Bug 1255248 - Enable curve secp256k1 in OpenSSL
Summary: Enable curve secp256k1 in OpenSSL
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openssl
Version: 7.1
Hardware: Unspecified
OS: Linux
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: Stefan Dordevic
: 1324263 (view as bug list)
Depends On:
Blocks: 1203710 1420851
TreeView+ depends on / blocked
Reported: 2015-08-20 06:33 UTC by Bharti Kundal
Modified: 2020-09-10 09:25 UTC (History)
7 users (show)

Fixed In Version: openssl-1.0.2k-1.el7
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2017-08-01 18:16:10 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1929 0 normal SHIPPED_LIVE openssl bug fix and enhancement update 2017-08-01 18:08:01 UTC

Description Bharti Kundal 2015-08-20 06:33:23 UTC
Description of problem:

Seems that the version of Openssl on RHEl 6 and RHEL 7 :OpenSSL 1.0.1e-fips 11 Feb 2013 and  do not provide secp256k1.

    1. Proposed title of this feature request  
>>>Enable curve secp256k1 in OpenSSL
    2. Who is the customer behind the request?  
    Account: name and acct # 1319153 Etes GmbH
    TAM customer: no
    SRM customer: no
    Strategic: no
    3. What is the nature and description of the request?  
>>curve secp256k1 in OpenSSL is enabled for Fedora and likely needs to be included in RHEL 
    4. Why does the customer need this? (List the business requirements here)
>>>There is not yet a specific business requirement, however they think that having the same cryptography options like in Fedora avoids a lack of them at a later time. The intention is to query this early with lower priority in order to hopefully have this feature at a later time when it is needed.  
    5. How would the customer like to achieve this? (List the functional requirements here)  
>>>enable the curve in the OpenSSL 
    6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  
    7. Is there already an existing RFE upstream or in Red Hat Bugzilla? 
>>>Yes https://bugzilla.redhat.com/show_bug.cgi?id=1021898 
    8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  
>>>No specific timeline. RHEL 7, RHEL 6

    9. Is the sales team involved in this request and do they have any additional input?  
    10. List any affected packages or components.  
    11. Would the customer be able to assist in testing this functionality if implemented?  

Version-Release number of selected component (if applicable):OpenSSL 1.0.1e

How reproducible:

Steps to Reproduce:
1.Run the following command to check for the list of available ciphers:

[bkundal@bkundal ~]$ openssl ecparam -list_curves
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field

This does not list the secp256k1

Additional information:

curve secp256k1 in OpenSSL is enabled for Fedora

Comment 5 Tomas Mraz 2016-09-29 14:45:32 UTC
*** Bug 1324263 has been marked as a duplicate of this bug. ***

Comment 10 errata-xmlrpc 2017-08-01 18:16:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.