On Wed, Jan 01, 2014, Daniel Kahn Gillmor wrote: > On 01/01/2014 03:45 PM, Kurt Roeckx wrote: > > Hi, > > > > I recently ran into this: > > http://safecurves.cr.yp.to/ > > > > It seems that openssl doesn't support any of the curves that are > > listed there as safe. > > > > At least the curve 25519 is popular and has a draft for using it > > in TLS. Would it be possible to add at least support for that > > curve? > > I think you're referring to Simon Josefsson's draft: > > https://tools.ietf.org/html/draft-josefsson-tls-curve25519-01 > > IIRC, the discussion about that draft over on t...@ietf.org got a bit > bogged down in the details of how to represent the points for this curve > and other similar curves (e.g. curve3617): >
Yes that's a problem. Adding support for some curves just needs addition of the appropriate curve parameters, OIDs and in the case of TLS the Named Curve values. Unfortunately for others (curve 25519 is of this type I believe) the handling of the curve needs to be treated as a special case. We'd need a way of representing public keys in SubjectPublicKeyInfo (this the point representation discussion), private keys in PKCS#8 format and ideally optimised curve arithemetic to protect it from attack. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
