Re: [openssl-users] OpenSSL RSA engine - RSA verify failure

[danigrosu]

Hi Uri Blumenthal,

I hace started from the Intel RSAX engine, and I just wanted to use
my own implementation of the rsa modular exponentiation. This 
project that I am working on intends to use a CUDA based 
implementation for modular computation.
In order to post a working example here, I just replaced the CUDA
part with the BN_mod_exp_mont function to reproduce the result,
that is "RSA verify failure". Of course, when I use the CUDA
implementation, I also get "RSA sign failure".

Best regards,
Dani Grosu



--
View this message in context: 
http://openssl.6102.n7.nabble.com/OpenSSL-RSA-engine-RSA-verify-failure-tp65447p65450.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL RSA engine - RSA verify failure

[Blumenthal, Uri - 0553 - MITLL]

Not sure I understand what you’re doing. But compiling/building eng_rsax.c
(provided by Intel) with the only mod being addition of dynamic bind,
produces the following result:

$ openssl engine rsax -t
(rsax) RSAX engine support
 [ available ]
$ sync
$ openssl speed rsa512 -engine rsax
engine "rsax" set.
Doing 512 bit private rsa's for 10s: 178316 512 bit private RSA's in 9.96s
Doing 512 bit public rsa's for 10s: 1936309 512 bit public RSA's in 9.99s
OpenSSL 1.0.2h-dev  xx XXX 
built on: reproducible build, date unspecified
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int)
blowfish(idx) 
compiler: clang -I. -I.. -I../include  -fPIC -fno-common -DOPENSSL_PIC
-DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch
x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
-DGHASH_ASM -DECP_NISTZ256_ASM
  signverifysign/s verify/s
rsa  512 bits 0.56s 0.05s  17903.2 193824.7
$ 
$ openssl speed rsa512
Doing 512 bit private rsa's for 10s: 175940 512 bit private RSA's in 9.97s
Doing 512 bit public rsa's for 10s: 1884711 512 bit public RSA's in 9.98s
OpenSSL 1.0.2h-dev  xx XXX 
built on: reproducible build, date unspecified
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int)
blowfish(idx) 
compiler: clang -I. -I.. -I../include  -fPIC -fno-common -DOPENSSL_PIC
-DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch
x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
-DGHASH_ASM -DECP_NISTZ256_ASM
  signverifysign/s verify/s
rsa  512 bits 0.57s 0.05s  17646.9 188848.8




Perhaps it would make sense to (a) start with that eng_rsax.c code and get
it working by adding DYNAMIC_BIND, then (b) replace its assembly language
calls with BN calls?
-- 
Regards,
Uri Blumenthal





On 4/5/16, 10:41 , "openssl-users on behalf of danigrosu"
 wrote:

>Hi.
>I am trying to build an OpenSSL RSA engine and the first step is to use
>the
>"BN_mod_exp_mont" for the RSA modular exponentiation function, in
>RSA_METHOD 
>structure.
>
>
>***BEGINNING OF eng_rsax_test.c FILE***
>. . . . . . . . . .
>
>***END OF eng_rsax_test.c FILE***
>
>The engine is built successfully after using these commands:
>/cc -fPIC -o eng_rsax.o -c eng_rsax_test.c
>cc -shared -o eng_rsax.so eng_rsax.o -lcrypto/
>
>... but if I want to test the speed of the rsa implementation with:
>/openssl speed rsa512 -engine `pwd`/eng_rsax.so/
>
>it fails:
>/engine "rsax_dani" set.
>Doing 512 bit private rsa's for 10s: 774848 512 bit private RSA's in
>10.01s
>RSA verify failure.  No RSA verify will be done.
>140017307215520:error:0407006A:rsa
>routines:RSA_padding_check_PKCS1_type_1:block type is not
>01:rsa_pk1.c:100:
>140017307215520:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding
>check failed:rsa_eay.c:721:
>OpenSSL 1.0.1f 6 Jan 2014
>built on: Mon Feb 29 18:11:15 UTC 2016
>options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial)
>blowfish(idx)/ 
>
>
>So the signing part is working, but the verify part fails.
>It appears that the PKCS1 paddind is wrong but how can I fix that?
>
>Best wishes,
>Dani Grosu
>
>
>
>
>--
>View this message in context:
>http://openssl.6102.n7.nabble.com/OpenSSL-RSA-engine-RSA-verify-failure-tp
>65447.html
>Sent from the OpenSSL - User mailing list archive at Nabble.com.
>-- 
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL RSA engine - RSA verify failure

[danigrosu]

Hi.
I am trying to build an OpenSSL RSA engine and the first step is to use the
"BN_mod_exp_mont" for the RSA modular exponentiation function, in RSA_METHOD 
structure.


***BEGINNING OF eng_rsax_test.c FILE***

/
#include 
#include 
#include 
#include 
#include 
#include 
#ifndef OPENSSL_NO_RSA
#include 
#endif
#include 
#include 

/* RSAX is available **ONLY* on x86_64 CPUs */
#undef COMPILE_RSAX

#if (defined(__x86_64) || defined(__x86_64__) || \
 defined(_M_AMD64) || defined (_M_X64)) && !defined(OPENSSL_NO_ASM)
#define COMPILE_RSAX
static ENGINE *ENGINE_rsax (void);
#endif

void ENGINE_load_rsax (void)
{
ENGINE *toadd = ENGINE_rsax();
if(!toadd) return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();

}

#ifdef COMPILE_RSAX
#define E_RSAX_LIB_NAME "rsax engine"

static int e_rsax_destroy(ENGINE *e);
static int e_rsax_init(ENGINE *e);
static int e_rsax_finish(ENGINE *e);
static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void
(*f)(void));

#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int e_rsax_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX
*ctx);
static int e_rsax_rsa_finish(RSA *r);
#endif

static const ENGINE_CMD_DEFN e_rsax_cmd_defns[] = {
{0, NULL, NULL, 0}
};

#ifndef OPENSSL_NO_RSA
/* Our internal RSA_METHOD that we provide pointers to */
static RSA_METHOD e_rsax_rsa =
{
"Intel RSA-X method",
NULL,
NULL,
NULL,
NULL,
e_rsax_rsa_mod_exp,
NULL,
NULL,
e_rsax_rsa_finish,
RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE,
NULL,
NULL,
NULL,
NULL
};
#endif

/* Constants used when creating the ENGINE */
static const char *engine_e_rsax_id = "rsax_dani";
static const char *engine_e_rsax_name = "RSAX engine support";

/* This internal function is used by ENGINE_rsax() */
static int bind_helper(ENGINE *e, const char *id)
{
printf("%s\n", id);
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
if(!ENGINE_set_id(e, engine_e_rsax_id) ||
!ENGINE_set_name(e, engine_e_rsax_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, _rsax_rsa) ||
#endif
!ENGINE_set_destroy_function(e, e_rsax_destroy) ||
!ENGINE_set_init_function(e, e_rsax_init) ||
!ENGINE_set_finish_function(e, e_rsax_finish) ||
!ENGINE_set_ctrl_function(e, e_rsax_ctrl) ||
!ENGINE_set_cmd_defns(e, e_rsax_cmd_defns))
return 0;

#ifndef OPENSSL_NO_RSA
meth1 = RSA_PKCS1_SSLeay();
e_rsax_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
e_rsax_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
e_rsax_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
e_rsax_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
e_rsax_rsa.bn_mod_exp = meth1->bn_mod_exp;
e_rsax_rsa.finish = meth1->finish;
#endif
return 1;
}
IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
IMPLEMENT_DYNAMIC_CHECK_FN()
static ENGINE *ENGINE_rsax(void)
{
ENGINE *ret = ENGINE_new();
if(!ret)
return NULL;
if(!bind_helper(ret, engine_e_rsax_id))
{
ENGINE_free(ret);
return NULL;
}
return ret;
}


#ifndef OPENSSL_NO_RSA
/* Used to attach our own key-data to an RSA structure */
static int rsax_ex_data_idx = -1;
#endif

static int e_rsax_destroy(ENGINE *e)
{
return 1;
}

/* (de)initialisation functions. */
static int e_rsax_init(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
if (rsax_ex_data_idx == -1)
rsax_ex_data_idx = RSA_get_ex_new_index(0,
NULL,
NULL, NULL, NULL);
#endif
if (rsax_ex_data_idx  == -1)
return 0;
return 1;
}

static int e_rsax_finish(ENGINE *e)
{
return 1;
}

static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
{
int to_return = 1;

switch(cmd)
{
/* The command isn't understood by this engine */
default:
to_return = 0;
break;
}

return to_return;
}


#ifndef OPENSSL_NO_RSA

#ifdef _WIN32
typedef unsigned __int64 UINT64;
#else
typedef unsigned long long UINT64;
#endif
typedef unsigned short UINT16;

struct mod_ctx_512 {
UINT64 t[8][8];
UINT64 m[8];
UINT64 m1[8]; /* 2^278 % m */
UINT64 m2[8]; /* 2^640 % m */
UINT64 k1[2]; /* (- 1/m) % 2^128 */
};



typedef struct st_e_rsax_mod_ctx
{
  UINT64 type;
  union {
struct mod_ctx_512 b512;
  } ctx;

} E_RSAX_MOD_CTX;

static int e_rsax_rsa_finish(RSA *rsa)
{
E_RSAX_MOD_CTX *hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx);
if(!hptr) return 0;

 

[openssl-users] Fwd: undefined symbol: EC_KEY_new_by_curve_name

[kishore]

Hi,
I'm trying to compile httpd 2.4.18 with openssl-1.0.2g(with
openssl-fips-2.0.12) on 64-bit RHEL machine.
I'm could compile and get it(httpd) running in http mode and while i'm
trying to run it in
HTTPS mode, server is unable to start saying


"httpd: Syntax error on line 128 of
/tmp/ossl/httpd/Release/conf/httpd.conf: Cannot load modules/mod_ssl.so
into server: /tmp/ossl/httpd/Release/modules/mod_ssl.so: undefined symbol:
EC_KEY_new_by_curve_name"

​I could get the same config up and running in 32-bit, but there seems to
be an issue with 64-bit.
Can someone help me with this​.

I have checked all pre reqs and basic checks for paths, all seems to be
pointing to proper libraries.


Thanks in Advance

~Kishore
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Is SHA hashing algorithm reversable?

[James]

Hi,
I always use like this
Hash ( salt + password )
You can use like this also
Hash ( hash(salt) + password )
regards,
James

On Tue, Apr 5, 2016 at 1:52 PM, Sugumar  wrote:

> Hello,
>
> Ya you are correct James.
> But my doubt is what is the best method to hash the password securely with
> salt.
> I mean which method is preferred by openssl,
>
> HashValue = Hash(password + salt).
> HashValue = Hash( Hash(password) + salt). or something else?
> HashValue = Hash(password) + Hash(salt).
>
> or this is up to the user decision?
>
>
>
>
> --
> View this message in context:
> http://openssl.6102.n7.nabble.com/Is-SHA-hashing-algorithm-reversable-tp65408p65441.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CMS with Symmetric key

[Dr. Stephen Henson]

On Mon, Apr 04, 2016, Abe Racioppo wrote:

> Hey guys,
> 
> I'm trying to use the CMS operations in libcrypto but with a symmetric key
> encryption key instead of x509.
> 
> I'm thinking I want to use a combination of
> 
> CMS_RecipientInfo_set0_pkey,
> SMIME_write_CMS,
> and
> CMS_EncryptedData_encrypt.
> 
> Has anyone done this before and can give me some direction?  This is my
> first time working with openssl and am getting kinda lost.
> 

You have several options here.

You can just use the encrypted data type with a key directly.

You can use the enveloped data type with a symmetric wrapping key.

You can use the enveloped data type with a password based recipient info.

Which you use depends on the application you have in mind.

In the first case you just call CMS_EncryptData_encrypt() followed by
SMIME_write_CMS().

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Is SHA hashing algorithm reversable?

[Sugumar]

Hello,

Ya you are correct James.
But my doubt is what is the best method to hash the password securely with
salt.
I mean which method is preferred by openssl, 

HashValue = Hash(password + salt).
HashValue = Hash( Hash(password) + salt). or something else?
HashValue = Hash(password) + Hash(salt).

or this is up to the user decision?




--
View this message in context: 
http://openssl.6102.n7.nabble.com/Is-SHA-hashing-algorithm-reversable-tp65408p65441.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Is SHA hashing algorithm reversable?

[James]

Hello Sugumar,
There are sites that store the commonly used strings and hashed strings.
For example for hello sha2 hash is this
2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

If you copy paste this in google, you would see hello

they dont do reverse of this hash but they hashed some commonly used
strings and kept in their DB, using this only they give the original string.

That is why we need to use a salt string along with your original string.

regards,
James

On Tue, Apr 5, 2016 at 11:44 AM, Sugumar  wrote:

> Thanks for all the information provided. Really its very nice information.
>
> And one more question, if i am using a salt with the password for computing
> a hash value i need to store the salt for future reference and what about
> the scenario when attacker gets that salt and hash. That time it may be
> reversible right?
>
> Please tell me the correct method to use a salt with password for storing a
> passwords in a secure manner.
>
>
>
> --
> View this message in context:
> http://openssl.6102.n7.nabble.com/Is-SHA-hashing-algorithm-reversable-tp65408p65439.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Is SHA hashing algorithm reversable?

[Sugumar]

Thanks for all the information provided. Really its very nice information.

And one more question, if i am using a salt with the password for computing
a hash value i need to store the salt for future reference and what about
the scenario when attacker gets that salt and hash. That time it may be
reversible right?

Please tell me the correct method to use a salt with password for storing a
passwords in a secure manner.



--
View this message in context: 
http://openssl.6102.n7.nabble.com/Is-SHA-hashing-algorithm-reversable-tp65408p65439.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users