature, or either the public key or signature has been altered. If it looks like padding + OID + hash, then

Compiling for debug

I'm trying to compile openssl for: Linux, 32-bit on a 64-bit machine, shared libraries, and debug. The closest I found was: > ./Configure linux-elf -m32 -shared -g but this still does -O3, and the optimizer doesn't work well with the source level debugger. Any clues for changing -O3 to -O0?

Re: OpenSSL DES generates '\n' in encrypted code

On 8/21/2012 7:17 AM, Matt Caswell wrote: On 21 August 2012 12:00, Tarun Thakur wrote: Output of my software application (after encryption and encoding with any mechanism) should be of 24 bytes containing alphanumeric characters only. So, if I get encrypted 24 bytes from plain 24bytes, then

asn1 parsing tutorial

Is there any tutorial or other documentation on how to use the openssl asn1 parsing C functions? That is, not the command line. The man pages are empty. I found that the asn1parse command line utility works, but the asn1pars.c code is completely uncommented. It will be a chore to reverse en

Re: Is openssl 0.9.8r and openssl1.0.0 compatible ?

If you're referring to the C API, I would not depend upon binary compatibility. There are sometimes subtle changes that will cause failures in corner cases that you won't discover unless your regression tests are really good. Insight: Recompile for each openssl update, even for a letter chan

Re: openssl: RSA_private_decrypt error

If the encrypted data is the same on both sides, the other potential problem is that the key is not the same. That is, the private key doesn't match the public key. Try the decrypt with no padding and view the raw bytes. If you see padding plus your data, then the padding schemes don't match

Re: top 10 mistakes when using libopenssl?

On 10/10/2012 8:08 PM, Kyle Hamilton wrote: Suggestions from my experience: If you include the library, #1 for novices has to be: 1 - Using strlen() to get the length of encrypted data. __ OpenSSL Project

Re: Parsing X509 certificate subjectAltName

On 9/12/2012 9:36 AM, Dr. Stephen Henson wrote: You check each value of the returned GENERAL_NAMES structure until you find the one you are interested in. It looks like in your case it is the type GEN_DIRNAME which means the X509_NAME field directoryName of the union is relevant. You can then an

Creating X509 certificate subject alt name in C

I've managed to parse the odd X509 certificate I received. Now I have to create one. It should look like the below. X509v3 extensions: X509v3 Subject Alternative Name: critical DirName:/2.23.133.2.1=id:57454300/2.23.133.2.2=NPCT42x/NPCT50x/2.23.133.2.3=id:0391

openssl verify always returns 0 (success) to shell

In testing my regression tests, I supply a bad CA certificate to force the verify to fail. I use: > openssl verify -CAfile cacert.pem cert.pem It printed this, which I expected. "error 20 at 0 depth lookup: ..." However, when my bash script checks the return code, it is still 0. I was hop

Automating self signed certificate creation

I create a self signed certificate using > openssl req -new -x509 -key ... -out ... -days ... It then prompts for the country, state, locality, etc. Is there a way to enter that data on the command line or in a configuration file to avoid the prompts? I tried -config and a configuration file

Re: openssl verify always returns 0 (success) to shell

er have to write your own app (or maybe just modifiy OpenSSL verify app to return what you want) or parse the textual return of the app (which is not very good, IMO). 2012/11/2 Ken Goldman mailto:kgold...@us.ibm.com>> In testing my regression tests, I supply a bad CA certificate to fo

Re: openssl AES decrypt problem

A typical method is to use PKCS#7 padding. On 12/12/2012 9:07 AM, Hailei Hu wrote: Hi, everyone! I am testing openssl AES encrypt and decrypt using AES_cbc_encrypt. for example, I have a file which has 10 bytes, after using AES_cbc_encrypt, the encrypted file become 16 bytes. But when

Re: last parameter of AES_ofb128_encrypt

I don't think it's documented. I pass in 0 and it works. My notes also say that ivec is altered, so make a copy if you have to preserve the original value. On 1/7/2013 10:26 AM, jeetendra gangele wrote: Hi All, If I use the below function void AES_ofb128_encrypt(const unsigned char *in, un

Re: last parameter of AES_ofb128_encrypt

Am I missing something, or is this a trick question? For OFB, aren't they the same> On 1/7/2013 10:55 AM, jeetendra gangele wrote: 0 for encryption or decryption? __ OpenSSL Project http://www

Re: last parameter of AES_ofb128_encrypt

On 1/7/2013 4:43 PM, Dave Thompson wrote: (There's an official word for this I can't remember at the moment -- self-inverse maybe?) XOR ? :-) __ OpenSSL Project http://www.openssl.org User Sup

Re: Openssl versions compability

My experience is that you should not expect binary compatibility. Since errors will often be in little used corner cases, it's safer to always recompile. Sometimes recompiling is enough. Sometimes versions are so incompatible that you will have to port your application. However, more recen

Re: Openssl versions compability

On 1/23/2013 9:51 AM, Jeffrey Walton wrote: Binary compatibility can be tricky, and it brings up all the old wounds of Microsoft's COM. Are you claiming there is binary compatibility among tool vendors? For example, can I build the base with GCC, and then build patches with ICC? How about differe

Re: Recommended/allowed private key lengths Reg.

http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf On 2/22/2013 2:38 AM, Ashok C wrote: What is the current industry standard for private key lengths? As of now, my application supports 2048 bit-wide keys. I'm planning to support higher key lengths now, and w

Re: Geting /Using RSA public - private Key by Windows Lib (C languaje)

For the first: - generate the RSA key - pull n,e,d bignums out of the RSA structure - use bn2bin to get the key parts For the second: - use bin2bn on n,e,d - assign the bignums to the RSA structure I can point you to sample code if you like. On 3/25/2013 10:32 AM, rod_proteus wrote: Hello.

Canceling RSA key generation

(The answer to this seems to be 'no', but the web posts were 5-10 years old. Perhaps there's a better answer today.) I'm using openssl to emulate a TPM. The hardware device has an abort feature, where the TPM driver can cancel a long command. The driver wants to distinguish between a long c

Re: Canceling RSA key generation

On 4/10/2013 5:14 PM, Dr. Stephen Henson wrote: Does openssl have any elegant way to cancel an RSA key generation that's taking too long? At the EVP_PKEY level you can return 0 from the key generation callback to cancel the operation. See EVP_PKEY_set_cb(). Thanks as always. But where can I

Apply signature to X509 certificate

I have a need to sign an X509 certificate outside openssl, using a hardware security module. 1 - I have to first hash the certificate. I discovered X509_digest(), which is not documented. Is it the correct function? I also found ASN1_item_i2d() to serialize the cert_info member, from which

Re: Apply signature to X509 certificate

On 5/10/2013 5:37 AM, Cristian Thiago Moecke wrote: You have two ways to follow. 1) To use an HSM to sign, the "official" way to do it is to use an openssl engine. If your HSM does not provide an openssl engine, it probably does provide a PKCS#11 module, and you can use the pkcs11 engine to loa

Re: Apply signature to X509 certificate

On 5/10/2013 6:17 AM, Krzysztof Konopko wrote: This could also be handled by some sort of engine that would work in two modes: * generate an intermediate result (hash) that can be processed (signed) I'm looking for advice on how to do that. at the remote site (how to get it there securely is

Re: Prefix “[openssl-users]” onto mailing list subjects?

Since I find it much easier to read the posts with NNTP, it doesn't matter to me at all. The 'context' is in the name of the newsgroup. What I'd like is a way to remain part of the group but not receive email at all. I know it's technically possible, since other gmane newsgroups work that wa

Re: RSA encryption and Decryption code in C language

You cannot generate a private key from a public key. Typically, the receiver generates the key pair and sends the public key to the sender. The sender encrypts with the public key. The receiver decrypts with the private key. A typical format for sending a public key across a channel is an X

Re: Crash observed

The usual cause of an openssl crash is compiling and linking against two different install version. Check that. The usual cause of a crash on free() is a double free, followed by freeing the wrong pointer or corrupted memory. On 6/28/2013 1:48 AM, Rajeswari K wrote: Hello Openssl team, Does

Re: weird bug

On 8/16/2013 1:51 PM, Ztatik Light wrote: found yet another weird peculiarity... In my full application, i need the following lines after both encrypt_file() and decrypt_read(), otherwise i get garbage data: char err[1024]; ERR_error_string( ERR_get_error(), err ); printf( "%s\n", err ); And e

Re: EVP_DigestSign*() and EVP_DigestVerify*() - help needed

The usual cause of a padding error is that the private key used to sign does not correspond to the public key used to verify. That is, unless you're a newbie to crypto. In that case the error is that you're passing the length of an encrypted blob using strlen(). The way I typically debug is

Re: RSA encryption/decryption with OpenSSL.

On 8/19/2013 3:15 PM, mycompuser wrote: But the only problem that I currently face is that the key pair generated by OpenSSL has headers and footers of the form -BEGIN RSA PUBLIC KEY- -END RSA PUBLIC KEY- for public key likewise there is similar header and footer for private key a

compiling for debug on Linux

I know this is a FAQ, but the answers I found all included the response "that didn't work". openssl 1.0.1c on Linux: How do I compile and link so the debugger can step into the openssl code? Are there definitive instructions anywhere, or does everyone use trial and error? I'm using a loca

PKCS7 signing

I'm working through the 'openssl smime -sign' example. 1 The '-in' parameter appears to be the message, not a hash of the message. Correct? 2 When I run the example, the PKCS7_Sign() call appears to add the entire message to the pkcs7 DER encoded file. Is this typical? Can I pass in NUL

Re: Fails on verifying signature - RSA_padding_check_PKCS1_type_1:invalid padding

On 2/13/2020 12:40 PM, Pedro Lopes wrote: When I try to verify the signature, fails with RSA_padding_check_PKCS1_type_1:invalid padding. That error typically means that the verification public key does does not match the signing private key.

OpenSSL version 3.0.0-alpha1 build failed

My build failed with the below. x86_64 Linux kernel 2.6.32 RHEL 6.7 Perl 5.10.1 Everything through 1.1.1e was successful. ~~ ./config Operating system: x86_64-whatever-linux2 Configuring OpenSSL version 3.0.0-alpha1 for target linux-x86_64 Using os-specific seed configuration *** glibc detect

openssl with Rust

Environment is Windows, Visual Studio Code, the Shining Light openssl build and the openssl crate. Does anyone have experience getting this to link? Environment variables? cargo.toml anything else?

Re: Random and rare Seg faults at openssl library level

On 1/6/2021 12:10 PM, Gimhani Uthpala wrote: I am getting seg-faults at openssl level. This only occurred very randomly and the following are stacks that seg faults  at openssl level in the given 2 cases. We are using openssl 1.0.2k. The usual cause is that you are compiling with one version

Re: Random and rare Seg faults at openssl library level

On 1/7/2021 10:11 AM, Michael Wojcik wrote: $ cat /etc/redhat-release && openssl version CentOS Linux release 7.9.2009 (Core) OpenSSL 1.0.2k-fips 26 Jan 2017 Ugh. Well, OP should have made that clear in the original message. And this is one of the problems with using an OpenSSL supplied by t

EVP_MAC_init - specify the hash algorithm

Porting to 3.0 ... HMAC_Init_ex() had a place for the hash algorithm. EVP_MAC_init() does not, unless it's embedded in the 'params' parameter. Any advice? Or a sample for doing an HMAC with 3.0?

Re: EVP_MAC_init - specify the hash algorithm

On 7/13/2021 2:50 PM, Matt Caswell wrote: On 13/07/2021 19:02, Ken Goldman wrote: Porting to 3.0 ... HMAC_Init_ex() had a place for the hash algorithm.  EVP_MAC_init() does not, unless it's embedded in the 'params' parameter. Any advice?  Or a sample for doing an HMAC with

RSA_set0_key() equivalent for 3.0.0

What is the 3.0.0 equivalent to RSA_set0_key() when I want to create a key token from n and e. Meta question: Is there a porting guide for these type of questions - something that says, "If you used this before, use this now."

Re: RSA_set0_key() equivalent for 3.0.0

On 7/13/2021 5:08 PM, Nicola Tuveri wrote: There is the migration guide: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod The migration guide is very general. It says that the low level

Re: RSA_set0_key() equivalent for 3.0.0

On 7/13/2021 5:14 PM, William Roberts wrote: Outside of the migration guide others have pointed out, I think the functions you need are: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html Use use EVP level no

EVP_MD_CTX_free documentation

It would be nice if the documentation would guarantee that this function is a no-op when the parameter is NULL - like the standard free() call. This would save coding (if not NULL) all the time. Same comment for all the _free functions. I know I can look at the code, but that doesn't provide an

Re: EVP_MD_CTX_free documentation

Matt On 30/07/2021 17:55, Ken Goldman wrote: It would be nice if the documentation would guarantee that this function is a no-op when the parameter is NULL - like the standard free() call. This would save coding (if not NULL) all the time. Same comment for all the _free functions. I know I can

openssl 3.0 genpkey

Should these be posted here or as github issues? (May be user error) 1 openssl genpkey -algorithm rsa -outform der -out key.der -quiet returns: genpkey: Option -quiet needs a value But the docs don't indicate that a value is needed. 2 openssl genpkey -algorithm rsa -outform der -out key.de

openssl 3.0 - id2_x509() now fails

I have an application where I have to create a partial x509 certificate. It gets sent to an HSM, which fills in the public key and signs it. I was calling X509_new X509_set_version X509_set_issuer_name X509_get_notBefore X509_get_notAfter X509_se

Re: openssl 3.0 - id2_x509() now fails

On 8/6/2021 1:11 PM, Ken Goldman wrote: I have an application where I have to create a partial x509 certificate.  It gets sent to an HSM, which fills in the public key and signs it. I was calling X509_new X509_set_version X509_set_issuer_name X509_get_notBefore

Re: openssl 3.0 - id2_x509() now fails

On 8/9/2021 3:50 AM, Tomas Mraz wrote: On Fri, 2021-08-06 at 18:06 -0400, Ken Goldman wrote: On 8/6/2021 1:11 PM, Ken Goldman wrote: I have an application where I have to create a partial x509 certificate.  It gets sent to an HSM, which fills in the public key and signs it. I was calling

Misunderstanding openssl verify

It doesn't seem to be verifying the signature on the certificate parameter. Version 1.1.1k. I create an incorrectly signed self signed certificate and convert it from der to pem. A basic openssl verify -CAfile c1.pem c1.pem Returns OK, even though the signature is bad. Why? Editing

Re: Misunderstanding openssl verify

On 8/16/2021 10:04 AM, Viktor Dukhovni wrote: It seems as though the 'verify' command checks the issuer, but not the signature of the certificate - the last parameter. > As documented. Then I am not understanding the documentation. https://www.openssl.org/docs/man1.1.1/man1/verify.html says

IMPLEMENT_ASN1_FUNCTIONS tutorial or help

I am trying to parse some ASN.1 DER so I can add it to an X.509 certificate. For the input side, a poster showed me ASN1_SEQUENCE, ASN1_SEQUENCE_END, and then DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS which created the i2d() function. Now I would like to do the other end, where I have d

Re: IMPLEMENT_ASN1_FUNCTIONS tutorial or help

On 8/17/2021 10:38 AM, Matt Caswell wrote: On 16/08/2021 21:56, Ken Goldman wrote: I am trying to parse some ASN.1 DER so I can add it to an X.509 certificate. For the input side, a poster showed me ASN1_SEQUENCE, ASN1_SEQUENCE_END, and then DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS

Re: [EXTERNAL] Re: IMPLEMENT_ASN1_FUNCTIONS tutorial or help

On 8/17/2021 12:57 PM, Sands, Daniel via openssl-users wrote: Now I would like to do the other end, where I have der and I want to parse back to the structure, using d2i() 1 - Is there a tutorial on this? Seems like you don't need one. If you got i2d working you should have d2i already! I

Re: IMPLEMENT_ASN1_FUNCTIONS tutorial or help

) DECLARE_ASN1_FUNCTIONS(TPM_ADDTOCERT) IMPLEMENT_ASN1_FUNCTIONS(TPM_ADDTOCERT) const unsigned char *tmpptr = out.addedToCertificate.t.buffer; TPM_ADDTOCERT *addToCert = d2i_TPM_ADDTOCERT(NULL, &tmpptr, out.addedToCertificate.t.size); On 8/16/2021 4:56 PM,

Re: IMPLEMENT_ASN1_FUNCTIONS tutorial or help

On 8/17/2021 9:47 PM, Sands, Daniel via openssl-users wrote: The dump you show below is: Attributes (set, tagged with a 0, optional) Version privateKeyAlgorithm privateKey This is a PKCS#8 packet for a key. The encapsulated data is the RSA public key in PKCS1 format. I know OpenSSL has built-

Set X509 public key in 1.0.2

I have an X509_PUBKEY structure holding the algorithm and public key. I want to set it in the X509 structure. In 1.1.1 and up, I can use evpPubkey = X509_PUBKEY_get0(addToCert->key);/* X509_PUBKEY */ X509_set_pubkey(x509Certificate, evpPubkey); However, 1.0.2 doesn't hav

Re: Set X509 public key in 1.0.2

On 8/20/2021 7:19 PM, Thomas Dwyer III wrote: 1.0.2 has X509_PUBKEY_get() (without the zero) which I believe increases the reference count on the EVP_PKEY. Perfect! It was not in the 1.0.2 man page, but it seems to be portable across 1.0.1, 1.1.1, 3.0.0.

3.0.0. IMPLEMENT_ASN1_FUNCTIONS missing _it prototypes

I get warnings on all my ASN1_SEQUENCE_END, a missing prototype for the _it functions. The code is working, but I'd like a clean compile. 3.0.0 only, 1.0.2 and 1.1.1 are OK. Example: #include #include #include #include typedef struct { ASN1_TIME *notBefore; ASN1_TIME *notAfter; }

Re: HMAC verification with EVP Interface

On 8/26/2021 5:35 AM, d0 wrote: Don't forget to use CRYPTO_memcmp for comparing the HMACs, not regular ol' memcmp. What's the rationale? The HMAC result isn't secret.

Re: 3.0.0. IMPLEMENT_ASN1_FUNCTIONS missing _it prototypes

On 8/24/2021 5:56 AM, Matt Caswell wrote: On 23/08/2021 20:42, Ken Goldman wrote: I get warnings on all my ASN1_SEQUENCE_END, a missing prototype for the _it functions. The code is working, but I'd like a clean compile. 3.0.0 only, 1.0.2 and 1.1.1 are OK. Example: #include #in

openssl 3.0.0 valgrind failure on OPENSSL_ia32_cpuid

I run valgrind on all my software to find memory leaks. This worked for openssl 1.0.2 and 1.1.1, but fails with 3.0.0. Suggestions? vex amd64->IR: unhandled instruction bytes: 0xF3 0xF 0x1E 0xFA 0x49 0x89 0xD8 0x31 vex amd64->IR: REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0 vex amd64->IR: VEX=0 V

Re: openssl 3.0.0 valgrind failure on OPENSSL_ia32_cpuid - retract, sorry

On 8/27/2021 3:46 PM, Ken Goldman wrote: I run valgrind on all my software to find memory leaks.  This worked for openssl 1.0.2 and 1.1.1, but fails with 3.0.0.  Suggestions? Sorry, I updated valgrind and all is well.

TYPE_new() and TYPE_free()

Assuming that I use the ASN1_SEQUENCE, ASN1_SEQUENCE_END, DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS macros ... TYPE_free() says that it frees all sub-objects. Can I assume that, if the sub-objects are also defined with those macros, that it will iterate all the way? TYPE_new() allocates

Re: EVP_MAC_init - specify the hash algorithm

Where does one get the parameter values? E.g., where would I see the value strings for the EVP_MAC_new algorithm and the digest parameter values. I can guess HMAC and SHA256, but are they documented? Case sensitive? Which is preferred? You use EVP_MAC_new, which is undocumented. The doc samp

Openssl 3.0.0. EVP_PKEY_CTX vs EVP_PKEY

Conceptually, how are these different? When do I use one vs the other? Where would I learn this?

Re: Openssl 3.0.0. EVP_PKEY_CTX vs EVP_PKEY

On 9/14/2021 11:40 AM, Tomas Mraz wrote: On Tue, 2021-09-14 at 11:11 -0400, Ken Goldman wrote: Conceptually, how are these different? When do I use one vs the other? The EVP_PKEY is an object holding data (well, rather a reference, but that is fairly irrelevant) of a private key, public key

Openssl 3.0.0. EVP_PKEY RSA is NULL

I am doing the following, but the EVP_PKEY->pkey->rsa is null. Am I misusing the API or missing a step? (error checking removed) EVP_PKEY*rsa_pub_key = NULL; EVP_PKEY_CTX*ctx = NULL; OSSL_PARAM_BLD *param_bld = NULL; OSSL_PARAM *params = NULL;

openssl 3.0.0 equivalent to RSA_get0_key

... and RSA_get0_factors. I know about EVP_PKEY_get_bn_param(). However, that allocates new bignums. Therefore, the caller has to say, if >3.0.0, free them, else don't. The deprecated get0 functions just returned pointers that did not have to be separately freed. Is there a call to pass in

EVP_EncryptInit_ex2() operation

Does it make sense to initialize the context once and then use it multiple times, or is cleaner to create a new one from the raw key byte string each time? I've seen sample code that uses this to 'reset' the context for a new encryption. EVP_EncryptInit_ex2(e, NULL, NULL, NULL, NULL);

openssl 3.0.0 get ECC public key modulus from EVP_PKEY

In pre-3.0.0, I used this, omitting the error checking, malloc, ... ecPoint = EC_KEY_get0_public_key(ecKey); ecGroup = EC_KEY_get0_group(ecKey); EC_POINT_point2oct(ecGroup, ecPoint, POINT_CONVERSION_UNCOMPRESSED, *modul

Re: openssl 3.0.0 get ECC public key modulus from EVP_PKEY

On 10/13/2021 12:06 PM, Matt Caswell wrote: On 12/10/2021 23:37, Ken Goldman wrote: In pre-3.0.0, I used this, omitting the error checking, malloc, ... ecPoint = EC_KEY_get0_public_key(ecKey); ecGroup = EC_KEY_get0_group(ecKey); EC_POINT_point2oct(ecGroup, ecPoint

Re: openssl 3.0.0 get ECC public key modulus from EVP_PKEY

On 10/14/2021 6:39 AM, Matt Caswell wrote: "priv" (OSSL_PKEY_PARAM_PRIV_KEY) The private key value. Since its an integer using EVP_PKEY_get_bn_param() would be appropriate here, but not EVP_PKEY_get_octet_string_param(). Basically you need to know the type of the parameter you are attemptin

Openssl 3.0.0 creating ECC key from X and Y, PEM_write_PUBKEY fails

I have X and Y as bignums. I create EVP_PKEY with this. I suspect that I have to do another step to indicate that I supplied X and Y and not a compressed public key. param_bld = OSSL_PARAM_BLD_new(); rc = getEcCurveString(&curveString, gets strings like prime256

Re: Openssl upgrade to 1.1.1o on Red Linux 5.11

On 6/22/2022 10:32 AM, Gaurav Mittal11 wrote: Hi Team, Is there any way to upgrade openssl in redhat 5.11 as I am getting error its not supported. > uname -a Linux serverxxx 2.6.18-419.el5 #1 SMP Wed Feb 22 22:40:57 EST 2017 x86_64 x86_64 x86_64 GNU/Linux Red Hat Enterprise Linux Server re

Re: 050 + at the beginning of verified signature

There are a few issues here: RSA_Verify does not return a signature. It returns a boolean pass/fail. If reply is a hash, strlen(reply) is not the length of the hash. The length is 20 for SHA-1. On 10/9/2013 1:46 PM, aqueelmirza wrote: I am using OpenSSL in iOS app to sign a message. I use

Re: how to extract the private key out of the KEY.PEM

Do not encrypt with a private key. Encrypt with the public key and decrypt with the private key. I would extract the key parts by converting the pem format to an RSA structure, get the BIGNUMs from the structure, and convert BIGNUM to bin. I don't guarantee that this is the best way, but it

Re: how to extract the private key out of the KEY.PEM

On 11/18/2013 11:29 AM, Robert W Weaver wrote: owner-openssl-us...@openssl.org (Kenneth Goldman/Watson/IBM@IBMUS) wrote on 11/18/2013 10:03:29 AM: > Do not encrypt with a private key. Encrypt with the public key and > decrypt with the private key. Encrypt with a private key for integrity purp

Re: [openssl.org #3229] Fwd: Issue with key length

On 1/12/2014 2:04 AM, Som M wrote: [openssl.org #3229] Yes, I suspected the same. But even though it returns 129, I prepended "00" to the hex string and sent it as argument to to RSA_verify. authMsgLen = RSA_size(rsa_pb); authMsgHexStr = "00" + authMsgHexStr; This might wo

Re: Issue with key length

On 1/10/2014 4:20 AM, Som M wrote: static char evc41_lg_n[] = "15546146887813792478095208190303122757622250938584627931904891600175202510061523794334042548615734687660421922313164335745291109786474147016936927527006755886906416183365029894549142316203446261188204728397612179022068004146715593144

  1   2   3   >