Re: elliptic curve cryptography?
Xinwen Fu wrote: Xinwen Fu wrote: Hi, Is there some implementation of elliptic curve cryptography in openssl crypto? Well there's some support for ecc in 0.9.8-dev. What do you need ? In fact, I want to use elliptic curve cryptography (ECC) for encrypting plaintext (just interested). But ECC has the bad property: the size of the ciphertext is two times the size of the plaintext. So if I encrypt the same plaintext for multiple times, the size of ciphertext will increase exponentially. This is bad. Is my analysis right? Hmm, which encryption alg do you want to use ? The use of elliptic curves does not determine some special encryption alg. In case you want to use ECIES (currently not implemented in OpenSSL, see SEC 1) your analysis is afaik not correct. Note: elliptic curves are normally only used for the key exchange, but not for the actual encryption (which is still done by well-known symmetric encryption algs). Cheers, Nils __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: CVS Repository
Title: Re: CVS Repository Ralf S. Engelschall wrote: I think rsync had a problem, because there were lots of hanging (more than 20) processes and hence it no longer accepted new connections. I've killed all those processed and restarted the service and now it looks fine again. It's broken again. Rsync has been down more often than not over the past few weeks. Is there any way the uptime could be improved? Thanks, -Steve M. Steve Marquess DMLSS Technical Manager JMLFDC, 623 Porter Street, Ft. Detrick, MD 21702 DSN 343-3933, COM 301-619-3933, FAX 301-619-7831 [EMAIL PROTECTED]
RE: [openssl.org #869] [FWD] [PATCH] OpenSSL patch for CRL Distribution Points for the X.509 Certificate Profile
I incorporated these patches in 0.9.7d STABLE and compiled using the Solaris native compiler instead of gcc. There were several errors because variable definitions were placed after allocation statements, e.g. + for (i = 0; i sk_CONF_VALUE_num(nval); i++) { + cnf = sk_CONF_VALUE_value(nval, i); + STACK_OF(CONF_VALUE) *sk; I can list the corrections (about 12) or, more appriately, the author can re-issue the patch with the necessary corrections so that it follows standard C rules rather than C++. Chris Brook -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stephen Henson via RT Sent: Thursday, April 08, 2004 4:02 AM Cc: [EMAIL PROTECTED] Subject: [openssl.org #869] [FWD] [PATCH] OpenSSL patch for CRL Distribution Points for the X.509 Certificate Profile - Forwarded message from Abhijit Hayatnagarkar [EMAIL PROTECTED] - Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Date: Mon, 5 Apr 2004 16:38:13 -0400 (EDT) From: Abhijit Hayatnagarkar [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [PATCH] OpenSSL patch for CRL Distribution Points for the X.509 Certificate Profile Precedence: bulk Reply-To: [EMAIL PROTECTED] Description of the patch: This patch provides the extended syntax for CRL Distribution Points as specified in RFC 3280 Section 4.2.1.14. It also tries to maintain backward compatibility with the existing syntax. Without this crld patch, the syntax for the X509 extension field CRL Distribution Points recognized by openssl is either: crlDistributionPoints=URI:http://uri.crl.com/crl1,URI:http://uri.crl.com/crl 2 or [EMAIL PROTECTED] [crlsection] URI.1=http://uri.crl.com/crl1 URI.2=http://uri.crl.com/crl2 Thus, you can only specify the 'fullname' field of a single distribution point. With this crld patch, openssl will support a richer syntax for the CRL Distribution Points extension field. Apart from 'fullname', you will be able to specify the 'relativename', 'reasons' and 'CRLissuer' fields. This patch is backward compatible, so you will still be able to use the old syntax. The 'reasons' field is a bitmap of ReasonFlags. The ReasonFlags are: unused (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6), privilegeWithdrawn (7) and aAcompromise (8). Users can now specify CRL Distribution Points with a syntax as detailed as the following: [EMAIL PROTECTED],@distpoint2 [distpoint1] fullname=URI:http://uri.crl.com/crl1,URI:http://uri.crl.com/crl2 reasons=keyCompromise,cACompromise [distpoint2] [EMAIL PROTECTED] reasons=cessationOfOperation,privilegeWithdrawn CRLissuer=email:[EMAIL PROTECTED] [relnamesect] C = US O = Org, Inc. 0.OU= Org Unit 1 1.OU= Sub Org Unit 2 CN = relative common name Thanks, Abhijit Hayatnagarkar Sparta, Inc. A copy of the TSU Notification sent to [EMAIL PROTECTED] is attached below. This notification also included the patches attached to this email. -- Forwarded message -- Date: Mon, 5 Apr 2004 16:21:57 -0400 (EDT) From: Abhijit Hayatnagarkar [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: TSU Notification SUBMISSION TYPE : TSU SUBMITTED BY: Abhijit Hayatnagarkar SUBMITTED FOR : Sparta, Inc. POINT OF CONTACT: Abhijit Hayatnagarkar PHONE and/or FAX: (410) 872-1515 Ext. 236 MANUFACTURER: PRODUCT NAME/MODEL #: Patches for OpenSSL version 0.9.7c and SNAP-20040227 ECCN: 5D002 NOTIFICATION: Source code for the patch attached. Short Description: This patch provides the extended syntax for CRL Distribution Points in the X.509 Certificate Profile as specified in RFC 3280 (See: http://www.ietf.org/rfc/rfc3280.txt). Content-Description: A patch to openssl 0.9.7c for the extended syntax for CRL Distribution Points diff -ur openssl-0.9.7c/crypto/x509v3/v3_crld.c openssl-0.9.7c.modified/crypto/x509v3/v3_crld.c --- openssl-0.9.7c/crypto/x509v3/v3_crld.c 2001-02-23 07:47:05.0 -0500 +++ openssl-0.9.7c.modified/crypto/x509v3/v3_crld.c 2004-04-05 15:55:24.0 -0400 @@ -63,8 +63,23 @@ #include openssl/asn1t.h #include openssl/x509v3.h -static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, - STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist); +static ENUMERATED_NAMES crl_reasons[] = { +{0, Unused, unused}, +{1, Key Compromise, keyCompromise}, +{2, CA Compromise, cACompromise}, +{3, Affiliation Changed, affiliationChanged}, +{4, Superseded, superseded}, +{5, Cessation Of Operation, cessationOfOperation}, +{6, Certificate Hold, certificateHold}, +{7, Privilege Withdrawn, privilegeWithdrawn}, +{8, AA Compromise, aACompromise}, +{-1, NULL, NULL} +}; + +static int i2r_crld(X509V3_EXT_METHOD *method, +STACK_OF(DIST_POINT) *crld, BIO *out, int indent); +static STACK_OF(DIST_POINT)
RE: [openssl.org #869] [FWD] [PATCH] OpenSSL patch for CRL Distribution Points for the X.509 Certificate Profile
I will re-issue a patch for 0.9.7d with the necessary corrections. Thank you, Abhijit Hayatnagarkar Sparta, Inc. On Mon, 12 Apr 2004, Chris Brook wrote: I incorporated these patches in 0.9.7d STABLE and compiled using the Solaris native compiler instead of gcc. There were several errors because variable definitions were placed after allocation statements, e.g. + for (i = 0; i sk_CONF_VALUE_num(nval); i++) { + cnf = sk_CONF_VALUE_value(nval, i); + STACK_OF(CONF_VALUE) *sk; I can list the corrections (about 12) or, more appriately, the author can re-issue the patch with the necessary corrections so that it follows standard C rules rather than C++. Chris Brook -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stephen Henson via RT Sent: Thursday, April 08, 2004 4:02 AM Cc: [EMAIL PROTECTED] Subject: [openssl.org #869] [FWD] [PATCH] OpenSSL patch for CRL Distribution Points for the X.509 Certificate Profile - Forwarded message from Abhijit Hayatnagarkar [EMAIL PROTECTED] - Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Date: Mon, 5 Apr 2004 16:38:13 -0400 (EDT) From: Abhijit Hayatnagarkar [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [PATCH] OpenSSL patch for CRL Distribution Points for the X.509 Certificate Profile Precedence: bulk Reply-To: [EMAIL PROTECTED] Description of the patch: This patch provides the extended syntax for CRL Distribution Points as specified in RFC 3280 Section 4.2.1.14. It also tries to maintain backward compatibility with the existing syntax. Without this crld patch, the syntax for the X509 extension field CRL Distribution Points recognized by openssl is either: crlDistributionPoints=URI:http://uri.crl.com/crl1,URI:http://uri.crl.com/crl 2 or [EMAIL PROTECTED] [crlsection] URI.1=http://uri.crl.com/crl1 URI.2=http://uri.crl.com/crl2 Thus, you can only specify the 'fullname' field of a single distribution point. With this crld patch, openssl will support a richer syntax for the CRL Distribution Points extension field. Apart from 'fullname', you will be able to specify the 'relativename', 'reasons' and 'CRLissuer' fields. This patch is backward compatible, so you will still be able to use the old syntax. The 'reasons' field is a bitmap of ReasonFlags. The ReasonFlags are: unused (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6), privilegeWithdrawn (7) and aAcompromise (8). Users can now specify CRL Distribution Points with a syntax as detailed as the following: [EMAIL PROTECTED],@distpoint2 [distpoint1] fullname=URI:http://uri.crl.com/crl1,URI:http://uri.crl.com/crl2 reasons=keyCompromise,cACompromise [distpoint2] [EMAIL PROTECTED] reasons=cessationOfOperation,privilegeWithdrawn CRLissuer=email:[EMAIL PROTECTED] [relnamesect] C = US O = Org, Inc. 0.OU= Org Unit 1 1.OU= Sub Org Unit 2 CN = relative common name Thanks, Abhijit Hayatnagarkar Sparta, Inc. A copy of the TSU Notification sent to [EMAIL PROTECTED] is attached below. This notification also included the patches attached to this email. -- Forwarded message -- Date: Mon, 5 Apr 2004 16:21:57 -0400 (EDT) From: Abhijit Hayatnagarkar [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: TSU Notification SUBMISSION TYPE : TSU SUBMITTED BY: Abhijit Hayatnagarkar SUBMITTED FOR : Sparta, Inc. POINT OF CONTACT: Abhijit Hayatnagarkar PHONE and/or FAX: (410) 872-1515 Ext. 236 MANUFACTURER: PRODUCT NAME/MODEL #: Patches for OpenSSL version 0.9.7c and SNAP-20040227 ECCN: 5D002 NOTIFICATION: Source code for the patch attached. Short Description: This patch provides the extended syntax for CRL Distribution Points in the X.509 Certificate Profile as specified in RFC 3280 (See: http://www.ietf.org/rfc/rfc3280.txt). Content-Description: A patch to openssl 0.9.7c for the extended syntax for CRL Distribution Points diff -ur openssl-0.9.7c/crypto/x509v3/v3_crld.c openssl-0.9.7c.modified/crypto/x509v3/v3_crld.c --- openssl-0.9.7c/crypto/x509v3/v3_crld.c2001-02-23 07:47:05.0 -0500 +++ openssl-0.9.7c.modified/crypto/x509v3/v3_crld.c 2004-04-05 15:55:24.0 -0400 @@ -63,8 +63,23 @@ #include openssl/asn1t.h #include openssl/x509v3.h -static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, - STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist); +static ENUMERATED_NAMES crl_reasons[] = { +{0, Unused, unused}, +{1, Key Compromise, keyCompromise}, +{2, CA Compromise, cACompromise}, +{3, Affiliation Changed, affiliationChanged}, +{4, Superseded, superseded}, +{5, Cessation Of Operation, cessationOfOperation}, +{6,