Mail Archives: cygwin/2019/06/03/08:09:59

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2019/06/03/08:09:59

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:from:date:message-id:subject:to

:content-type; q=dns; s=default; b=IJNNhuCnkYWAouDVCMyXiWTJP08Df

dv8GF4bvjKgLpS16OMTt147fO1yHVOzNMvlzljh6iXzms8RdAU3mbBYRnA/6ATxr

a+34Dw3M0+9v/WWtthmRX2bmO1iSxa+J6/4aX9y2E2UnU8dyEG+yJD3KRgGHa3DH

XeNsiIkGrnQqBc=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:mime-version:from:date:message-id:subject:to

:content-type; s=default; bh=MbaG8ni7VByL6AOL+5HAUAAmF84=; b=bL7

dmtkLLWBJ2CFFfxCsvgLoedlsPvXWA44gTDzd5LFGOb1IeHKyDp06OLdjSrui0Uy

OgjLRPAcXJP+SAp+Zw679qUhZpuIQ1GWxDkS1xdrSUYfW5m77uMGmh4ATKhkGf6v

v5gGKOnZ3975JFKVfVOWsnVYTx+DWNfsYksygBcc=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=newest, Feb, surprised, feb

X-HELO: mail-vs1-f54.google.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=7KObLKhwUTkc6Gd+TdYWiXtNG9dWD3fKKFKiX9W18mE=; b=jqNM2uC8qX9N9YjrynfbESyXX8OSqqWvZguK8RXp5xkQqQvll8oxdn1cz8Objw2LPY Z7nabLk+zox52Zw6bGxgYYO9mplZR9J8xtsZb6ES7nyAPyI35Ulx0s0mdoGv+qBJ9JAV m8OBKlPDluemm1FNRU1O2WMyCkcy6/VENgGmN7pdaH1+L5cPkZP8+gjNPM7TJ5wDH/BQ 0KZEMULaz6dW3zrgo0YHmX0SURRT65W5so53sJwHoL2eWG599VXs5HQQ9yksIkg7JLc9 qhP7RMpmu0QRmgWa/3uw94Wg0o7jrv434TpT8b07t/Nq5LpIgbLXLfghElWL+oBL0nUp tIUw==

MIME-Version: 1.0

From: Benjamin Baratte <benjamin DOT baratte AT gmail DOT com>

Date: Mon, 3 Jun 2019 14:09:27 +0200

Message-ID: <CABTpe59pFoH-MsGKKa4oNdFTs42opV64motaSFpeijJCq0Dqcw@mail.gmail.com>

Subject: Question regarding OpenSSL 1.1.1b package configuration against OpenSSL 1.0.2r

To: cygwin AT cygwin DOT com

X-IsSubscribed: yes

Hi Cygwin team,

I would like to understand why the OpenSSL 1.1.1b package only includes the
NIST EC curves support ?
I'm basically try to use brainpool curves and I have noticed that the
package 1.1.1b does not includes these curves and more generally only
includes NIST curves

$ openssl version
OpenSSL 1.1.1b  26 Feb 2019

$ openssl ecparam -list_curves
  secp224r1 : NIST/SECG curve over a 224 bit prime field
  secp256k1 : SECG curve over a 256 bit prime field
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field

Also, I have checked the OpenSSL package 1.0.2r and here is the list of
curve support :
$ openssl version
OpenSSL 1.0.2r  26 Feb 2019

$ openssl ecparam -list_curves
  secp112r1 : SECG/WTLS curve over a 112 bit prime field
  secp112r2 : SECG curve over a 112 bit prime field
  secp128r1 : SECG curve over a 128 bit prime field
  secp128r2 : SECG curve over a 128 bit prime field
  secp160k1 : SECG curve over a 160 bit prime field
  secp160r1 : SECG curve over a 160 bit prime field
  secp160r2 : SECG/WTLS curve over a 160 bit prime field
  secp192k1 : SECG curve over a 192 bit prime field
  secp224k1 : SECG curve over a 224 bit prime field
  secp224r1 : NIST/SECG curve over a 224 bit prime field
  secp256k1 : SECG curve over a 256 bit prime field
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field
  prime192v2: X9.62 curve over a 192 bit prime field
  prime192v3: X9.62 curve over a 192 bit prime field
  prime239v1: X9.62 curve over a 239 bit prime field
  prime239v2: X9.62 curve over a 239 bit prime field
  prime239v3: X9.62 curve over a 239 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field
  sect113r1 : SECG curve over a 113 bit binary field
  sect113r2 : SECG curve over a 113 bit binary field
  sect131r1 : SECG/WTLS curve over a 131 bit binary field
  sect131r2 : SECG curve over a 131 bit binary field
  sect163k1 : NIST/SECG/WTLS curve over a 163 bit binary field
  sect163r1 : SECG curve over a 163 bit binary field
  sect163r2 : NIST/SECG curve over a 163 bit binary field
  sect193r1 : SECG curve over a 193 bit binary field
  sect193r2 : SECG curve over a 193 bit binary field
  sect233k1 : NIST/SECG/WTLS curve over a 233 bit binary field
  sect233r1 : NIST/SECG/WTLS curve over a 233 bit binary field
  sect239k1 : SECG curve over a 239 bit binary field
  sect283k1 : NIST/SECG curve over a 283 bit binary field
  sect283r1 : NIST/SECG curve over a 283 bit binary field
  sect409k1 : NIST/SECG curve over a 409 bit binary field
  sect409r1 : NIST/SECG curve over a 409 bit binary field
  sect571k1 : NIST/SECG curve over a 571 bit binary field
  sect571r1 : NIST/SECG curve over a 571 bit binary field
  c2pnb163v1: X9.62 curve over a 163 bit binary field
  c2pnb163v2: X9.62 curve over a 163 bit binary field
  c2pnb163v3: X9.62 curve over a 163 bit binary field
  c2pnb176v1: X9.62 curve over a 176 bit binary field
  c2tnb191v1: X9.62 curve over a 191 bit binary field
  c2tnb191v2: X9.62 curve over a 191 bit binary field
  c2tnb191v3: X9.62 curve over a 191 bit binary field
  c2pnb208w1: X9.62 curve over a 208 bit binary field
  c2tnb239v1: X9.62 curve over a 239 bit binary field
  c2tnb239v2: X9.62 curve over a 239 bit binary field
  c2tnb239v3: X9.62 curve over a 239 bit binary field
  c2pnb272w1: X9.62 curve over a 272 bit binary field
  c2pnb304w1: X9.62 curve over a 304 bit binary field
  c2tnb359v1: X9.62 curve over a 359 bit binary field
  c2pnb368w1: X9.62 curve over a 368 bit binary field
  c2tnb431r1: X9.62 curve over a 431 bit binary field
  wap-wsg-idm-ecid-wtls1: WTLS curve over a 113 bit binary field
  wap-wsg-idm-ecid-wtls3: NIST/SECG/WTLS curve over a 163 bit binary field
  wap-wsg-idm-ecid-wtls4: SECG curve over a 113 bit binary field
  wap-wsg-idm-ecid-wtls5: X9.62 curve over a 163 bit binary field
  wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field
  wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field
  wap-wsg-idm-ecid-wtls10: NIST/SECG/WTLS curve over a 233 bit binary field
  wap-wsg-idm-ecid-wtls11: NIST/SECG/WTLS curve over a 233 bit binary field
  wap-wsg-idm-ecid-wtls12: WTLS curvs over a 224 bit prime field
  Oakley-EC2N-3:
        IPSec/IKE/Oakley curve #3 over a 155 bit binary field.
        Not suitable for ECDSA.
        Questionable extension field!
  Oakley-EC2N-4:
        IPSec/IKE/Oakley curve #4 over a 185 bit binary field.
        Not suitable for ECDSA.
        Questionable extension field!
  brainpoolP160r1: RFC 5639 curve over a 160 bit prime field
  brainpoolP160t1: RFC 5639 curve over a 160 bit prime field
  brainpoolP192r1: RFC 5639 curve over a 192 bit prime field
  brainpoolP192t1: RFC 5639 curve over a 192 bit prime field
  brainpoolP224r1: RFC 5639 curve over a 224 bit prime field
  brainpoolP224t1: RFC 5639 curve over a 224 bit prime field
  brainpoolP256r1: RFC 5639 curve over a 256 bit prime field
  brainpoolP256t1: RFC 5639 curve over a 256 bit prime field
  brainpoolP320r1: RFC 5639 curve over a 320 bit prime field
  brainpoolP320t1: RFC 5639 curve over a 320 bit prime field
  brainpoolP384r1: RFC 5639 curve over a 384 bit prime field
  brainpoolP384t1: RFC 5639 curve over a 384 bit prime field
  brainpoolP512r1: RFC 5639 curve over a 512 bit prime field
  brainpoolP512t1: RFC 5639 curve over a 512 bit prime field

From what I have found in Google, the cygwin OpenSSL 1.1.1b package is
bound to the fedora package spec which is deactivating brainpool curves.

I'm a bit surprised by the differences in the 2 OpenSSL packages. But I
need to use Brainpool curves.

On top of that, the installer is proposing the OpenSSL 1.1.1b-1 package as
the newest one prevailing to OpenSSL 1.0.2r-1 package. Is it possible to
get back the brainpool curves into the OpenSSL 1.1.1b-1 package ?
if not, could please explain to me why only NIST curves are now supported
in the official package ?

Thanks for your response

Best Regards,

Benjamin

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; q=dns; s=default; b=IJNNhuCnkYWAouDVCMyXiWTJP08Df
	dv8GF4bvjKgLpS16OMTt147fO1yHVOzNMvlzljh6iXzms8RdAU3mbBYRnA/6ATxr
	a+34Dw3M0+9v/WWtthmRX2bmO1iSxa+J6/4aX9y2E2UnU8dyEG+yJD3KRgGHa3DH
	XeNsiIkGrnQqBc=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; s=default; bh=MbaG8ni7VByL6AOL+5HAUAAmF84=; b=bL7
	dmtkLLWBJ2CFFfxCsvgLoedlsPvXWA44gTDzd5LFGOb1IeHKyDp06OLdjSrui0Uy
	OgjLRPAcXJP+SAp+Zw679qUhZpuIQ1GWxDkS1xdrSUYfW5m77uMGmh4ATKhkGf6v
	v5gGKOnZ3975JFKVfVOWsnVYTx+DWNfsYksygBcc=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=newest, Feb, surprised, feb
X-HELO:	mail-vs1-f54.google.com
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=7KObLKhwUTkc6Gd+TdYWiXtNG9dWD3fKKFKiX9W18mE=; b=jqNM2uC8qX9N9YjrynfbESyXX8OSqqWvZguK8RXp5xkQqQvll8oxdn1cz8Objw2LPY Z7nabLk+zox52Zw6bGxgYYO9mplZR9J8xtsZb6ES7nyAPyI35Ulx0s0mdoGv+qBJ9JAV m8OBKlPDluemm1FNRU1O2WMyCkcy6/VENgGmN7pdaH1+L5cPkZP8+gjNPM7TJ5wDH/BQ 0KZEMULaz6dW3zrgo0YHmX0SURRT65W5so53sJwHoL2eWG599VXs5HQQ9yksIkg7JLc9 qhP7RMpmu0QRmgWa/3uw94Wg0o7jrv434TpT8b07t/Nq5LpIgbLXLfghElWL+oBL0nUp tIUw==
MIME-Version:	1.0
From:	Benjamin Baratte <benjamin DOT baratte AT gmail DOT com>
Date:	Mon, 3 Jun 2019 14:09:27 +0200
Message-ID:	<CABTpe59pFoH-MsGKKa4oNdFTs42opV64motaSFpeijJCq0Dqcw@mail.gmail.com>
Subject:	Question regarding OpenSSL 1.1.1b package configuration against OpenSSL 1.0.2r
To:	cygwin AT cygwin DOT com
X-IsSubscribed:	yes