1019222 – Re-enable elliptic curve cryptography (ecc) in openssh

Bug 1019222 - Re-enable elliptic curve cryptography (ecc) in openssh

Summary: Re-enable elliptic curve cryptography (ecc) in openssh

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssh
Sub Component:
Version:	19
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Petr Lautrbach
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	1023945
Blocks:	ecc
TreeView+	depends on / blocked

Reported:	2013-10-15 10:20 UTC by Scott Schmit
Modified:	2014-01-07 09:54 UTC (History)
CC List:	17 users (show)
Fixed In Version:
Clone Of:	1019216
Clones:	1022904 (view as bug list)
Environment:
Last Closed:	2014-01-07 09:54:35 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Patch to sshd-keygen to generate ECDSA keys (1.15 KB, patch) 2013-10-15 10:20 UTC, Scott Schmit	no flags	Details \| Diff
View All

Description Scott Schmit 2013-10-15 10:20:58 UTC

Created attachment 812415 [details]
Patch to sshd-keygen to generate ECDSA keys

Description of problem:
The current version of the openssh package does not support elliptic curve cryptography algorithms. Support is available upstream.

Version-Release number of selected component (if applicable):
openssh-6.2p2-5.fc19.x86_64

How reproducible:
100%

Steps to Reproduce:
1. ssh-keygen -t ecdsa

Actual results:
ECC key generation works

Expected results:
ECC key generation does not work

Additional info:
openssl has now been allowed to re-enable ECC: Bug 319901

For the most part, openssh simply needs to be rebuilt against a version of openssl with ECC enabled, but there are currently a few other issues:
* Host key generation doesn't include generation of ecdsa keys
* openssh doesn't build with openssh-6.2p1-fips.patch and openssh-6.2p1-ctr-cavstest.patch

I don't mean to exclude other versions of Fedora, but F19 is what I use, and I'm not sure of the nss version in F18, etc.

Comment 1 Fedora Update System 2013-10-25 11:29:22 UTC

openssh-6.3p1-3.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/openssh-6.3p1-3.fc20

Comment 2 lnie 2013-10-28 06:32:45 UTC

seems fine with openssh-6.3p1-3.fc20

Comment 3 Sergio Pascual 2013-10-28 12:14:48 UTC

Hostkey creation it's missing (see dependant bug)

Comment 4 Fedora Update System 2013-11-10 08:07:44 UTC

openssh-6.3p1-4.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Scott Shambarger 2013-11-15 15:25:35 UTC

Is it possible to get a build for F19? (as this bug is assigned to it :)

Comment 6 Fedora Update System 2013-11-18 13:30:48 UTC

openssh-6.2p2-6.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/openssh-6.2p2-6.fc19

Comment 7 Fedora Update System 2013-11-18 15:25:59 UTC

openssh-6.1p1-10.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/openssh-6.1p1-10.fc18

Comment 8 Fedora Update System 2013-11-19 05:27:28 UTC

openssh-6.2p2-6.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Julio Merino 2013-11-26 14:50:59 UTC

In f20, I was unable to SSH to NetBSD hosts due to their keys using ECDSA.  With this update, the problem is gone for me.

Comment 10 Fedora Update System 2013-12-09 02:03:20 UTC

openssh-6.1p1-10.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.