AES-GCM

Hi, I have ciphertext encrypted in Java (using BouncyCastle - BC) with "AES/GCM/NoPadding" cipher. When I tried to decrypt it using OpenSSL in a 'c' program, the last call 'EVP_DecryptFinal_ex' fails. Somehow, ERR_print_errors_fp is not printing anything either. I

AES GCM + padding

Hi, I'm playing around with "EVP_aes_128_gcm". This works, but it seems that EVP_* does not include padding. Is this expected/needed or did I miss a step? Thanks Dirk __ OpenSSL Project http://www.

Re: AES-GCM

On 05/27/2014 09:00 AM, Anant Rao wrote: > Hi, > > I have ciphertext encrypted in Java (using BouncyCastle - BC) with > "AES/GCM/NoPadding" cipher. > > When I tried to decrypt it using OpenSSL in a 'c' program, the last call > 'EVP_DecryptFinal_

Re: AES-GCM

On Tue, May 27, 2014 at 12:33 AM, Jens Hiller wrote: > On 05/27/2014 09:00 AM, Anant Rao wrote: > > Hi, > > > > I have ciphertext encrypted in Java (using BouncyCastle - BC) with > > "AES/GCM/NoPadding" cipher. > > > > When I t

Re: AES-GCM

On Tue, May 27, 2014 at 3:00 AM, Anant Rao wrote: > Hi, > > I have ciphertext encrypted in Java (using BouncyCastle - BC) with > "AES/GCM/NoPadding" cipher. > > When I tried to decrypt it using OpenSSL in a 'c' program, the last call > 'EVP_DecryptFi

Re: AES-GCM

counter modes and therefore do not require padding (reference: http://openssl.6102.n7.nabble.com/AES-GCM-padding-td43598.html and various GCM documentations). Hence, there is nothing to do for the finalization except for computing the MAC (but I have not checked in the code if the finalization

Re: AES-GCM

On 27 May 2014 08:00, Anant Rao wrote: > When I tried to decrypt it using OpenSSL in a 'c' program, the last call > 'EVP_DecryptFinal_ex' fails. Somehow, ERR_print_errors_fp is not printing > anything either. If EVP_DecryptFinal_ex fails with GCM then this means that the tag has failed to verify

Re: AES GCM + padding

It is a feature of GCM that the ciphertext (excluding the authentication tag) is identical length to the plaintext. Therefore no padding is required. Matt On 8 February 2013 14:27, Dirk Menstermann wrote: > Hi, > > I'm playing around with "EVP_aes_128_gcm". This works, but it seems that > EVP_*

Re: AES GCM + padding

Thank you Matt! On 08.02.2013 16:33, Matt Caswell wrote: > It is a feature of GCM that the ciphertext (excluding the authentication tag) > is > identical length to the plaintext. Therefore no padding is required. > > Matt > > On 8 February 2013 14:27, Dirk Menstermann

AES GCM cipher names

Hi, Could somebody tell me what names I should use in EVP_get_cipherbyname() to return the AES_128_GCM and AES_256_GCM ciphers? I looked into openssl code but got lost. Thanks a lot, -binlu

Re: AES GCM cipher names

On 15 May 2013 20:15, Bin Lu wrote: > Hi, > > Could somebody tell me what names I should use in EVP_get_cipherbyname() to > return the AES_128_GCM and AES_256_GCM ciphers? I looked into openssl code > but got lost. > aes-128-gcm and aes-256-gcm Matt __

AES-GCM Gives Wrong Tag Value?

Hi Experts, First time I am using AES-GCM mode to run the NIST test vectors. The API is: void AES_gcm128_encrypt(GCM128_CONTEXT *ctx, const unsigned char *in, unsigned char *out, size_t len) After initialization and encryption, my cipher text matched the one

[openssl-users] AES-GCM processing time

dear all i am using Authenticated Encryption AES-GCM. i am trying to calculate the processing time for encrypting a data message of size 500 byte clock_t startEncryption, endEncryption; double msecs1; startEncryption = clock(); unsigned char plaintext[500] = {'f',

DTLS-SRTP Support for AES GCM

Hi I am using OpenSSL_1.0.2h and I want to use "SRTP_AEAD_AES_256_GCM". I know that there is no srtp profile for AES_256_GCM available in "d1_srtp.c" in my version . I know that the support is added in OpenSSL_1.1.0 but I am not able to update the version. So is there any possibility to solve m

Locating AES GCM & GMAC Code under OpenSSL

Hello, I am implementing IKEv2 Suite test conformance tool to exercise encryption/auth algorithm AES GCM & GMAC against my customer product. I was little concerned about the availability of aes_gcm code under openssl for my use. I downloaded the latest code from http://www.openssl.org/so

Re: AES-GCM Gives Wrong Tag Value?

the tag (which you already know), then you can count the offset, etc. And, then you can see if the numerical value of ctx.Xi.c points to the correct address. Good luck On Fri, May 18, 2012 at 10:22 AM, Li, David wrote: > Hi Experts, > > ** ** > > First time I am using AES-

Re: AES-GCM Gives Wrong Tag Value?

On Fri, May 18, 2012, Li, David wrote: > Hi Experts, > > First time I am using AES-GCM mode to run the NIST test vectors. The API is: > > void AES_gcm128_encrypt(GCM128_CONTEXT *ctx, > const unsigned char *in, unsigned char *out, > size

RE: AES-GCM Gives Wrong Tag Value?

-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson [st...@openssl.org] Sent: Friday, May 18, 2012 10:17 AM To: openssl-users@openssl.org Subject: Re: AES-GCM Gives Wrong Tag Value? On Fri, May 18, 2012, Li, David wrote: > Hi Experts, > > First time I am using AES-GCM mode to run the

Support for AES-GCM on OpenSSL-0.9.8

Hi, AES_GCM is supported on OpenSSL-1.0.1 Regarding support on OpenSSL-0.9.8, have found patch on link below. http://rt.openssl.org/Ticket/Display.html?id=2092&user=guest&pass=guest >From various opensource discussion, it seems it cleanly apply to old version. Is it ok for this patch to be used o

Re: [openssl-users] AES-GCM processing time

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Amir Reda > Sent: Tuesday, April 07, 2015 08:50 > i am using Authenticated Encryption AES-GCM. i am trying to calculate the > processing time for encrypting a data > message of size 500 byte Yo

Re: [openssl-users] AES-GCM processing time

> At the > very least, you need to measure many encryptions and take the average. +1 Also look at the openssl speed app. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz ___ openssl-users mailing list To unsubscribe

[openssl-users] AES-GCM cipher in TLS

AEADEncrypted, additional_data) " But, in the AES-GCM decryption example on openssl wiki at https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption shows the decryption also takes as input the* tag *to be verified. I know that the Authentication tag is the

Re: Locating AES GCM & GMAC Code under OpenSSL

Hi! > I was little concerned about the availability of aes_gcm code under > openssl for my use. I downloaded the latest code from > http://www.openssl.org/source/, but don't seem to find out gcm/gmac > libraries. > > There are earlier mails chains explaining the GCM update under > http://marc.inf

Re: Support for AES-GCM on OpenSSL-0.9.8

scussion, it seems it cleanly apply to old > version. > Is it ok for this patch to be used on older versions or in order to use > AES_GCM, upgrade to new openssl is mandatory? > As you have pointed out AES-GCM is supported in OpenSSL 1.0.1. There is no intention for it to be added to

[openssl-users] [AES-GCM] TLS packet nounce_explicit overflow

Dear team In AES-GCM mode i know that the final counter will be [4 bytes salt which is negotiated between client and serevr ] + [8 bytes of random bytes which are generated using RAND_bytes (nounce_explicit). nounce] + [32 bit counter ] nounce_explicit will be

Re: [openssl-users] AES-GCM cipher in TLS

TLSCompressed.fragment = AEAD-Decrypt(write_key, nonce, > AEADEncrypted, > additional_data) > > " > > But, in the AES-GCM decryption example on openssl wiki at > https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_De

Re: [openssl-users] AES-GCM cipher in TLS

Thanks Matt. I did read those RFC as well. And here is the confusion. The RFC5116 says this section 2.1 There is a *single output:* A ciphertext C, which is at least as long as the plaintext, or an indication that the requested encryption operation could not be performed. N

Re: [openssl-users] AES-GCM cipher in TLS

On 05/04/18 18:35, PS wrote: > Thanks Matt. > > I did read those RFC as well. And here is the confusion. The RFC5116 > says this section 2.1 > > There is a *single output:* > > A ciphertext C, which is at least as long as the plaintext, or > > an indication that the requested en

[openssl-users] AES-GCM failing from Command Line Interface

Hello, I am trying to encrypt a short message using AES-256-GCM as mentioned in the subject. My command is: openssl enc -aes-256-gcm -p -in payload.txt -out enc.txt I get prompted for password as expected. The encryption goes well, and then I proceed to decrypt using: openssl enc -d -aes-256-g

[openssl-users] FIPS certification for AES GCM mode algorithm

Hi all, We are using the OpenSSL FIPS module v2.0 and are in the process of certifying the algorithms for our implementation. As part of this process there are different types of questionnaires about the algorithms. The questionnaire for AES GCM mode asks: : : Input Data Lengths (0 to 65536

Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow

No, it does not do this automatically. if the nounce _explicit overflows or overlaps , then does openssl code handles it (atleast by initiating renegotiation )? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow

:49 To: openssl-users@openssl.org Subject: Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow No, it does not do this automatically. if the nounce _explicit overflows or overlaps , then does openssl code handles it (atleast by initiating renegotiation )? -- openssl-users

Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow

a openssl-users *Sent:* Thursday, March 09, 2017 05:49 *To:* openssl-users@openssl.org *Subject:* Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow No, it does not do this automatically. *if the nounce _explicit overflows or overlaps , then does openssl code handles it (atleas

Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jakob Bohm > Sent: Thursday, March 09, 2017 19:05 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow First, note my original calculation wa

Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow

On 10/03/2017 04:34, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jakob Bohm Sent: Thursday, March 09, 2017 19:05 To: openssl-users@openssl.org Subject: Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow First, note my original

Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jakob Bohm > Sent: Thursday, March 09, 2017 21:43 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow > > I seem to recall (I haven'

Re: [openssl-users] AES-GCM failing from Command Line Interface

gt; > My guess is that the problem is in the padding, but I have not been able to > eliminate the error message, even setting the -nopad option and padding > manually. > > Can someone please explain to me why this might be happening? > > I am running openSSL 1.0.1f (

Re: [openssl-users] AES-GCM failing from Command Line Interface

Ah, thank you! I tried a lot of things and was very frustrated. I wish the documentation reflected that. I'll see if I can contribute by updating it. Regarding AES-GCM from the command line, or PHP bindings, is that something that any of the OpenSSL components support? I think EVP i

Re: [openssl-users] AES-GCM failing from Command Line Interface

does not support authenticated encryption modes like CCM and GCM. The utility does not store or retrieve the authentication tag." > > Regarding AES-GCM from the command line, or PHP bindings, is that something > that any of the OpenSSL components support? I think EVP is the intended way > bu

Re: [openssl-users] AES-GCM failing from Command Line Interface

sh the >> documentation reflected that. I'll see if I can contribute by updating it. > > It does: > > https://www.openssl.org/docs/apps/enc.html > "The enc program does not support authenticated encryption modes like > CCM and GCM. The utility does not store

Re: [openssl-users] AES-GCM failing from Command Line Interface

On 10/02/15 15:31, Sec_Aficionado wrote: > Matt, > > Thanks for keeping me honest! I see it now, but I totally missed it before. I > must have just played with the cli and not read the full page. > > Can you please confirm that EVP is the way to go? I'll create my own little > PHP extension s

Re: [openssl-users] AES-GCM failing from Command Line Interface

Hi, On Tue, Feb 10, 2015 at 3:31 PM, Sec_Aficionado wrote: > Matt, > > Thanks for keeping me honest! I see it now, but I totally missed it > before. I must have just played with the cli and not read the full page. > > Can you please confirm that EVP is the way to go? I'll create my own > little

Re: [openssl-users] AES-GCM failing from Command Line Interface

Hi Jakub, I have my custom solution in place and it works well, but I'm always willing to learn other ways to solve the problem. I'll take a look this coming week. Thanks! Sent from my mobile > On Feb 20, 2015, at 3:34 PM, Jakub Zelenka wrote: > > Hi, > >> On Tue, Feb 10, 2015 at 3:31 PM, S

Re: [openssl-users] FIPS certification for AES GCM mode algorithm

To answer my own question: Use 512, 1024 and 504, 1016 in both cases ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Need some information about TLS with AES-GCM

Hello, I'm running server and client and they communicate using DTLS over UDP and cipher suite in use is AES-GCM-SHA384. What i want to do here is to decrypt the packets which are sent by the client but i keep failing to do so. To do this i obviously need the clients write key, nonce, the a

AES-GCM decrypt with OpenSSL 1.1.1 - when to set the tag?

Hi, We have an application that uses OpenSSL 1.1.1k to receive AES256-GCM encrypted messages. The streamed data starts with a 12 byte IV, then the ciphertext and ends with the 16 byte tag. Our decryption code is based directly on the sample code in the Wiki and the distribution. https://wik

[openssl-users] Limit the number of AES-GCM keys allowed in TLS

Hello, The issue https://github.com/openssl/openssl/pull/7129 has introduced a possibility to limit the amount of TLS records processed without key changing as required by FIPS. We in Russia have limitations with the same semantics applicable to Russian GOST TLS ciphersuites ( https://datatracker

Re: AES-GCM decrypt with OpenSSL 1.1.1 - when to set the tag?

On 23/11/2021 10:49, Lynch, Andrew via openssl-users wrote: An external code review has now pointed out to us that we should set the tag before the IV, according to OpenSSL documentation. https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_ctrl.html#GCM-and-OCB-Modes

AW: AES-GCM decrypt with OpenSSL 1.1.1 - when to set the tag?

> I've raised a PR to correct the docs here: > > https://github.com/openssl/openssl/pull/17111 > > Hopefully that is sufficient to convince your reviewers. Thanks, Matt. That should do the trick. Regards, Andrew.

[1.1.0-dev] AES-GCM on command line: "bad decrypt" but seems to work

Hi, I'm seemingly able to enc and dec from the command line using -aes-128-gcm, but get a "bad decrypt" error (despite being able to recover the plain text). Is getting this error message the expected behavior? The only thing I've found via google is a couple years old, and not really relevant (

[openssl-users] Optimized way to encrypt data with different ivs using AES/GCM

Hello OpenSSL experts, I am encrypting a stream of data using OpenSSL C API and AES/GCM with 16-byte ivs. The stream is split into several chunks that need to be encrypted with the same key but different ivs. So far I have the following flow: ### for data_chunk: iv = newIv

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

I wasn’t aware of other national standards requiring a similar check.   I made the change in the AES-GCM code because FIPS demands the check be inside the FIPS boundary.  I’d have preferred to make it in the TLS layer, but that mustn’t be inside the FIPS boundary.  My understanding is that TLS

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

Dear Paul, Could you please clarify? The code seems to be related to s390 platform. Do I miss something? On Thu, Sep 13, 2018 at 1:55 AM Paul Dale wrote: > I wasn’t aware of other national standards requiring a similar check. > > > > I made the change in the AES-GCM code becau

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

:55 AM Paul Dale wrote: > >> I wasn’t aware of other national standards requiring a similar check. >> >> >> >> I made the change in the AES-GCM code because FIPS demands the check be >> inside the FIPS boundary. I’d have preferred to make it in the TLS layer, >

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

| Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia   From: Dmitry Belyavsky [mailto:beld...@gmail.com] Sent: Friday, 14 September 2018 8:41 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS   H

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

gt; > > > Pauli > > -- > > Oracle > > Dr Paul Dale | Cryptographer | Network Security & Encryption > > Phone +61 7 3031 7217 > > Oracle Australia > > > > *From:* Dmitry Belyavsky [mailto:beld...@gmail.com] > *Sent:* Friday, 14 September 2018 8:41

Re: [openssl-users] Limit the number of AES-GCM keys allowed in TLS

This is factually incorrect; the TLS values are lower than the FIPS values, for example. And also, what “everyone in the know” has always stated isn’t really true any more. It would be nice to keep politics out of this list. -- openssl-users mailing list To unsubscribe: https://mta.openssl.or

Re: [1.1.0-dev] AES-GCM on command line: "bad decrypt" but seems to work

On Tue, May 06, 2014, Jeremy Gray wrote: > > I'm seemingly able to enc and dec from the command line using -aes-128-gcm, > but get a "bad decrypt" error (despite being able to recover the plain > text). > It's a bug: you shouldn't be able to use GCM in the "enc" command as it doesn't correctly

[openssl-users] OpenSSL/TLS /AES-GCM IV/Key uniqueness compliance with SP800-38D Section 8

All, We are using OpenSSL 1.0.1e/FIPS 2.0.11 on CentOS6 x86_64 and I have a question about the TLS GCM Cipher suites - Do the TLS GCM suites satisfy the requirements of Section 8 of SP 800-38D ? If I am reading the document right, the following are the requirements therein. 1) The probab