Bug 1021898
Summary: | Enable curve secp256k1 | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Cesar Eduardo Barros <cesarb> |
Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 23 | CC: | beaaegicfqmq6rykaqaakty3lqcg6btv, bill-bugzilla.redhat.com, bztdlinux, d3matt, dap78, error, fschwarz, gbauman, geertj, germano.massullo, gmaxwell, grinnz, harald, hkario, janfrode, jorti, jv+fedora, jwelsh-rhbz, jyundt, krzysztof.jurewicz, lanxingcan, lemenkov, lmacken, luke-jr+redhatbugs, neteler, ngompa13, ol+redhat, pbrobinson, rc556677, redhat-bugzilla, redhat, RedHat-User, rgasch, rsawhill, rudd-o, samuel-rhbugs, sandro, scott, spam, spital, tcallawa, tmraz, tomek, twillber, vg.aetera, von, wtogami, yann |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | 1.0.2d-2.fc23 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-08-18 05:18:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 182235, 1019390, 1020292 |
Description
Cesar Eduardo Barros
2013-10-22 09:47:25 UTC
Ping? Blocked on Fedora legal. Can someone explain how to build a custom RPM which includes chipers fedora cannot ship because of software patents? Such questions clearly cannot be answered here. openssl is still crippled in openssl up to 1.0.1e-34. $ openssl ecparam -list_curves secp384r1 : NIST/SECG curve over a 384 bit prime field secp521r1 : NIST/SECG curve over a 521 bit prime field prime256v1: X9.62/SECG curve over a 256 bit prime field I understand there might be legal issues but why does almost _every other_ distribution include all elliptic curves openssl offers? $ openssl ecparam -list_curves | grep -c : 67 I suggest commenting out the symbols from the headers until Fedora Legal is happy... *** Bug 1045987 has been marked as a duplicate of this bug. *** ping ? Matthew : Do you have more informations to do that ? no news on this? any update on this issue? No update yet. Still an active issue. I had a need to help out a friend's tiny nonprofit with bitcoin so I made a couple small patches to add just this curve to the Fedora package on my desktop machine. I put the patches up here: https://www.bfccomputing.com/downloads/fedora/openssl/secp256k1/ in case they'll help when we do get clearance to roll (whichever decade that is). Aside: I understand the ecc legal landscape changed two weeks ago, for some curves and algorithms. Anyway, I'm specifically not uploading the patches here so there's no chance of Fedora distribution of magic number sequences. *** Bug 1155797 has been marked as a duplicate of this bug. *** This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22 again: any news on this? I'm still going back and forth with the lawyers on this. It is an open and active issue. Any improvements to the situation? This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle. Changing version to '23'. (As we did not run this process for some time, it could affect also pre-Fedora 23 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23 openssl-1.0.2d-2.fc23 has been submitted as an update for Fedora 23. https://admin.fedoraproject.org/updates/openssl-1.0.2d-2.fc23 openssl-1.0.1k-12.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/openssl-1.0.1k-12.fc22 openssl-1.0.1k-12.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/openssl-1.0.1k-12.fc21 Wow! That's a great news! Thanks for being patient on this. Wow, indeed great news - thank you! May I ask how this behaves for RHEL 6 and 7? Or shall I better contact GSS for this (via a ticket)? (In reply to Robert Scheck from comment #27) > Wow, indeed great news - thank you! May I ask how this behaves for RHEL 6 > and 7? Or shall I better contact GSS for this (via a ticket)? This is Fedora, nothing to do with the RHEL product, please use standard process for RHEL via the Red Hat Portal spot - thank you for your service (this is tremendously helpful to so many projects). Package openssl-1.0.2d-2.fc23: * should fix your issue, * was pushed to the Fedora 23 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssl-1.0.2d-2.fc23' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-13475/openssl-1.0.2d-2.fc23 then log in and leave karma (feedback). openssl-1.0.1k-12.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. openssl-1.0.1k-12.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. openssl-1.0.2d-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |