1255248 – Enable curve secp256k1 in OpenSSL

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1255248 - Enable curve secp256k1 in OpenSSL

Summary: Enable curve secp256k1 in OpenSSL

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	openssl
Sub Component:
Version:	7.1
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Tomas Mraz
QA Contact:	Stefan Dordevic
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1324263 (view as bug list)
Depends On:
Blocks:	1203710 1420851
TreeView+	depends on / blocked

Reported:	2015-08-20 06:33 UTC by Bharti Kundal
Modified:	2020-09-10 09:25 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openssl-1.0.2k-1.el7
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-01 18:16:10 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:1929	0	normal	SHIPPED_LIVE	openssl bug fix and enhancement update	2017-08-01 18:08:01 UTC

Description Bharti Kundal 2015-08-20 06:33:23 UTC

Description of problem:

Seems that the version of Openssl on RHEl 6 and RHEL 7 :OpenSSL 1.0.1e-fips 11 Feb 2013 and  do not provide secp256k1.

    1. Proposed title of this feature request  
>>>Enable curve secp256k1 in OpenSSL
      
      
    2. Who is the customer behind the request?  
    Account: name and acct # 1319153 Etes GmbH
      
    TAM customer: no
    SRM customer: no
    Strategic: no
      
    3. What is the nature and description of the request?  
>>curve secp256k1 in OpenSSL is enabled for Fedora and likely needs to be included in RHEL 
      
    4. Why does the customer need this? (List the business requirements here)
>>>There is not yet a specific business requirement, however they think that having the same cryptography options like in Fedora avoids a lack of them at a later time. The intention is to query this early with lower priority in order to hopefully have this feature at a later time when it is needed.  
      
    5. How would the customer like to achieve this? (List the functional requirements here)  
>>>enable the curve in the OpenSSL 
      
    6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  
>>>
      
    7. Is there already an existing RFE upstream or in Red Hat Bugzilla? 
>>>Yes https://bugzilla.redhat.com/show_bug.cgi?id=1021898 
      
    8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  
>>>No specific timeline. RHEL 7, RHEL 6

      
    9. Is the sales team involved in this request and do they have any additional input?  
>>>No
      
    10. List any affected packages or components.  
>>>OpenSSL
      
    11. Would the customer be able to assist in testing this functionality if implemented?  
>>>Yes



Version-Release number of selected component (if applicable):OpenSSL 1.0.1e


How reproducible:


Steps to Reproduce:
1.Run the following command to check for the list of available ciphers:

[bkundal@bkundal ~]$ openssl ecparam -list_curves
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field

This does not list the secp256k1

Additional information:

curve secp256k1 in OpenSSL is enabled for Fedora

Comment 5 Tomas Mraz 2016-09-29 14:45:32 UTC

*** Bug 1324263 has been marked as a duplicate of this bug. ***

Comment 10 errata-xmlrpc 2017-08-01 18:16:10 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1929

Note You need to log in before you can comment on or make changes to this bug.