On Mon, Jun 22, 2015 at 08:57:08AM +0530, Nayna Jain wrote:
> What will X509_verify() will verify if I pass it public key.
It checks the signature of the certificate using the supplied key.
> I mean does it check the private key with which certificate was signed, or
> the public key which this c
OK.. I think I understood this API wrongly then.
What will X509_verify() will verify if I pass it public key.
I mean in place of private key , if I try to match the public key than
rather than doing keys comparision, will passing the public key to this
API, help ?
I mean does it check the priva
On Mon, Jun 22, 2015 at 07:56:37AM +0530, Nayna Jain wrote:
> I want to match the certificate with the private key for whose public key
> that certificate is provided.
That's the subject key, and unless the certificate is self-signed,
the X509_verify() function is not the right interface. You wa
Thanks Victor,
I want to match the certificate with the private key for whose public key
that certificate is provided.
If this verifies who signed the certificate, then how do I verify whether
the certificate provided is for the private key which was generated,
Thanks & Regards,
Nayna Jain
F
On Mon, Jun 22, 2015 at 04:12:29AM +0530, Nayna Jain wrote:
> I am trying to verify X509 certificate against two private keys such that
> atleast one of them it should match.
What do you mean by "match"? Was either key used to sign the
certificate, or is one of the keys the public key of the sub
On Sun, Jun 21, 2015 at 3:00 PM, Salz, Rich wrote:
Your analysis is incorrect for servers over the Internet, where the only
> thing that an attacker can measure is time. Power and radiation require
> close proximity and, often, physical intervention. Those are reasonable
> attacks to have in th
Hi,
I am trying to verify X509 certificate against two private keys such that
atleast one of them it should match.
I used the API as
X509_verify(x509, pkey) where pkey is of EVP_PKEY type
However, for one of the private key it is failing with error "block type is
not 01"// And this key is s
Dmitry Belyavsky wrote:
> BTW, is there any tool for checking C code whether it is constant-time?
Short answer:
No tools that are useful for usable implementations of asymmetric cryptography,
that I know of, but useful tools for confirming that symmetric cryptography
designed for constant-tim
The following is from ssl.h, around line 285:
/*
* The following cipher list is used by default. It also is substituted when
* an application-defined cipher list string starts with 'DEFAULT'.
*/
# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL"
Its 2015, and its probably
Your analysis is incorrect for servers over the Internet, where the only thing
that an attacker can measure is time. Power and radiation require close
proximity and, often, physical intervention. Those are reasonable attacks to
have in the threat model, but comes after timing considerations.
Does anyone have any comment on my reasoning regarding the constant time?
Here is the text:
Side Channel Security:
--
This library uses multiple measures with the gaol of eliminating leakage of
secret
keys during cryptographic operations. Constant-time is one of these
measures
OpenSSL_1_0_2-stable 4475451 RT3917: add cleanup on an error path
master 7fba840 RT3917: add cleanup on an error path
Author: Rich Salz
Date: Sun Jun 21 15:37:53 2015 -0400
RT3917: add cleanup on an error path
Reviewed-by: Richard Levitte
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
Cherry-picked to 1.0.2 and 1.0.1; thanks.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Yet another version after some refactorings that landed in master.
Please, pretty please, with sugar on top, could anyone review this code
so that it can get merged?
It's becoming a difficult exercise to keep track of upstream changes and
adapt the patch every single time...
Cheers,
--
Giusep
> This high-key-bit leak is only saved by X25519's insistence on setting the
> highest bit to 1 on every secret key.
This is not a coincidence. Djb was the first, and is still one of the few,
cryptographers who think about it from a full systems approach and design
things so that proper implem
On 21-06-2015 18:10, Salz, Rich wrote:
> The big thing is "avoid data-dependant jumps." For example, memcmp() always
> runs the full length, almost any "if" statement needs careful scrutiny, and
> so on.
Case in point:
https://github.com/msotoodeh/curve25519/blob/master/source/curve25519_dh.c
On Sun, Jun 21, 2015 at 05:10:48PM +, Salz, Rich wrote:
> The big thing is "avoid data-dependant jumps.
Not only data-dependent branches, but also data-dependent memory
access patterns. Both the sequence of instrucutions executed and
the sequence of memory addresses accessed must not depend
> BTW, is there any tool for checking C code whether it is constant-time?
I'm not aware of any. The body of information about it, for C, is slowly
starting to emerge. There was some talk about an IETF draft on techniques, but
I don't recall seeing it yet.
The big thing is "avoid data-dependan
Hi Aaron,
Did you look at the text regarding side channel security on the front page?
It is located towards the end of page and I think you missed it.
My reasoning is the fact that the goal of constant time is not achievable
by software only approaches. A lot depends on the underlying hardware.
Th
Hello Rich,
On Sun, Jun 21, 2015 at 7:54 PM, Salz, Rich wrote:
>
> > I really have to question the wisdom of adding implementations of
> > Curve25519 and/or Ed25519 that are not completely constant- time.
>
> It's unlikely to happen.
>
>
BTW, is there any tool for checking C code whether it is c
> I really have to question the wisdom of adding implementations of
> Curve25519 and/or Ed25519 that are not completely constant- time.
It's unlikely to happen.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 20/06/15 23:24, Mehdi Sotoodeh wrote:
> [...] Major features of this library include: [...] *
> Constant-time (partially) and blinding support for side channel
> security.
I really have to question the wisdom of adding implementations
of Curve255
22 matches
Mail list logo
