RE: Maximum encryption key length supported by AES-128 CBC

That answers my questions. Thanks Viktor. General -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: Friday, July 5, 2024 08:01 AM To: openssl-users@openssl.org Subject: Re: Maximum encryption key length supported by AES-128 CBC [External email: Use caution

Re: Maximum encryption key length supported by AES-128 CBC

On Thu, Jul 04, 2024 at 06:20:25PM +, Vishal Kevat via openssl-users wrote: > I want to know what length of encryption key does AES-128 CBC supports? Exactly 128 bits, no more, no less. > I believe that it supports key length max upto 128 bits that is 16 bytes. It makes little se

Maximum encryption key length supported by AES-128 CBC

Hi OpenSLL users, I want to know what length of encryption key does AES-128 CBC supports? I believe that it supports key length max upto 128 bits that is 16 bytes. What happens if I give the input key of more than 16 bytes? Will the AES-128 drop the remaining bytes and consider only first 16

Re: OpenSSL AES Decryption fails randomly C++

t 11:25, WuJinze via openssl-users > wrote: > > sorry for my mistake. I found that the gist url can not display well in mail > and here is the url: > https://gist.github.com/GoGim1/77c9bebec1cc71cea066515b4623a051 > > WuJinze > 294843...@qq.com > > > --

Fw:OpenSSL AES Decryption fails randomly C++

sorry for my mistake. I found that the gist url can not display well in mail and here is the url: https://gist.github.com/GoGim1/77c9bebec1cc71cea066515b4623a051 WuJinze 294843...@qq.com   -- Original -- From:

OpenSSL AES Decryption fails randomly C++

Dear OpenSSL Group, Greetings. I was working on writing simple aes encrypt/decrypt wrapper function in c++ and running into a strange problem. The minimal reproducible examples in gist seems working fine but when i uncomment lines 90-92, it will fail to decrypt randomly. Can someone help me

Re: AES and EVP_CIPHER question

On 17/05/2022 16:25, Philip Prindeville wrote: Thanks, and for 1.1.x? There's nothing equivalent in 1.1.x AFAIK. Matt

Re: AES and EVP_CIPHER question

> On May 17, 2022, at 4:32 AM, Matt Caswell wrote: > > > > On 16/05/2022 23:48, Philip Prindeville wrote: >> Sorry, I shouldn't have phrased that inartfully. >> There is no EVP_CIPHER_CTX_get_padding(), so how does one achieve something >> analogous? > > > From 3.0, assuming you are using

Re: AES and EVP_CIPHER question

On 16/05/2022 23:48, Philip Prindeville wrote: Sorry, I shouldn't have phrased that inartfully. There is no EVP_CIPHER_CTX_get_padding(), so how does one achieve something analogous? From 3.0, assuming you are using provided ciphers (i.e. not engine ones), then OSSL_CIPHER_PARAM_PADDING

Re: AES and EVP_CIPHER question

Sorry, I shouldn't have phrased that inartfully. There is no EVP_CIPHER_CTX_get_padding(), so how does one achieve something analogous? > On May 16, 2022, at 1:00 PM, Philip Prindeville > wrote: > > Thanks. That fixed the return value of EVP_CipherFinal(). > > Is there a reciprocal EVP_CIP

Re: AES and EVP_CIPHER question

Thanks. That fixed the return value of EVP_CipherFinal(). Is there a reciprocal EVP_CIPHER_CTX_get_padding() method to find out what the default padding method is for ECB? > On May 16, 2022, at 12:41 AM, Tomas Mraz wrote: > > The EVP_CIPHER_CTX_set_padding(ctx, 0) must be called after the >

Re: AES and EVP_CIPHER question

The EVP_CIPHER_CTX_set_padding(ctx, 0) must be called after the EVP_CipherInit() to have an effect. Also what is the AST_CRYPTO_AES_BLOCKSIZE value? Is it in bits (i.e, 128)? Also res should be initialized to -1 so you do not return uninitialized value on error. Tomas Mraz On Fri, 2022-05-13 at

Re: AES and EVP_CIPHER question

Here's a simple/stupid test program and its output, running on Ubuntu 20.04 LTS: OpenSSL 1.1.1f 31 Mar 2020 EVP_CIPHER_CTX_new returns 0x5627171042a0 EVP_CipherInit returns 1 EVP_CipherUpdate returns 1, outlen = 0 buf: 'Mary had a littl' EVP_CipherFinal returns 0, finallen = 0 buf: 'Mary had a li

Re: AES and EVP_CIPHER question

len)) <= 0) { >>>break; >>>} >>>res = outlen; >>>} while (0); >>>EVP_CIPHER_CTX_free(ctx); >>>return res; >>> } >>> It's ECB, so there&

Re: AES and EVP_CIPHER question

ee(ctx); >> return res; >> } >> It's ECB, so there's no IV. Or padding. The block size and key size are >> both 128 bits. >> One thing I noticed right away is that EVP_CipherUpdate() returns 1, and >> sees "outlen" to zero. > &

Re: AES and EVP_CIPHER question

On 13/05/2022 16:49, Philip Prindeville wrote: Hi, I'm trying to rewrite some legacy AES_* code to use EVP_CIPHER_* so it's forward compatible into 3.x. My code, in a nutshell, looks like: static int evp_cipher_aes_decrypt(const unsigned char *in, unsigned char *out, unsigned inlen, const

AES and EVP_CIPHER question

Hi, I'm trying to rewrite some legacy AES_* code to use EVP_CIPHER_* so it's forward compatible into 3.x. My code, in a nutshell, looks like: static int evp_cipher_aes_decrypt(const unsigned char *in, unsigned char *out, unsigned inlen, const ast_aes_decrypt_key *key) { EVP_CIPHER_CTX

AW: AES-GCM decrypt with OpenSSL 1.1.1 - when to set the tag?

> I've raised a PR to correct the docs here: > > https://github.com/openssl/openssl/pull/17111 > > Hopefully that is sufficient to convince your reviewers. Thanks, Matt. That should do the trick. Regards, Andrew.

Re: AES-GCM decrypt with OpenSSL 1.1.1 - when to set the tag?

On 23/11/2021 10:49, Lynch, Andrew via openssl-users wrote: An external code review has now pointed out to us that we should set the tag before the IV, according to OpenSSL documentation. https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_ctrl.html#GCM-and-OCB-Modes

AES-GCM decrypt with OpenSSL 1.1.1 - when to set the tag?

Hi, We have an application that uses OpenSSL 1.1.1k to receive AES256-GCM encrypted messages. The streamed data starts with a 12 byte IV, then the ciphertext and ends with the 16 byte tag. Our decryption code is based directly on the sample code in the Wiki and the distribution. https://wik

Re: Openssl aes-256 ctr drbg

The number you asked for typically. Pauli On 21/9/21 4:49 pm, Nagarjun J wrote: Hi, What is the Number of Bytes Returned by aes-256 ctr drbg ? Thanks, Nagarjun

Openssl aes-256 ctr drbg

Hi, What is the Number of Bytes Returned by aes-256 ctr drbg ? Thanks, Nagarjun

Re: Using AES utilities in 3.0

On 2020-12-29 19:29, Narayana, Sunil Kumar wrote: > While migrating from 1.0.2 to 3.0 we observe that AES utility > functions are deprecated in 3.0. > Please suggest the equivalent replacements for these API that are been > currently used by our application

Using AES utilities in 3.0

Dear Openssl team, While migrating from 1.0.2 to 3.0 we observe that AES utility functions are deprecated in 3.0. Please suggest the equivalent replacements for these API that are been currently used by our application AES_KEY --->Structure declaration is also not visible

TLS 1.1 AES-CBC explicit IV

Hi, I'm searching information about the way you implement tls v1.1 for cbc mode I've read the rfc4346 It mention that it use explicit IV I've read the openssl code in openssl 1.0.1. And I don't know how it was implemented. I think at the beginning of the message you add (mask || R) but after I d

Re: TCP vs TLS performance (2048 RSA AES)

On 9/25/2020 12:17 PM, Amy Smith via openssl-users wrote: > I mmap the file which server will send (to eliminate disk performance). In general, this won't work.  In fact, it may make it *harder* to eliminate disk performance from a measurement. First, of course, mmap() isn't magic.  The data has

TCP vs TLS performance (2048 RSA AES)

e and throughput is 10Gbps, when I modify it to use TLS 2048 RSA with AES performance foes down to ~1Gbps and 300CPS for 128K file download. I'm using home grown tcp stack and also bypassing linux kernel for networking. Thanks,Amy

Re: TLSv1.3, AES and Apache2 on opensuse leap 15.2

now shows the desired result I mark this topic as > solved for now. > > Matt > > Am 21.07.2020 um 08:40 schrieb Rüdiger Plüm: >> >> On 7/21/20 4:20 AM, cryptearth wrote: >>> first of: as I'm not sure what's causing this issue I'll post this >

Re: TLSv1.3, AES and Apache2 on opensuse leap 15.2

s I'm not sure what's causing this issue I'll post this question on these locations: opensuse official forums https://forums.opensuse.org/showthread.php/541909-TLSv1-3-AES-and-Apache2 apache httpd mailing list openssl mailing list As OpenSuSE 15.2 recently released with opens

Re: TLSv1.3, AES and Apache2 on opensuse leap 15.2

On 7/21/20 4:20 AM, cryptearth wrote: > first of: as I'm not sure what's causing this issue I'll post this question > on these locations: > opensuse official forums > https://forums.opensuse.org/showthread.php/541909-TLSv1-3-AES-and-Apache2 > apache httpd maili

TLSv1.3, AES and Apache2 on opensuse leap 15.2

first of: as I'm not sure what's causing this issue I'll post this question on these locations: opensuse official forums https://forums.opensuse.org/showthread.php/541909-TLSv1-3-AES-and-Apache2 apache httpd mailing list openssl mailing list As OpenSuSE 15.2 recently releas

Help using openssl source code for AES/DES encryption/decryption

Hello, I want to add openssl 1.0.2u source code to support AES, DES algorithms in my existing project to build the executable (using Cross Arm GCC C/C++ compiler in Eclipse IDE) for my target environment (32-bit Arm Cortex m3 controller). What are the relevant files/folder of the source code

Re: Regarding engine implementation for RSA and AES

On 17/03/2020 07:42, Mahendra SP wrote: > Hi, > > We are looking at implementing an engine for RSA and AES. > > For AES, looking at the documentation, understand that engine will get > invoked only if the application or SSL library invokes EVP based calls > rather than

Regarding engine implementation for RSA and AES

Hi, We are looking at implementing an engine for RSA and AES. For AES, looking at the documentation, understand that engine will get invoked only if the application or SSL library invokes EVP based calls rather than native AES calls. Is this correct ? For RSA, is it mandatory to use EVP for

Re: Query regarding adding support aes-cbc-hmac-sha1 on non x86 platform through engine

t; > Thanks in advance. > > Regards > Phani > > On Mon, Jan 13, 2020 at 5:53 PM Matt Caswell <mailto:m...@openssl.org>> wrote: > > > > On 13/01/2020 06:20, Phani 2004 wrote: > > Hi Team, > > > > I am trying to add support

Re: Query regarding adding support aes-cbc-hmac-sha1 on non x86 platform through engine

ce we may get support for this on ARM any sooner? Any patches available on 1.1.1a? Thanks in advance. Regards Phani On Mon, Jan 13, 2020 at 5:53 PM Matt Caswell wrote: > > > On 13/01/2020 06:20, Phani 2004 wrote: > > Hi Team, > > > > I am trying to add support on an

Re: Query regarding adding support aes-cbc-hmac-sha1 on non x86 platform through engine

On 13/01/2020 06:20, Phani 2004 wrote: > Hi Team, > > I am trying to add support on an hardware engine for aes-cbc-hmac-sha1. > I have observed that currently aes-cbc-hmac-sha1 is supported only for > x86 architecture.  > "EVP_aes_128_cbc_hmac_sha1" api returns NUL

Query regarding adding support aes-cbc-hmac-sha1 on non x86 platform through engine

Hi Team, I am trying to add support on an hardware engine for aes-cbc-hmac-sha1. I have observed that currently aes-cbc-hmac-sha1 is supported only for x86 architecture. "EVP_aes_128_cbc_hmac_sha1" api returns NULL for non-x86 platforms. The openssl speed app calls the "EVP_get_cip

DTLS-SRTP Support for AES GCM

Hi I am using OpenSSL_1.0.2h and I want to use "SRTP_AEAD_AES_256_GCM". I know that there is no srtp profile for AES_256_GCM available in "d1_srtp.c" in my version . I know that the support is added in OpenSSL_1.1.0 but I am not able to update the version. So is there any possibility to solve m

Re: Stitched aes-128 and hmac-sha1 (encrypt-then-mac)

AES-GCM will be supported in WebRTC in the future. It has great performance and I think better security. The only downside is that packets will be 6 bytes larger and it'll take few months/years most browsers support it. Thanks On Fri, Nov 1, 2019 at 2:01 PM Matt Caswell wrote: > >

Re: Stitched aes-128 and hmac-sha1 (encrypt-then-mac)

gt; Is it planned to add aes-128-hmac-sha1 encrypt-then-mac? There are no current plans. You might investigate the impact of using AEAD ciphers instead. Matt > > On Fri, Nov 1, 2019 at 1:32 PM Matt Caswell <mailto:m...@openssl.org>> wrote: > > > >

Re: Stitched aes-128 and hmac-sha1 (encrypt-then-mac)

Thank you for the explanation. The use case is a WebRTC server (SFU) that encrypts and authenticate SRTP packets. Encryption is a major part of CPU load on SFU servers. Reducing it by 50% will have a large impact. Is it planned to add aes-128-hmac-sha1 encrypt-then-mac? On Fri, Nov 1, 2019 at 1

Re: Stitched aes-128 and hmac-sha1 (encrypt-then-mac)

On 01/11/2019 07:56, pablo platt wrote: > Hi, > > Stitching aes-cbc with sha1 can result with x2 performance [1]. > Is there support for stitched aes-128-hmac-sha1 encrypt-then-mac? This > issue [2] says that only mac-then-encrypt is supported in OpenSSL. The issue is correct

Stitched aes-128 and hmac-sha1 (encrypt-then-mac)

Hi, Stitching aes-cbc with sha1 can result with x2 performance [1]. Is there support for stitched aes-128-hmac-sha1 encrypt-then-mac? This issue [2] says that only mac-then-encrypt is supported in OpenSSL. Does this implement mac-then-encrypt and relevant [3]? Is it possible to use the same code

Re: aes-cbc-256 mode descryption without an IV

> > > -Marian > > > > Am 25.03.19 um 01:20 schrieb Tim Webber: > > > I just posted a message which i have copied below to a python > > forum. It > > > might be better asked here. The coles notes version of my > >

Re: aes-cbc-256 mode descryption without an IV

tml > > -Marian > > Am 25.03.19 um 01:20 schrieb Tim Webber: > > I just posted a message which i have copied below to a python > forum.  It > > might be better asked here.  The coles notes version of my > question is this: > > > >

Re: aes-cbc-256 mode descryption without an IV

n encrypted data file (mydata.encrypted) and a key > (plain text for now) and the following command to decrypt it: > > openssl enc -d -aes-256-cbc -a -in mydata.encrypted -out > mydata.decrypted -kfile my_symmetric_key > > Question is this.  How is the initialization vector c

aes-cbc-256 mode descryption without an IV

-aes-256-cbc -a -in mydata.encrypted -out mydata.decrypted -kfile my_symmetric_key Question is this. How is the initialization vector calculated? This command works fine. My issues is that i dont know how the initialization vetor is calculated. I suspect if its left out there is some default way

Re: AES-cipher offload to engine in openssl-fips

On Thu, 28 Feb 2019 14:41:19 +0100, Salz, Rich wrote: > > > There are two options. First, the application does the digest and > > sign as two separate things. > > My memory is a foggy surrounding that scenario, so I might be wrong, > but I think it was argued that this was in

Re: AES-cipher offload to engine in openssl-fips

> There are two options. First, the application does the digest and > sign as two separate things. My memory is a foggy surrounding that scenario, so I might be wrong, but I think it was argued that this was invalid use from a FIPS perspective. Now, we can't actually stop

Re: AES-cipher offload to engine in openssl-fips

>From https://www.openssl.org/docs/fips/UserGuide-2.0.pdf I got these lines "OpenSSL provides mechanisms for interfacing with external cryptographic devices, such as accelerator cards, via “ENGINES.” This mechanism is not disabled in FIPS mode. In general, if a FIPS validated cryptographic de

Re: AES-cipher offload to engine in openssl-fips

On 27/02/2019 22:20, Richard Levitte wrote: >> I believe Richard is wrong here. Or at least his text could be >> misleading. If the EVP API does the digesting with one module and >> then calls another module to do the RSA signing, that is okay. > > Huh? From the design document, section "Exa

Re: AW: AES-cipher offload to engine in openssl-fips

On Thu, 28 Feb 2019 00:51:24 +0100, Dr. Matthias St. Pierre wrote: > > > > Uhm, I'm confused. I thought we were talking about 3.0? > > Well, the original post started at FIPS 2.0: > > > I am using openssl-fips-2.0.16 and openssl-1.0.2e. > https://mta.openssl.org/pipermail/openssl-users/2019

Re: AES-cipher offload to engine in openssl-fips

On Thu, 28 Feb 2019 00:17:13 +0100, Salz, Rich wrote: > > >Huh? From the design document, section "Example dynamic views of > algorithm selection", after the second diagram: > > An EVP_DigestSign* operation is more complicated because it > involves two algorithms: a s

AW: AES-cipher offload to engine in openssl-fips

> Uhm, I'm confused. I thought we were talking about 3.0? Well, the original post started at FIPS 2.0: > I am using openssl-fips-2.0.16 and openssl-1.0.2e. https://mta.openssl.org/pipermail/openssl-users/2019-February/009919.html But it seems like the discussion in the thread has drifted a

Re: AES-cipher offload to engine in openssl-fips

>Huh? From the design document, section "Example dynamic views of algorithm selection", after the second diagram: An EVP_DigestSign* operation is more complicated because it involves two algorithms: a signing algorithm, and a digest algorithm. In general those

Re: AES-cipher offload to engine in openssl-fips

Uhm, I'm confused. I thought we were talking about 3.0? "Dr. Matthias St. Pierre" skrev: (27 februari 2019 23:34:23 CET) > >> -Ursprüngliche Nachricht- >> > >I always understood "FIPS-capable OpenSSL" to refer >specifically to an >> > OpenSSL compiled with the options to incorpor

AW: AES-cipher offload to engine in openssl-fips

> -Ursprüngliche Nachricht- > > >I always understood "FIPS-capable OpenSSL" to refer specifically to an > > OpenSSL compiled with the options to incorporate the FIPS canister > > module, not just any OpenSSL build that might be used in FIPS compliant > > applications (as t

Re: AES-cipher offload to engine in openssl-fips

On Wed, 27 Feb 2019 22:54:41 +0100, Salz, Rich via openssl-users wrote: > > >I always understood "FIPS-capable OpenSSL" to refer specifically to an > OpenSSL compiled with the options to incorporate the FIPS canister > module, not just any OpenSSL build that might be used in FIPS compl

Re: AES-cipher offload to engine in openssl-fips

>I always understood "FIPS-capable OpenSSL" to refer specifically to an OpenSSL compiled with the options to incorporate the FIPS canister module, not just any OpenSSL build that might be used in FIPS compliant applications (as that would be any OpenSSL at all). Yes, that is histor

Re: AES-cipher offload to engine in openssl-fips

On 27/02/2019 22:18, Richard Levitte wrote: On Wed, 27 Feb 2019 21:55:29 +0100, Jakob Bohm via openssl-users wrote: On 27/02/2019 20:59, Salz, Rich via openssl-users wrote: If you change a single line of code or do not build it EXACTLY as documented, you cannot claim to use the OpenSSL validat

Re: AES-cipher offload to engine in openssl-fips

On Wed, 27 Feb 2019 21:55:29 +0100, Jakob Bohm via openssl-users wrote: > > On 27/02/2019 20:59, Salz, Rich via openssl-users wrote: > > If you change a single line of code or do not build it EXACTLY as > > documented, you cannot claim to use the OpenSSL validation. > > > > I believe the cont

Re: AES-cipher offload to engine in openssl-fips

On 27/02/2019 20:59, Salz, Rich via openssl-users wrote: If you change a single line of code or do not build it EXACTLY as documented, you cannot claim to use the OpenSSL validation. I believe the context here is one I also mentioned in my comment on the 3.0 draft spec: - OpenSSL FIPS Mod

Re: AES-cipher offload to engine in openssl-fips

If you change a single line of code or do not build it EXACTLY as documented, you cannot claim to use the OpenSSL validation.

Re: AES-cipher offload to engine in openssl-fips

No. The OpenSSL FIPS Module is not written that way. It should not be permitting any non-FIPS implementations (see Rich's email regarding a bug). You could write your own engine, get that FIPS certified, and run it with plain, vanilla OpenSSL. There's a design spec out for OpenSSL 3.0.0 that

Re: AES-cipher offload to engine in openssl-fips

The requirement here is, to offload my "engine supported fips-compliant methods" to engine and other "fips-complaint" functions to openssl dynamically. Here I need to use openssl-fips module I guess. -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

Re: AES-cipher offload to engine in openssl-fips

Thanks for the reply. With non-fips openssl, it is possible to write my own fips-module. I understood. But, is it possible for me to write a fips-compliant/fips validated "dynamic engine" with openssl-fips? Which allows me to offload "fips-compilant" functions to my engine "dynamically"? --

Re: AES-cipher offload to engine in openssl-fips

To clarify here, using the OpenSSL FIPS implementation does not allow you to claim “FIPS Validated”, rather this would be “FIPS Compliant”. If you want to claim “FIPS Validated”, you must get your own validation for your implementation regardless of what you are using, OpenSSL FIPS module or ot

Re: AES-cipher offload to engine in openssl-fips

* Which means in fips mode ciphers never gets offloaded to engine? * All other functions (digest, RSA etc) , it first updates to fips function, and then engine function. Why only ciphers has this different behaviour? That seems like a bug. In FIPS mode you can only use the FIPS-validate

AES-cipher offload to engine in openssl-fips

Hi, I am unable to use AES-cipher offload to my engine even though it was registered with the proper flag (EVP_CIPH_FLAG_FIPS). I was able to use RSA, digests, and ECDSA to the engine with corresponding flags. I am using openssl-fips-2.0.16 and openssl-1.0.2e. OPENSSL_FIPS is set. I come

Re: [openssl-users] AES encrypt expanded key is different with no-asm

enssl" ) which is expected. > > > > Now if I configure openssl without no-asm flag and get the expanded > > key from inside openssl and compare it with the expanded key > > calculated using the function I wrote. They are not equal. As far as I > > know there is only

Re: [openssl-users] AES encrypt expanded key is different with no-asm

ulate expanded key. I have even checked whether the expanded key inside openssl is inverse cipher expanded key but yet it is different. Can someone point me in the right direction. Thanks! There have always been multiple ways to store the expanded AES key, each optimized a different implementat

[openssl-users] AES encrypt expanded key is different with no-asm

Dear all, After extracting openssl-1.1.1.tar.gz, openssl can be configured without asm by passing no-asm flag during config command. The expanded key can be obtained like follows: //Getting expanded key from inside openssl //Copied from crypto/evp/e_aes.c typedef struct { union {

Re: [openssl-users] Extracting decrypt key for AES from openssl on client side

Hi Todd, That is exactly what I am trying to do. The final goal is to implement this in hardware. Anyways I figured out that the key expansion routine is slightly different, more specifically the equivalent inverse cipher routine defined in: https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197

Re: [openssl-users] Extracting decrypt key for AES from openssl on client side

> On Nov 15, 2018, at 9:30 AM, Short, Todd via openssl-users > wrote: > > I have seen this done for hardware acceleration; where the crypto chip can do > everything except the handshake. > (In fact, this mechanism protected at least one device that I know of from > the Heartbleed debacle, sinc

Re: [openssl-users] Extracting decrypt key for AES from openssl on client side

ction is established between server and client, decrypt the incoming message (this time not using the openssl api but rather by using the decrypt AES function implemented earlier) This makes no sense, because TLS does not just emit a simple CBC encrypted stream after performing the handshake.

Re: [openssl-users] Extracting decrypt key for AES from openssl on client side

ing the decrypt > AES function implemented earlier) This makes no sense, because TLS does not just emit a simple CBC encrypted stream after performing the handshake. So you can't do that. Use SSL_read()/SSL_write, and let the library do the message decryption/encryption for you. When don

[openssl-users] Extracting decrypt key for AES from openssl on client side

I have implemented AES 128 encrypt and decrypt functions and tested it with sample data and it checks out perfectly. I used the following reference: https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf Next I implemented a dummy SSL client and SSL server which uses openssl to send and receive

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

This is factually incorrect; the TLS values are lower than the FIPS values, for example. And also, what “everyone in the know” has always stated isn’t really true any more. It would be nice to keep politics out of this list. -- openssl-users mailing list To unsubscribe: https://mta.openssl.or

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

gt; > > > Pauli > > -- > > Oracle > > Dr Paul Dale | Cryptographer | Network Security & Encryption > > Phone +61 7 3031 7217 > > Oracle Australia > > > > *From:* Dmitry Belyavsky [mailto:beld...@gmail.com] > *Sent:* Friday, 14 September 2018 8:41

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

| Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia   From: Dmitry Belyavsky [mailto:beld...@gmail.com] Sent: Friday, 14 September 2018 8:41 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS   H

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

:55 AM Paul Dale wrote: > >> I wasn’t aware of other national standards requiring a similar check. >> >> >> >> I made the change in the AES-GCM code because FIPS demands the check be >> inside the FIPS boundary. I’d have preferred to make it in the TLS layer, >

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

Dear Paul, Could you please clarify? The code seems to be related to s390 platform. Do I miss something? On Thu, Sep 13, 2018 at 1:55 AM Paul Dale wrote: > I wasn’t aware of other national standards requiring a similar check. > > > > I made the change in the AES-GCM code becau

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

I wasn’t aware of other national standards requiring a similar check.   I made the change in the AES-GCM code because FIPS demands the check be inside the FIPS boundary.  I’d have preferred to make it in the TLS layer, but that mustn’t be inside the FIPS boundary.  My understanding is that TLS

[openssl-users] Limit the number of AES-GCM keys allowed in TLS

://datatracker.ietf.org/doc/draft-smyshlyaev-tls12-gost-suites/) so I think that this mechanism is very useful. The current implementation is done at EVP level, and it seems suboptimal because of the following reasons: - If the AES implementation is provided via engine, not by OpenSSL itself, the limitation can

Re: [openssl-users] EVP AES Wrap

Thanks Matt, it works fine now. Regards, Luís On Thu, May 17, 2018 at 10:09 AM Matt Caswell wrote: > > > On 16/05/18 18:55, Luís Martins wrote: > > Hi, > > > > I'm trying to use the EVP AES wrap implementations from openssl > > (e.g. EVP_aes_1

Re: [openssl-users] EVP AES Wrap

On 16/05/18 18:55, Luís Martins wrote: > Hi, > >     I'm trying to use the EVP AES wrap implementations from openssl > (e.g. EVP_aes_128/192/256_wrap()) but I'm getting the following error in > EVP_EncryptInit_ex() f: >     error:0607B0AA:digital envelope routines

[openssl-users] EVP AES Wrap

Hi, I'm trying to use the EVP AES wrap implementations from openssl (e.g. EVP_aes_128/192/256_wrap()) but I'm getting the following error in EVP_EncryptInit_ex() f: error:0607B0AA:digital envelope routines:EVP_CipherInit_ex:wrap mode not allowed I've search the do

Re: [openssl-users] AES-GCM cipher in TLS

On 05/04/18 18:35, PS wrote: > Thanks Matt. > > I did read those RFC as well. And here is the confusion. The RFC5116 > says this section 2.1 > > There is a *single output:* > > A ciphertext C, which is at least as long as the plaintext, or > > an indication that the requested en

Re: [openssl-users] AES-GCM cipher in TLS

Thanks Matt. I did read those RFC as well. And here is the confusion. The RFC5116 says this section 2.1 There is a *single output:* A ciphertext C, which is at least as long as the plaintext, or an indication that the requested encryption operation could not be performed. N

Re: [openssl-users] AES-GCM cipher in TLS

TLSCompressed.fragment = AEAD-Decrypt(write_key, nonce, > AEADEncrypted, > additional_data) > > " > > But, in the AES-GCM decryption example on openssl wiki at > https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_De

[openssl-users] AES-GCM cipher in TLS

AEADEncrypted, additional_data) " But, in the AES-GCM decryption example on openssl wiki at https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption shows the decryption also takes as input the* tag *to be verified. I know that the Authentication tag is the

Re: [openssl-users] Low level AES alternative in FIPS-140 OpenSSL

On 03/02/18 08:13, Alex Dankow via openssl-users wrote: > Greetings! > > You probably know that low level AES function AES_set_encrypt_key is > disabled in FIPS 140-2 module. Instead it is offered to use EVP_ > set of functions. > > We develop transparent database encrypti

Re: [openssl-users] Low level AES alternative in FIPS-140 OpenSSL

➢ Question: Is there a way to set IV for CTX after its initialization for FIPS version of OpenSSL? No, sorry. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Low level AES alternative in FIPS-140 OpenSSL

Greetings! You probably know that low level AES function AES_set_encrypt_key is disabled in FIPS 140-2 module. Instead it is offered to use EVP_ set of functions. We develop transparent database encryption for SQL Server and performance is very important issue. AES CTR requires very frequent

[openssl-users] AES-CTR-256 test suite for FIPS

Hi All, We are using DRBG using AES-CTR-256 in FIPS mode. I could find test suite/file that takes CAVP test request and generating the response for DRBG using AES-CTR-256. However I am not finding any test suite/file that validates AES-CTR 128/192/256 bits. Please can any one let me know while

[openssl-users] How is the AES CTR encryption working in openssl EVP api

Hi, I am trying to use AES CTR encryption to encrypt/decrypt data using EVP API. The earlier API, AES_ctr128_encrypt does explicitly use a counter. How is the counter handled in the EVP implmentation. I followed this documentation here, https://wiki.openssl. org/index.php

[openssl-users] AES CMAC with given iv

Hi, I need to calculate an AES CMAC with a given iv and also get the new iv after the calculation. On the internet I found some examples how to calculate the CMAC but if I read the code correctly it always starts with a zero iv. I also found the CMAC_resume function which restores the iv but

Re: [openssl-users] AES-CMAC digest with EVP

On Wed, Aug 30, 2017, Daniel Andrade wrote: > Hello, > > I have two buffers, one with a key and one with some data. The > objective is to calculate the AES-CMAC of the data with this key. I > managed to compute the AES-CMAC using type `EVP_aes_128_cbc()` with > the low-level

[openssl-users] AES-CMAC digest with EVP

Hello, I have two buffers, one with a key and one with some data. The objective is to calculate the AES-CMAC of the data with this key. I managed to compute the AES-CMAC using type `EVP_aes_128_cbc()` with the low-level interface: 1. CMAC_CTX *ctx = CMAC_CTX_new() 2. CMAC_Init 3

  1   2   3   4   5   6   7   8   >