Bug 1021898

Summary: Enable curve secp256k1
Product: [Fedora] Fedora Reporter: Cesar Eduardo Barros <cesarb>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: beaaegicfqmq6rykaqaakty3lqcg6btv, bill-bugzilla.redhat.com, bztdlinux, d3matt, dap78, error, fschwarz, gbauman, geertj, germano.massullo, gmaxwell, grinnz, harald, hkario, janfrode, jorti, jv+fedora, jwelsh-rhbz, jyundt, krzysztof.jurewicz, lanxingcan, lemenkov, lmacken, luke-jr+redhatbugs, neteler, ngompa13, ol+redhat, pbrobinson, rc556677, redhat-bugzilla, redhat, RedHat-User, rgasch, rsawhill, rudd-o, samuel-rhbugs, sandro, scott, spam, spital, tcallawa, tmraz, tomek, twillber, vg.aetera, von, wtogami, yann
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 1.0.2d-2.fc23 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-18 05:18:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 182235, 1019390, 1020292    

Description Cesar Eduardo Barros 2013-10-22 09:47:25 UTC
The curve secp256k1 is used by the popular Bitcoin software.

Comment 1 Tomasz Torcz 2013-11-18 17:17:31 UTC
Ping?

Comment 2 Tomas Mraz 2013-11-18 17:52:40 UTC
Blocked on Fedora legal.

Comment 3 Alessio Caiazza 2013-11-21 10:28:35 UTC
Can someone explain how to build a custom RPM which includes chipers fedora cannot ship because of software patents?

Comment 4 Tomas Mraz 2013-11-21 12:10:09 UTC
Such questions clearly cannot be answered here.

Comment 7 Phil 2013-12-02 12:15:11 UTC
openssl is still crippled in openssl up to 1.0.1e-34.

$ openssl ecparam -list_curves
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field


I understand there might be legal issues but why does almost _every other_ distribution include all elliptic curves openssl offers?

$ openssl ecparam -list_curves | grep -c :
67

Comment 8 Matthew Stoltenberg 2013-12-28 02:19:58 UTC
I suggest commenting out the symbols from the headers until Fedora Legal is happy...

Comment 9 Tomas Mraz 2013-12-28 09:46:04 UTC
*** Bug 1045987 has been marked as a duplicate of this bug. ***

Comment 10 Thynson 2014-01-10 02:51:46 UTC
ping ?

Comment 11 DIA Sammy 2014-01-22 07:18:23 UTC
Matthew :
Do you have more informations to do that ?

Comment 12 Phil 2014-02-21 11:07:26 UTC
no news on this?

Comment 13 Dan Book 2014-05-10 18:16:56 UTC
any update on this issue?

Comment 14 Tom "spot" Callaway 2014-05-12 14:32:44 UTC
No update yet. Still an active issue.

Comment 15 Bill McGonigle 2014-08-16 01:31:07 UTC
I had a need to help out a friend's tiny nonprofit with bitcoin so I made a couple small patches to add just this curve to the Fedora package on my desktop machine.  I put the patches up here:

  https://www.bfccomputing.com/downloads/fedora/openssl/secp256k1/

in case they'll help when we do get clearance to roll (whichever decade that is).  Aside: I understand the ecc legal landscape changed two weeks ago, for some curves and algorithms.

Anyway, I'm specifically not uploading the patches here so there's no chance of Fedora distribution of magic number sequences.

Comment 16 Tomas Mraz 2014-10-23 08:32:04 UTC
*** Bug 1155797 has been marked as a duplicate of this bug. ***

Comment 17 Jaroslav Reznik 2015-03-03 15:09:32 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 18 Phil 2015-03-23 13:31:39 UTC
again: any news on this?

Comment 19 Tom "spot" Callaway 2015-03-23 13:37:32 UTC
I'm still going back and forth with the lawyers on this. It is an open and active issue.

Comment 20 Neal Gompa 2015-07-03 20:51:39 UTC
Any improvements to the situation?

Comment 21 Jan Kurik 2015-07-15 14:44:36 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle.
Changing version to '23'.

(As we did not run this process for some time, it could affect also pre-Fedora 23 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23

Comment 22 Fedora Update System 2015-08-13 12:54:27 UTC
openssl-1.0.2d-2.fc23 has been submitted as an update for Fedora 23.
https://admin.fedoraproject.org/updates/openssl-1.0.2d-2.fc23

Comment 23 Fedora Update System 2015-08-13 12:54:37 UTC
openssl-1.0.1k-12.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/openssl-1.0.1k-12.fc22

Comment 24 Fedora Update System 2015-08-13 12:54:49 UTC
openssl-1.0.1k-12.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/openssl-1.0.1k-12.fc21

Comment 25 Peter Lemenkov 2015-08-13 12:56:53 UTC
Wow! That's a great news!

Comment 26 Tom "spot" Callaway 2015-08-13 13:15:25 UTC
Thanks for being patient on this.

Comment 27 Robert Scheck 2015-08-13 14:28:57 UTC
Wow, indeed great news - thank you! May I ask how this behaves for RHEL 6
and 7? Or shall I better contact GSS for this (via a ticket)?

Comment 28 Peter Robinson 2015-08-13 14:32:45 UTC
(In reply to Robert Scheck from comment #27)
> Wow, indeed great news - thank you! May I ask how this behaves for RHEL 6
> and 7? Or shall I better contact GSS for this (via a ticket)?

This is Fedora, nothing to do with the RHEL product, please use standard process for RHEL via the Red Hat Portal

Comment 29 Bill McGonigle 2015-08-13 22:36:01 UTC
spot - thank you for your service (this is tremendously helpful to so many projects).

Comment 30 Fedora Update System 2015-08-15 02:14:37 UTC
Package openssl-1.0.2d-2.fc23:
* should fix your issue,
* was pushed to the Fedora 23 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssl-1.0.2d-2.fc23'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-13475/openssl-1.0.2d-2.fc23
then log in and leave karma (feedback).

Comment 31 Fedora Update System 2015-08-18 05:18:44 UTC
openssl-1.0.1k-12.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 32 Fedora Update System 2015-08-18 05:24:50 UTC
openssl-1.0.1k-12.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 33 Fedora Update System 2015-09-01 03:36:55 UTC
openssl-1.0.2d-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.