Bug 1021898 - Enable curve secp256k1
Enable curve secp256k1
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
: 1045987 1155797 (view as bug list)
Depends On:
Blocks: FE-Legal 1020292 ecc
  Show dependency treegraph
 
Reported: 2013-10-22 05:47 EDT by Cesar Eduardo Barros
Modified: 2015-08-31 23:37 EDT (History)
48 users (show)

See Also:
Fixed In Version: 1.0.2d-2.fc23
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-18 01:18:44 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Cesar Eduardo Barros 2013-10-22 05:47:25 EDT
The curve secp256k1 is used by the popular Bitcoin software.
Comment 1 Tomasz Torcz 2013-11-18 12:17:31 EST
Ping?
Comment 2 Tomas Mraz 2013-11-18 12:52:40 EST
Blocked on Fedora legal.
Comment 3 Alessio Caiazza 2013-11-21 05:28:35 EST
Can someone explain how to build a custom RPM which includes chipers fedora cannot ship because of software patents?
Comment 4 Tomas Mraz 2013-11-21 07:10:09 EST
Such questions clearly cannot be answered here.
Comment 7 Phil 2013-12-02 07:15:11 EST
openssl is still crippled in openssl up to 1.0.1e-34.

$ openssl ecparam -list_curves
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field


I understand there might be legal issues but why does almost _every other_ distribution include all elliptic curves openssl offers?

$ openssl ecparam -list_curves | grep -c :
67
Comment 8 Matthew Stoltenberg 2013-12-27 21:19:58 EST
I suggest commenting out the symbols from the headers until Fedora Legal is happy...
Comment 9 Tomas Mraz 2013-12-28 04:46:04 EST
*** Bug 1045987 has been marked as a duplicate of this bug. ***
Comment 10 Thynson 2014-01-09 21:51:46 EST
ping ?
Comment 11 DIA Sammy 2014-01-22 02:18:23 EST
Matthew :
Do you have more informations to do that ?
Comment 12 Phil 2014-02-21 06:07:26 EST
no news on this?
Comment 13 Dan Book 2014-05-10 14:16:56 EDT
any update on this issue?
Comment 14 Tom "spot" Callaway 2014-05-12 10:32:44 EDT
No update yet. Still an active issue.
Comment 15 Bill McGonigle 2014-08-15 21:31:07 EDT
I had a need to help out a friend's tiny nonprofit with bitcoin so I made a couple small patches to add just this curve to the Fedora package on my desktop machine.  I put the patches up here:

  https://www.bfccomputing.com/downloads/fedora/openssl/secp256k1/

in case they'll help when we do get clearance to roll (whichever decade that is).  Aside: I understand the ecc legal landscape changed two weeks ago, for some curves and algorithms.

Anyway, I'm specifically not uploading the patches here so there's no chance of Fedora distribution of magic number sequences.
Comment 16 Tomas Mraz 2014-10-23 04:32:04 EDT
*** Bug 1155797 has been marked as a duplicate of this bug. ***
Comment 17 Jaroslav Reznik 2015-03-03 10:09:32 EST
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Comment 18 Phil 2015-03-23 09:31:39 EDT
again: any news on this?
Comment 19 Tom "spot" Callaway 2015-03-23 09:37:32 EDT
I'm still going back and forth with the lawyers on this. It is an open and active issue.
Comment 20 Neal Gompa 2015-07-03 16:51:39 EDT
Any improvements to the situation?
Comment 21 Jan Kurik 2015-07-15 10:44:36 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle.
Changing version to '23'.

(As we did not run this process for some time, it could affect also pre-Fedora 23 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23
Comment 22 Fedora Update System 2015-08-13 08:54:27 EDT
openssl-1.0.2d-2.fc23 has been submitted as an update for Fedora 23.
https://admin.fedoraproject.org/updates/openssl-1.0.2d-2.fc23
Comment 23 Fedora Update System 2015-08-13 08:54:37 EDT
openssl-1.0.1k-12.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/openssl-1.0.1k-12.fc22
Comment 24 Fedora Update System 2015-08-13 08:54:49 EDT
openssl-1.0.1k-12.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/openssl-1.0.1k-12.fc21
Comment 25 Peter Lemenkov 2015-08-13 08:56:53 EDT
Wow! That's a great news!
Comment 26 Tom "spot" Callaway 2015-08-13 09:15:25 EDT
Thanks for being patient on this.
Comment 27 Robert Scheck 2015-08-13 10:28:57 EDT
Wow, indeed great news - thank you! May I ask how this behaves for RHEL 6
and 7? Or shall I better contact GSS for this (via a ticket)?
Comment 28 Peter Robinson 2015-08-13 10:32:45 EDT
(In reply to Robert Scheck from comment #27)
> Wow, indeed great news - thank you! May I ask how this behaves for RHEL 6
> and 7? Or shall I better contact GSS for this (via a ticket)?

This is Fedora, nothing to do with the RHEL product, please use standard process for RHEL via the Red Hat Portal
Comment 29 Bill McGonigle 2015-08-13 18:36:01 EDT
spot - thank you for your service (this is tremendously helpful to so many projects).
Comment 30 Fedora Update System 2015-08-14 22:14:37 EDT
Package openssl-1.0.2d-2.fc23:
* should fix your issue,
* was pushed to the Fedora 23 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssl-1.0.2d-2.fc23'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-13475/openssl-1.0.2d-2.fc23
then log in and leave karma (feedback).
Comment 31 Fedora Update System 2015-08-18 01:18:44 EDT
openssl-1.0.1k-12.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 32 Fedora Update System 2015-08-18 01:24:50 EDT
openssl-1.0.1k-12.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 33 Fedora Update System 2015-08-31 23:36:55 EDT
openssl-1.0.2d-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.