From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 53749 invoked by alias); 3 Jun 2019 20:35:34 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 53742 invoked by uid 89); 3 Jun 2019 20:35:34 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 spammy=Morgan, Benjamin, morgan, manifest X-HELO: smtp-out-so.shaw.ca Received: from smtp-out-so.shaw.ca (HELO smtp-out-so.shaw.ca) (64.59.136.139) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 03 Jun 2019 20:35:32 +0000 Received: from [192.168.1.114] ([24.64.172.44]) by shaw.ca with ESMTP id Xtg1hf2qHGusjXtg2hYTm2; Mon, 03 Jun 2019 14:35:30 -0600 Reply-To: Brian.Inglis@SystematicSw.ab.ca Subject: Re: Question regarding OpenSSL 1.1.1b package configuration against OpenSSL 1.0.2r To: cygwin@cygwin.com References: From: Brian Inglis Openpgp: preference=signencrypt Message-ID: Date: Mon, 03 Jun 2019 20:35:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2019-06/txt/msg00014.txt.bz2 On 2019-06-03 06:09, Benjamin Baratte wrote: > I would like to understand why the OpenSSL 1.1.1b package only includes the > NIST EC curves support ? > I'm basically try to use brainpool curves and I have noticed that the > package 1.1.1b does not includes these curves and more generally only > includes NIST curves > From what I have found in Google, the cygwin OpenSSL 1.1.1b package is > bound to the fedora package spec which is deactivating brainpool curves. > > I'm a bit surprised by the differences in the 2 OpenSSL packages. But I > need to use Brainpool curves. > > On top of that, the installer is proposing the OpenSSL 1.1.1b-1 package as > the newest one prevailing to OpenSSL 1.0.2r-1 package. Is it possible to > get back the brainpool curves into the OpenSSL 1.1.1b-1 package ? > if not, could please explain to me why only NIST curves are now supported > in the official package ? I have seen comments about legal liability, poor performance limited by choice of random keys, small size of random keys, another model specific Intel FP bug: https://github.com/openssl/openssl/blob/master/CHANGES "Montgomery multiplication may produce incorrect results There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. ... Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. ... This issue was publicly reported as transient failures and was not initially recognized as a security issue. Thanks to Richard Morgan for providing reproducible case. (CVE-2016-7055) [Andy Polyakov]" You can easily rebuild the package yourself with the cygport utility, to check that works, then change the build config to include the Brainpool ECs, and rebuild the way you want it. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple