Calling EVP_DigestFinal_ex multiple times
Hello, I am wondering whether it is permitted to call EVP_DigestFinal_ex multiple times on the same context in order to retrieve the same digest twice. I expected OpenSSL to fail with an error code, but SHA256 seems to permit it whereas SHA3 seems to cause a segmentation fault. The documentation does not explicitely forbid or allow it, so I am wondering where this should be addressed: In the implementation of EVP_*, in SHA2, in SHA3, in the documentation, or not at all? Thank you in advance! Tobias
Re: Custom secure heap implementation
> What does your implementation do differently, and which platforms does it > work on? It is still an early prototype, but it already allows dynamic expansion of the secure heap (as well as shrinking) and I hope to add support for Microsoft Windows after the POSIX / Linux implementation.
Custom secure heap implementation
Hello, I have been experimenting with a custom secure heap implementation recently. Would OpenSSL be open to a patch that allows users to replace the OpenSSL implementation with their own, similarly to how CRYPTO_set_mem_functions works? Based on mem_sec.c, at least sh_malloc, sh_free, sh_actual_size and sh_allocated need to be pluggable, probably also a new function for CRYPTO_secure_used. Also, should thread safety be part of OpenSSL as it is right now (via sec_malloc_lock), or should it be up to the implementation? Regards, Tobias
Re: new algorithms
creation of x509 certificate with algo1 and algo2, and/or TLS and SSL connection always with algo1 and algo2 As far as I know, you will need to have an OID assigned for each algorithm for x509 certificates. You can add those to OpenSSL manually, but you won't be able to communicate with any other software that does not implement them. (And as Rich said, there is little reason for people to trust and use non-standard algorithms.)
Using RSA-PSS in OpenSSL 1.1.1b
Hello, I am using OpenSSL 1.1.1b and I have two questions regarding RSA-PSS. I am using the following command to generate the private key: openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:16 -out rsa_pss_private_2048_restricted.pem This works, but I am unsure how to produce the corresponding public key using the openssl CLI, it would be great if someone could give me some pointers. I also need to access the key restrictions (MD / MGF1 MD / salt length) given only a pointer to the EVP_PKEY structure. I understand that the information is stored in the RSA_PSS_PARAMS structure. How do I access the restrictions using the public API? Thanks in advance! Tobias
Allow specifying the tag after AAD in CCM mode
Hello everyone, in GCM and OCB mode, it is possible to set the authentication tag after supplying AAD, but the CCM implementation does not allow that. This isn't a problem for most applications, but in Node.js, we expose similar APIs to interact with AEAD ciphers and these differences between cipher modes within OpenSSL propagate to our users. Unless there is a reason for the current behavior, I would prefer to change it. I opened a PR about this five months ago (https://github.com/openssl/openssl/pull/7243). It has received zero attention and I am hoping the mailing list is a good way to change that. Kind regards, Tobias
[openssl-users] Migrating from EVP_Verify*/EVP_Sign* to EVP_Digest*
Hello, we are currently discussing support for RSASSA-PSS padding in the node.js built-in crypto module: https://github.com/nodejs/node/issues/1127 So far, the crypto module uses the older EVP_Sign/EVP_Verify APIs, which do not support specifying the padding (and salt length). We considered switching to the newer EVP_Digest* functions, but we cannot provide the public key during initialization of the signature / verification process as this would require unacceptable changes to the public API of the crypto module. Is there any way to use the new API without specifying the key during initialization? Considering that the old API just computes a message digest until EVP_SignFinal/EVP_VerifyFinal is called, shouldn't it be possible to do merely the same thing using the new API? If it is impossible, is there any workaround? Thank you in advance, Tobias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users