ChaCha20 (without Poly1305) block counter

2019-04-17 Thread Jerry Lui 
Hi,

I am trying to use ChaCha20 (without Poly1305)

>From RFC 7539:
One of the inputs to ChaCha20 is:
"A 32-bit initial counter."

However I cannot find the function to set this. where should I input this?

Thanks,
Jerry

Regarding the use of EVP_aes_256_cbc_hmac_sha256, EVP_rc4_hmac_md5 and AES_encrypt

2019-04-17 Thread Guido Vranken 
First question:

How should AAD data be supplied to ciphers like
EVP_aes_256_cbc_hmac_sha256() and EVP_rc4_hmac_md5()?

If I understand correctly, these are AEAD ciphers (the
EVP_CIPH_FLAG_AEAD_CIPHER flag is set), so it should be possible to provide
AAD data?

The following seems to work for AEAD ciphers generally but crashes with the
ciphers I just mentioned:

EVP_EncryptUpdate(ctx, NULL, , aad, aad_len))

I call this after key and IV setting and before ciphertext input, in fact
exactly like described here for GCM AEAD ciphers:
https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode

Am I doing something wrong?

Second question:

The comments around AES_decrypt() and AES_encrypt() in
crypto/aes/aes_core.c state: "in and out can overlap".
Does this only apply to the pure C version of AES, or to any or all
assembly implementations as well?

Thanks

Guido

Re: rand interface while upgrading openssl

2019-04-17 Thread Chitrang Srivastava 
Thanks Michael,

I am using *ssleay_rand_add* function which was present in earlier version
of openssl
https://code.woboq.org/crypto/openssl/crypto/rand/md_rand.c.html#ssleay_rand_add

I don't find this file or function in latest version of openssl.
As I understood recommended way is to use engine method but on embedded
system we compile everything in a single elf binary.
No concept of dynamic shared object or engine , so i defined
OPENSSL_NO_ENGINE to compile engine thing out.

Is there any default random number like md_rand.c in this version of
openssl.
For entropy we will be providing SHA1/SHA2 of a mix of CPU clock and
various other thing(serial #, mac, ) to seed.

-Thanks,

On Wed, Apr 17, 2019 at 1:23 AM Michael Wojcik <
michael.woj...@microfocus.com> wrote:

> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Chitrang Srivastava
> > Sent: Tuesday, April 16, 2019 08:24
>
> > I need suggestion regarding random number interface , earlier we were
> using  RAND_METHOD.
>
> That's a mechanism for telling OpenSSL what mechanism to use for its
> cryptographically-strong pseudorandom number generator (CPRNG).
>
> > Can I still use the same mechanism? Because I see new code rand folder
> contains OS specific
> > implementation of
> >
> > rand_pool_acquire_entropy
> > rand_pool_add_nonce_data
> > rand_pool_add_additional_data
>
> That's part of OpenSSL's mechanism for getting entropy for the CPRNG. The
> CPRNG needs this, but they are not the same thing.
>
> > As I understand , above function also needs to be ported?
>
> I believe you'll need some implementation of them, but I haven't poked
> around this corner of the OpenSSL 1.1 sources.
>
> > Any document to start with porting random number to any platform.
>
> The CPRNG seeding mechanism is cryptographically sensitive, and should not
> be implemented by a non-expert. What does your existing implementation do
> to provide entropy for the OpenSSL CPRNG? If the answer is "nothing" (or
> something that's not adequately opaque to an attacker), then your product
> has seriously flawed security. An attacker who can guess the entropy for
> the CPRNG pool can break your encryption.
>
> It will also be platform-specific (though some mechanisms will exist on
> multiple platforms), so there can't be much guidance on doing it for "any
> platform".
>
> The literature on seeding CPRNGs is fairly extensive. It's often a
> challenge for embedded applications, particularly SOC-based ones which may
> not have much in the way of internal noise sources such as clock skew. Some
> CPUs have entropy sources, such as Intel's RDRAND; if you trust them (and
> in an embedded application you may not have much choice) you can use that.
>
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>

Test data for the known Openssl CVEs

2019-04-17 Thread girish kumar 
Hi All,
I am trying to build a regression suite for the known vulnerabilities
published by OpenSSL. For some of the CVEs, I am facing issues to generate
test data.

Is there anywhere test data available for the known CVEs for re-use.

Any help would be appreciated.

-- 
Regards,
Girish