[openssl-users] openssl-users Digest, Vol 28, Issue 21

Christian Adja christian_adja at yahoo.it
Wed Mar 22 17:48:08 UTC 2017


Good evening everybody,I need help about to transform public key (unsigned char *) retrieved from IEEE cert in EVP_PKEY o EC_KEY. The public key is an ecdsaNistP256 in compressed form (compressedy1). 
The public key form in hex = 
|00|80|83|x point (32 bytes)|
Thanks,
Best Regards
 

    Il Mercoledì 15 Marzo 2017 22:23, "openssl-users-request at openssl.org" <openssl-users-request at openssl.org> ha scritto:
 

 Send openssl-users mailing list submissions to
    openssl-users at openssl.org

To subscribe or unsubscribe via the World Wide Web, visit
    https://mta.openssl.org/mailman/listinfo/openssl-users
or, via email, send a message with subject or body 'help' to
    openssl-users-request at openssl.org

You can reach the person managing the list at
    openssl-users-owner at openssl.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."


Today's Topics:

  1. Request for adding new ciphers (Christian Adja)
  2. Re: Request for adding new ciphers (Matt Caswell)
  3. Generating dh parameters multithreaded? (Joseph Southwell)
  4. Re: Generating dh parameters multithreaded? (Salz, Rich)
  5. OpenSSL Certificate Cross Signing (Moritz Wirth)
  6. Re: PKCS#7 (val?ry)
  7. Re: Generating dh parameters multithreaded? (Joseph Southwell)
  8. Re: Generating dh parameters multithreaded? (Salz, Rich)


----------------------------------------------------------------------

Message: 1
Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC)
From: Christian Adja <christian_adja at yahoo.it>
To: "openssl-users at openssl.org" <openssl-users at openssl.org>
Subject: [openssl-users] Request for adding new ciphers
Message-ID: <1576557894.1332584.1489601024241 at mail.yahoo.com>
Content-Type: text/plain; charset="utf-8"

Hi everyone,
Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl? 
I tried adding in the file tls1.h??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM??????????? 0x0300C0AC
??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM??????????? 0x0300C0AD
And modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers() ... And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c.
There are no way to make it works. It continue to give me? error: ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420
thanks.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170315/5ea926a1/attachment-0001.html>

------------------------------

Message: 2
Date: Wed, 15 Mar 2017 18:18:52 +0000
From: Matt Caswell <matt at openssl.org>
To: openssl-users at openssl.org
Subject: Re: [openssl-users] Request for adding new ciphers
Message-ID: <e507eba7-b0c6-d85a-78aa-2af36c2e487e at openssl.org>
Content-Type: text/plain; charset=windows-1252



On 15/03/17 18:03, Christian Adja via openssl-users wrote:
> Hi everyone,
> 
> Someone can help for adding the ciphersuite "
> ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in
> openssl?
> I tried adding in the file tls1.h
>    # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM            0x0300C0AC
>    # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM            0x0300C0AD
> 
> And modifing the file  ssl_ciph.c the functions
>    ssl_load_ciphers() ...
> And modifing the file evp_cipher.c and sssl_locl.c
> and finaly ssl_algs.c.
> 
> There are no way to make it works. It continue to give me  error:
> ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420


These ciphersuites already exist in OpenSSL (from version 1.1.0).

Matt



------------------------------

Message: 3
Date: Wed, 15 Mar 2017 14:18:38 -0400
From: Joseph Southwell <jsouthwell at serengeti.com>
To: openssl-users at openssl.org
Subject: [openssl-users] Generating dh parameters multithreaded?
Message-ID: <56015584-6EDC-4BD6-AA21-F27835281A99 at serengeti.com>
Content-Type: text/plain; charset="utf-8"

On any new install of our software we generate new dh parameters as follows?

DH *dh = DH_new();
!DH_generate_parameters_ex(dh, 2048, 2, NULL);
int codes = 0;
DH_check(dh, &codes);
DH_generate_key(dh);

It takes a long time. Is there some way to have it use all available cores instead of just the one?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170315/abdcfd11/attachment-0001.html>

------------------------------

Message: 4
Date: Wed, 15 Mar 2017 18:21:05 +0000
From: "Salz, Rich" <rsalz at akamai.com>
To: "openssl-users at openssl.org" <openssl-users at openssl.org>
Subject: Re: [openssl-users] Generating dh parameters multithreaded?
Message-ID:
    <9ff829cd17f74e4a910ca067196f7d62 at usma1ex-dag1mb1.msg.corp.akamai.com>
Content-Type: text/plain; charset="utf-8"

> It takes a long time. Is there some way to have it use all available cores instead of just the one?

You'll have to write the code to do that parallelism yourself.

------------------------------

Message: 5
Date: Wed, 15 Mar 2017 19:46:07 +0100
From: Moritz Wirth <mw at flanga.io>
To: openssl-users at openssl.org
Subject: [openssl-users] OpenSSL Certificate Cross Signing
Message-ID: <c879dec1-9fab-5ecc-de01-4e033c690690 at flanga.io>
Content-Type: text/plain; charset=utf-8

Good Evening all,


I have 2 Root Certificate Authorities which I want to use to cross sign
an intermediate certificate. I created a certificate request and signed
it with both CAs.

I issued an end user certificate with the intermediate CA and added both
intermediate CA Certificates (the one from Root1 and the one signed by
Root2). If only one CA is trusted, the certificate is still recognized
as trusted in Firefox regardless which certificate is on top of the
chain (Which is exactly what I want.)

I wondered if I can connect both intermediate Certificates to a single
certificate or do I always need both certificates?


Best Regards,

Moritz



------------------------------

Message: 6
Date: Wed, 15 Mar 2017 21:42:50 +0100
From: val?ry <vsbrin at gmail.com>
To: openssl-users at openssl.org
Subject: Re: [openssl-users] PKCS#7
Message-ID:
    <CAMkdoSFR_kT=wxt5jAFMENwN3dXEhzVr=VkJmh-7=ocaHj14OA at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Alright, big thanks to both of you for your input!

On Mar 15, 2017 23:01, "Wouter Verhelst" <wouter.verhelst at fedict.be> wrote:

On 15-03-17 05:13, val?ry wrote:

> Hi,
>
> thank you very much for your response.
> Say someone would be able to gather several clear text AES keys and
> their respective asymmetrically encrypted RSA blocks. Would it weakens
> the security of the RSA key pair ? I mean could it be easier for someone
> using that information to brute force an RSA key pair ?
>

Think of it this way:

As far as the RSA algorithm is concerned, the AES keys are just data. They
happen to be AES keys, but they might have been a hash value, an image, or
somebody's date of birth.

If getting the cleartext as well as the encrypted text for an RSA message
would allow you to more easily guess the RSA key, then the RSA algorithm
would be seriously flawed.

There is no known attack against RSA for which this is true, however, as
Rich pointed out.

-- 
Wouter Verhelst

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170315/c5426a43/attachment-0001.html>

------------------------------

Message: 7
Date: Wed, 15 Mar 2017 17:08:50 -0400
From: Joseph Southwell <jsouthwell at serengeti.com>
To: "Salz, Rich" <rsalz at akamai.com>, openssl-users at openssl.org
Subject: Re: [openssl-users] Generating dh parameters multithreaded?
Message-ID: <F3ADE150-0FAA-46B8-B481-816C1DD1B984 at serengeti.com>
Content-Type: text/plain; charset=us-ascii

Are you suggesting that I should modify openssl myself to expose that functionality or are suggesting that there is a way to do that given the already exposed functionality? If it is the latter could you point me in the right direction?

> On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users <openssl-users at openssl.org> wrote:
> 
>> It takes a long time. Is there some way to have it use all available cores instead of just the one?
> 
> You'll have to write the code to do that parallelism yourself.
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 



------------------------------

Message: 8
Date: Wed, 15 Mar 2017 21:15:11 +0000
From: "Salz, Rich" <rsalz at akamai.com>
To: Joseph Southwell <jsouthwell at serengeti.com>,
    "openssl-users at openssl.org" <openssl-users at openssl.org>
Subject: Re: [openssl-users] Generating dh parameters multithreaded?
Message-ID:
    <2a86a335027d437ba9531551ce0ea897 at usma1ex-dag1mb1.msg.corp.akamai.com>
Content-Type: text/plain; charset="Windows-1252"

> Are you suggesting that I should modify openssl myself to expose that
> functionality or are suggesting that there is a way to do that given the already
> exposed functionality? If it is the latter could you point me in the right
> direction?

OpenSSL code does not do what you want.  You'll have to write it


------------------------------

Subject: Digest Footer

_______________________________________________
openssl-users mailing list
openssl-users at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-users


------------------------------

End of openssl-users Digest, Vol 28, Issue 21
*********************************************


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170322/4a392c45/attachment-0001.html>


More information about the openssl-users mailing list