[openssl-users] Logjam impact on 0.9.8y version
Hello, I see a fix for logjam has been provided from 1.0.1 and 1.0.2 versions of openssl. https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ Does that imply 0.9.8 is not impacted by logjam? Also, Is it not required to disable export cipher suites in 0.9.8 version? Thanks Regards Sandeep___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Implementing ECDSA in an engine
Hello Steve, Thank you for the response. The ECDSA_set_default_method() indeed sets up the functionality as you describe below and that seems to be good enough for me (for now...). Best regards, Reinier On 6/26/15 4:25 PM, Dr. Stephen Henson wrote: On Fri, Jun 26, 2015, Reinier Torenbeek wrote: The mechanism for implementing ECDSA in my own engine is unclear to me. Unfortunately, none of the example engines implement ECDSA so it is hard for me to find answers. Invoking ENGINE_set_ECDSA() does not seem to be sufficient: my setup, sign and verify methods never get invoked. There are two separate ways you can implement a public key algorithm in an ENGINE. The first is a default method which is then used for every single operation. This is most suited to cryptographic accelerators. The second is a key specific method which is utilised for some (and maybe not all) operations on one key. This would be most suited for a smart card for example where signing might be performed by the card but verification performed by OpenSSL itself. The second form isn't well supported for ECDSA at present though you can sort of get that functionality using the first technique. That will be fixed at some point most likely in the master branch for OpenSSL 1.1.0. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to provide KDF to ECDH key computation when using EVP API?
Clarifying my intentions with a snippet of example code that I would like to end up with (omitting some lines as well as error checking for the sake of brevity): ctx = EVP_PKEY_CTX_new(local_key, NULL); EVP_PKEY_derive_init(ctx); /* Set digest to be used to sha256 */ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_MD, 0, (void *)EVP_sha256()); EVP_PKEY_derive_set_peer(ctx, remote_key); /* Compute shared secret and apply sha256 to it to get a usable key */ EVP_PKEY_derive(ctx, result_key, result_len); This is all compilable and runnable code, but the EVP_PKEY_CTX_ctrl invocation is essentially ignored at this moment. Therefore the sha256 does not actually take place. On Sat, Jun 27, 2015 at 7:55 PM, Reinier Torenbeek reinier.torenb...@gmail.com wrote: Hi again, After digging into the ECDH code a bit more, I (sort of) found an answer to my question. My reason to look at using the KDF is to apply a hash to the shared secret to compute a useable key within the derive function. There is a control value called EVP_PKEY_CTRL_MD which seems like it could be used for this purpose. However, for EC keys it looks like this control value only has a meaning for the signing functionality, not for the key derivation functionality. This looks like an omission to me. A small test showed that it would not be too hard to have the hash applied when doing key derivation as well. If the approach sketched above is not right or possible, then exposing the KDF function to the user of the EVP API seems a logical alternative. However, the KDF function prototype is rather limited, with only an in and out and no context at all. The latter would be required to make it useful. Since this functionality looks like it is a kind of half-finished to me, can anybody give some insight in its status or confirm/correct my conclusions? Thanks, Reinier On 6/19/15 4:23 PM, Reinier Torenbeek wrote: Hi, My goal is to implement ECDH in my own engine. The snippet below shows the struct that needs to be filled and set as the engine's ECDH method: struct ecdh_method { const char *name; int (*compute_key) (void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)); # if 0 int (*init) (EC_KEY *eckey); int (*finish) (EC_KEY *eckey); # endif int flags; char *app_data; }; I intend to leverage the KDF mechanism, but it does not seem to be exposed in the EVP API. Is that possible at all? If yes, how do I do that? If no, what is the purpose of the KDF() parameter in compute_key? (By the way, struct ecdh_method is in crypto/ecdh/ech_locl.h, which seems to be a private header file. Am I supposed/allowed to include it anyway?) Thanks in advance, Reinier ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Compiling FIPS compliant Openssl for SSE architecture
Hi All, I am trying to build fips compliant openssl 1.0.1m for SSE (nonSSE2) architecture . The last time I did this, it was not fips compliant( just built openssl for SSE ) so it worked. From the Developer Command Prompt for VS 2012: 1. Build fips-ecp 2.0.8 executing 'ms\do_fips' after setting the PROCESSOR_ARCHITECTURE=x86 to build for SSE added the /arch:SSE flag to the CFLAG in the Configure file '$cflags = $cflags$exp_cflags /arch:SSE' [ Even tried to run do_fips and then recompile after setting the arch flag in the Configure script] 2. Build openssl C:\openssl-1.0.1mperl Configure VC-WIN32 no-rc5 no-idea no-ec2m [ --with-fipslibdir=fips_lib_path ] --prefix=c:\somedir\openssl\dir -D_USING_V110_SDK71_ C:\openssl-1.0.1mms\do_nasm.bat ( added the /arch:SSE flag to CFLAG in the ntdll.mak ) C:\nmake -f ntdll.mak The resulting opensssl libraries do not run on the SSE architecture machines and throw Not a valid Win32 application Does anyone have any idea what is missing? I have compiled openssl with same set of commands and versions for SSE2 and those libraries work fine. Thanks Shobha ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How to provide KDF to ECDH key computation when using EVP API?
Hi again, After digging into the ECDH code a bit more, I (sort of) found an answer to my question. My reason to look at using the KDF is to apply a hash to the shared secret to compute a useable key within the derive function. There is a control value called EVP_PKEY_CTRL_MD which seems like it could be used for this purpose. However, for EC keys it looks like this control value only has a meaning for the signing functionality, not for the key derivation functionality. This looks like an omission to me. A small test showed that it would not be too hard to have the hash applied when doing key derivation as well. If the approach sketched above is not right or possible, then exposing the KDF function to the user of the EVP API seems a logical alternative. However, the KDF function prototype is rather limited, with only an in and out and no context at all. The latter would be required to make it useful. Since this functionality looks like it is a kind of half-finished to me, can anybody give some insight in its status or confirm/correct my conclusions? Thanks, Reinier On 6/19/15 4:23 PM, Reinier Torenbeek wrote: Hi, My goal is to implement ECDH in my own engine. The snippet below shows the struct that needs to be filled and set as the engine's ECDH method: struct ecdh_method { const char *name; int (*compute_key) (void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)); # if 0 int (*init) (EC_KEY *eckey); int (*finish) (EC_KEY *eckey); # endif int flags; char *app_data; }; I intend to leverage the KDF mechanism, but it does not seem to be exposed in the EVP API. Is that possible at all? If yes, how do I do that? If no, what is the purpose of the KDF() parameter in compute_key? (By the way, struct ecdh_method is in crypto/ecdh/ech_locl.h, which seems to be a private header file. Am I supposed/allowed to include it anyway?) Thanks in advance, Reinier ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users