Re: [openssl-users] Generating dh parameters multithreaded?

2017-03-15 Thread Michael Wojcik 
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Salz, Rich via openssl-users
> Sent: Wednesday, March 15, 2017 15:15
> To: Joseph Southwell; openssl-users@openssl.org
> Subject: Re: [openssl-users] Generating dh parameters multithreaded?
> 
> > Are you suggesting that I should modify openssl myself to expose that
> > functionality or are suggesting that there is a way to do that given the 
> > already
> > exposed functionality? If it is the latter could you point me in the right
> > direction?
> 
> OpenSSL code does not do what you want.  You'll have to write it

My suggestion, if you were to take that route, would be to use the Engine 
interface rather than modifying the OpenSSL source. You could take the existing 
OpenSSL implementation of the functionality, move it into an engine (using one 
of the existing ones as a template), get that working, and then see about 
parallelizing it.

I created a modified version of the existing CAPI engine, and it wasn't 
particularly difficult. If memory serves, the OpenSSL wiki has some material on 
the subject too.

-- 
Michael Wojcik 
Distinguished Engineer, Micro Focus 


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generating dh parameters multithreaded?

2017-03-15 Thread Salz, Rich via openssl-users 
> Are you suggesting that I should modify openssl myself to expose that
> functionality or are suggesting that there is a way to do that given the 
> already
> exposed functionality? If it is the latter could you point me in the right
> direction?

OpenSSL code does not do what you want.  You'll have to write it
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generating dh parameters multithreaded?

2017-03-15 Thread Joseph Southwell 
Are you suggesting that I should modify openssl myself to expose that 
functionality or are suggesting that there is a way to do that given the 
already exposed functionality? If it is the latter could you point me in the 
right direction?

> On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-users 
>  wrote:
> 
>> It takes a long time. Is there some way to have it use all available cores 
>> instead of just the one?
> 
> You'll have to write the code to do that parallelism yourself.
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PKCS#7

2017-03-15 Thread valéry 
Alright, big thanks to both of you for your input!

On Mar 15, 2017 23:01, "Wouter Verhelst"  wrote:

On 15-03-17 05:13, valéry wrote:

> Hi,
>
> thank you very much for your response.
> Say someone would be able to gather several clear text AES keys and
> their respective asymmetrically encrypted RSA blocks. Would it weakens
> the security of the RSA key pair ? I mean could it be easier for someone
> using that information to brute force an RSA key pair ?
>

Think of it this way:

As far as the RSA algorithm is concerned, the AES keys are just data. They
happen to be AES keys, but they might have been a hash value, an image, or
somebody's date of birth.

If getting the cleartext as well as the encrypted text for an RSA message
would allow you to more easily guess the RSA key, then the RSA algorithm
would be seriously flawed.

There is no known attack against RSA for which this is true, however, as
Rich pointed out.

-- 
Wouter Verhelst

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL Certificate Cross Signing

2017-03-15 Thread Moritz Wirth 
Good Evening all,


I have 2 Root Certificate Authorities which I want to use to cross sign
an intermediate certificate. I created a certificate request and signed
it with both CAs.

I issued an end user certificate with the intermediate CA and added both
intermediate CA Certificates (the one from Root1 and the one signed by
Root2). If only one CA is trusted, the certificate is still recognized
as trusted in Firefox regardless which certificate is on top of the
chain (Which is exactly what I want.)

I wondered if I can connect both intermediate Certificates to a single
certificate or do I always need both certificates?


Best Regards,

Moritz

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Generating dh parameters multithreaded?

2017-03-15 Thread Salz, Rich via openssl-users 
> It takes a long time. Is there some way to have it use all available cores 
> instead of just the one?

You'll have to write the code to do that parallelism yourself.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Generating dh parameters multithreaded?

2017-03-15 Thread Joseph Southwell 
On any new install of our software we generate new dh parameters as follows…

DH *dh = DH_new();
!DH_generate_parameters_ex(dh, 2048, 2, NULL);
int codes = 0;
DH_check(dh, );
DH_generate_key(dh);

It takes a long time. Is there some way to have it use all available cores 
instead of just the one?-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Request for adding new ciphers

2017-03-15 Thread Matt Caswell 


On 15/03/17 18:03, Christian Adja via openssl-users wrote:
> Hi everyone,
> 
> Someone can help for adding the ciphersuite "
> ECDHE_ECDSA_WITH_AES_128_CCM " and "ECDHE_ECDSA_WITH_AES_256_CCM " in
> openssl?
> I tried adding in the file tls1.h
> # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM0x0300C0AC
> # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM0x0300C0AD
> 
> And modifing the file  ssl_ciph.c the functions
> ssl_load_ciphers() ...
> And modifing the file evp_cipher.c and sssl_locl.c
> and finaly ssl_algs.c.
> 
> There are no way to make it works. It continue to give me  error:
> ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420


These ciphersuites already exist in OpenSSL (from version 1.1.0).

Matt

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Request for adding new ciphers

2017-03-15 Thread Christian Adja via openssl-users 
Hi everyone,
Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM " 
and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl? 
I tried adding in the file tls1.h    # define 
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM    0x0300C0AC
    # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM    0x0300C0AD
And modifing the file  ssl_ciph.c the functions    ssl_load_ciphers() ... And 
modifing the file evp_cipher.c and sssl_locl.cand finaly ssl_algs.c.
There are no way to make it works. It continue to give me  error: 
ssl3_get_client_hello:no shared cipher:s3_srvr.c:1420
thanks.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PKCS#7

2017-03-15 Thread Wouter Verhelst 

On 15-03-17 05:13, valéry wrote:

Hi,

thank you very much for your response.
Say someone would be able to gather several clear text AES keys and
their respective asymmetrically encrypted RSA blocks. Would it weakens
the security of the RSA key pair ? I mean could it be easier for someone
using that information to brute force an RSA key pair ?


Think of it this way:

As far as the RSA algorithm is concerned, the AES keys are just data. 
They happen to be AES keys, but they might have been a hash value, an 
image, or somebody's date of birth.


If getting the cleartext as well as the encrypted text for an RSA 
message would allow you to more easily guess the RSA key, then the RSA 
algorithm would be seriously flawed.


There is no known attack against RSA for which this is true, however, as 
Rich pointed out.


--
Wouter Verhelst
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] PKCS#7

2017-03-15 Thread Salz, Rich via openssl-users 
> Say someone would be able to gather several clear text AES keys and their 
> respective asymmetrically encrypted RSA blocks. Would it weakens the security 
> of the RSA key pair ? I mean could it be easier for someone using that 
> information to brute force an RSA key pair ?

No
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL DRBG in FIPS mode confusion.

2017-03-15 Thread Matthias St. Pierre 


On 15.03.2017 10:50, Jayalakshmi bhat wrote:
> Hi All,
>
> OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have 
> question associated with this. 
>
> 1. OpenSSL wiki says  : Default DRBG is 256-bit CTR AES *using a derivation 
> function*
> 2. Where as the document 
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf  
> mentions "no derivation function" in one place and in another sections 
> mentions both
> *Section 4 Modes of Operation and Cryptographic Functionality*
> Random Number  Generation;[SP 800­90] DRBG5 Hash 
> DRBG  
> Symmetric key  generationPrediction resistance   
> HMAC DRBG, no reseed 
>supported for all variations   
> CTR DRBG (AES), no derivation function 
> *Section 6 Self­test *
> DRBG  KAT  CTR_DRBG: AES, 256 bit with and without derivation function *
> *
>
> Please can any one let me know what is the default behavior? Is there any way 
> to toggle between using and not using derivation function.
>
> Regards
> Jayalakshmi
>

The default is set by the FIPS enabled OpenSSL crypto library (not by the 
OpenSSL  FIPS object module itself) in RAND_init_fips(), rand_lib.c:277:

openssl-1.0.2k/crypto/rand/rand_lib.c:277:if (FIPS_drbg_init(dctx, 
fips_drbg_type, fips_drbg_flags) <= 0) {


The default value is DRBG_FLAG_CTR_USE_DF, wich  follows from

openssl-1.0.2k/crypto/rand/rand_lib.c:251:# ifndef OPENSSL_DRBG_DEFAULT_FLAGS
openssl-1.0.2k/crypto/rand/rand_lib.c:252:#  define OPENSSL_DRBG_DEFAULT_FLAGS  
DRBG_FLAG_CTR_USE_DF
openssl-1.0.2k/crypto/rand/rand_lib.c:256:static int fips_drbg_flags = 
OPENSSL_DRBG_DEFAULT_FLAGS;
openssl-1.0.2k/crypto/rand/rand_lib.c:261:fips_drbg_flags = flags;

and you can change it using void RAND_set_fips_drbg_type(int type, int flags).


Regards,
Matthias St. Pierre




-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL DRBG in FIPS mode confusion.

2017-03-15 Thread Jayalakshmi bhat 
Hi All,

OpenSSL uses 256 bit AES-CTR DRBG as default DRBG in FIPS mode. I have
question associated with this.

1. OpenSSL wiki says  : Default DRBG is 256-bit CTR AES *using a derivation
function*
2. Where as the document
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf
 mentions "no derivation function" in one place and in another sections
mentions both
*Section 4 Modes of Operation and Cryptographic Functionality*
Random Number  Generation;[SP 800­90] DRBG5
Hash DRBG
Symmetric key  generationPrediction resistance
  HMAC DRBG, no reseed
   supported for all variations
  CTR DRBG (AES), no derivation function
*Section 6 Self­test *
DRBG  KAT  CTR_DRBG: AES, 256 bit with and without derivation function

Please can any one let me know what is the default behavior? Is there any
way to toggle between using and not using derivation function.

Regards
Jayalakshmi
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users