[openssl-users] openssl-users Digest, Vol 28, Issue 21

Ethan Rahn ethan.rahn at gmail.com
Wed Mar 22 18:01:41 UTC 2017 

Couldn't you just use EVP_PKEY_get1_EC_KEY?

https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_get1_EC_KEY.html

Cheers,

Ethan

On Wed, Mar 22, 2017 at 10:48 AM, Christian Adja via openssl-users <
openssl-users at openssl.org> wrote:

> Good evening everybody,
> I need help about to transform public key (unsigned char *) retrieved from
> IEEE cert in EVP_PKEY o EC_KEY. The public key is an ecdsaNistP256 in
> compressed form (compressedy1).
> The public key form in hex =
> |00|80|83|x point (32 bytes)|
>
> Thanks,
>
> Best Regards
>
>
> Il Mercoledì 15 Marzo 2017 22:23, "openssl-users-request at openssl.org" <
> openssl-users-request at openssl.org> ha scritto:
>
>
> Send openssl-users mailing list submissions to
>     openssl-users at openssl.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>     https://mta.openssl.org/mailman/listinfo/openssl-users
> or, via email, send a message with subject or body 'help' to
>     openssl-users-request at openssl.org
>
> You can reach the person managing the list at
>     openssl-users-owner at openssl.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of openssl-users digest..."
>
>
> Today's Topics:
>
>   1. Request for adding new ciphers (Christian Adja)
>   2. Re: Request for adding new ciphers (Matt Caswell)
>   3. Generating dh parameters multithreaded? (Joseph Southwell)
>   4. Re: Generating dh parameters multithreaded? (Salz, Rich)
>   5. OpenSSL Certificate Cross Signing (Moritz Wirth)
>   6. Re: PKCS#7 (val?ry)
>   7. Re: Generating dh parameters multithreaded? (Joseph Southwell)
>   8. Re: Generating dh parameters multithreaded? (Salz, Rich)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 15 Mar 2017 18:03:44 +0000 (UTC)
> From: Christian Adja <christian_adja at yahoo.it>
> To: "openssl-users at openssl.org" <openssl-users at openssl.org>
> Subject: [openssl-users] Request for adding new ciphers
> Message-ID: <1576557894.1332584.1489601024241 at mail.yahoo.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi everyone,
> Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM
> " and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl?
> I tried adding in the file tls1.h??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM???????????
> 0x0300C0AC
> ??? # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM??????????? 0x0300C0AD
> And modifing the file? ssl_ciph.c the functions??? ssl_load_ciphers() ...
> And modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c.
> There are no way to make it works. It continue to give me? error:
> ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420
> thanks.
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mta.openssl.org/pipermail/openssl-users/
> attachments/20170315/5ea926a1/attachment-0001.html>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 15 Mar 2017 18:18:52 +0000
> From: Matt Caswell <matt at openssl.org>
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] Request for adding new ciphers
> Message-ID: <e507eba7-b0c6-d85a-78aa-2af36c2e487e at openssl.org>
> Content-Type: text/plain; charset=windows-1252
>
>
>
> On 15/03/17 18:03, Christian Adja via openssl-users wrote:
> > Hi everyone,
> >
> > Someone can help for adding the ciphersuite "
> > ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in
> > openssl?
> > I tried adding in the file tls1.h
> >    # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM            0x0300C0AC
> >    # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM            0x0300C0AD
> >
> > And modifing the file  ssl_ciph.c the functions
> >    ssl_load_ciphers() ...
> > And modifing the file evp_cipher.c and sssl_locl.c
> > and finaly ssl_algs.c.
> >
> > There are no way to make it works. It continue to give me  error:
> > ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420
>
>
> These ciphersuites already exist in OpenSSL (from version 1.1.0).
>
> Matt
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 15 Mar 2017 14:18:38 -0400
> From: Joseph Southwell <jsouthwell at serengeti.com>
> To: openssl-users at openssl.org
> Subject: [openssl-users] Generating dh parameters multithreaded?
> Message-ID: <56015584-6EDC-4BD6-AA21-F27835281A99 at serengeti.com>
> Content-Type: text/plain; charset="utf-8"
>
> On any new install of our software we generate new dh parameters as
> follows?
>
> DH *dh = DH_new();
> !DH_generate_parameters_ex(dh, 2048, 2, NULL);
> int codes = 0;
> DH_check(dh, &codes);
> DH_generate_key(dh);
>
> It takes a long time. Is there some way to have it use all available cores
> instead of just the one?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mta.openssl.org/pipermail/openssl-users/
> attachments/20170315/abdcfd11/attachment-0001.html>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 15 Mar 2017 18:21:05 +0000
> From: "Salz, Rich" <rsalz at akamai.com>
> To: "openssl-users at openssl.org" <openssl-users at openssl.org>
> Subject: Re: [openssl-users] Generating dh parameters multithreaded?
> Message-ID:
>     <9ff829cd17f74e4a910ca067196f7d62 at usma1ex-dag1mb1.msg.corp.akamai.com>
> Content-Type: text/plain; charset="utf-8"
>
> > It takes a long time. Is there some way to have it use all available
> cores instead of just the one?
>
> You'll have to write the code to do that parallelism yourself.
>
> ------------------------------
>
> Message: 5
> Date: Wed, 15 Mar 2017 19:46:07 +0100
> From: Moritz Wirth <mw at flanga.io>
> To: openssl-users at openssl.org
> Subject: [openssl-users] OpenSSL Certificate Cross Signing
> Message-ID: <c879dec1-9fab-5ecc-de01-4e033c690690 at flanga.io>
> Content-Type: text/plain; charset=utf-8
>
> Good Evening all,
>
>
> I have 2 Root Certificate Authorities which I want to use to cross sign
> an intermediate certificate. I created a certificate request and signed
> it with both CAs.
>
> I issued an end user certificate with the intermediate CA and added both
> intermediate CA Certificates (the one from Root1 and the one signed by
> Root2). If only one CA is trusted, the certificate is still recognized
> as trusted in Firefox regardless which certificate is on top of the
> chain (Which is exactly what I want.)
>
> I wondered if I can connect both intermediate Certificates to a single
> certificate or do I always need both certificates?
>
>
> Best Regards,
>
> Moritz
>
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 15 Mar 2017 21:42:50 +0100
> From: val?ry <vsbrin at gmail.com>
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] PKCS#7
> Message-ID:
>     <CAMkdoSFR_kT=wxt5jAFMENwN3dXEhzVr=VkJmh-7=ocaHj14OA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Alright, big thanks to both of you for your input!
>
> On Mar 15, 2017 23:01, "Wouter Verhelst" <wouter.verhelst at fedict.be>
> wrote:
>
> On 15-03-17 05:13, val?ry wrote:
>
> > Hi,
> >
> > thank you very much for your response.
> > Say someone would be able to gather several clear text AES keys and
> > their respective asymmetrically encrypted RSA blocks. Would it weakens
> > the security of the RSA key pair ? I mean could it be easier for someone
> > using that information to brute force an RSA key pair ?
> >
>
> Think of it this way:
>
> As far as the RSA algorithm is concerned, the AES keys are just data. They
> happen to be AES keys, but they might have been a hash value, an image, or
> somebody's date of birth.
>
> If getting the cleartext as well as the encrypted text for an RSA message
> would allow you to more easily guess the RSA key, then the RSA algorithm
> would be seriously flawed.
>
> There is no known attack against RSA for which this is true, however, as
> Rich pointed out.
>
> --
> Wouter Verhelst
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://mta.openssl.org/pipermail/openssl-users/
> attachments/20170315/c5426a43/attachment-0001.html>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 15 Mar 2017 17:08:50 -0400
> From: Joseph Southwell <jsouthwell at serengeti.com>
> To: "Salz, Rich" <rsalz at akamai.com>, openssl-users at openssl.org
> Subject: Re: [openssl-users] Generating dh parameters multithreaded?
> Message-ID: <F3ADE150-0FAA-46B8-B481-816C1DD1B984 at serengeti.com>
> Content-Type: text/plain; charset=us-ascii
>
> Are you suggesting that I should modify openssl myself to expose that
> functionality or are suggesting that there is a way to do that given the
> already exposed functionality? If it is the latter could you point me in
> the right direction?
>
> > On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users <
> openssl-users at openssl.org> wrote:
> >
> >> It takes a long time. Is there some way to have it use all available
> cores instead of just the one?
> >
> > You'll have to write the code to do that parallelism yourself.
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> >
>
>
>
> ------------------------------
>
> Message: 8
> Date: Wed, 15 Mar 2017 21:15:11 +0000
> From: "Salz, Rich" <rsalz at akamai.com>
> To: Joseph Southwell <jsouthwell at serengeti.com>,
>     "openssl-users at openssl.org" <openssl-users at openssl.org>
> Subject: Re: [openssl-users] Generating dh parameters multithreaded?
> Message-ID:
>     <2a86a335027d437ba9531551ce0ea897 at usma1ex-dag1mb1.msg.corp.akamai.com>
> Content-Type: text/plain; charset="Windows-1252"
>
> > Are you suggesting that I should modify openssl myself to expose that
> > functionality or are suggesting that there is a way to do that given the
> already
> > exposed functionality? If it is the latter could you point me in the
> right
> > direction?
>
> OpenSSL code does not do what you want.  You'll have to write it
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org
> https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
> ------------------------------
>
> End of openssl-users Digest, Vol 28, Issue 21
> *********************************************
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170322/2ad48abe/attachment-0001.html>

More information about the openssl-users mailing list