Description of problem: EC functionality is not complete. Version-Release number of selected component (if applicable): every version including latest rawhide when this ticket was filed... How reproducible: Try to use functionality that is under the removed/hobbled state. Steps to Reproduce: 1. yum install openssl 2. openssl ecparam -genkey -name brainpoolP512r1 3. Actual results: unable to create curve (brainpoolP512r1) Expected results: It should work because EC patents have expired. -----BEGIN EC PARAMETERS----- (redacted) -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- (redacted) -----END EC PRIVATE KEY----- Additional info: The EC patents are marked should expire in the hobble-openssl script as "# EC: ????????? ??/??/2020" Please CC legal to confirm the Patents are expired, and should be included again.
Hi Robin, Thanks for bringing it up. Could you directly get in touch with Fedora legal team? We discussed a similar case for libgcrypt earlier, and the decision was to continue to not support brainpool curves. https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/thread/WUQNAB4EPWSJMMVECL2TZGKB5KIDESII/#WUQNAB4EPWSJMMVECL2TZGKB5KIDESII I will close this bug as WONT FIX for now. Once we have a decision from the legal team, let us look into the next steps. Hope this is fine for you. Thank you.
Hi Sahana, it looks like the ECC Brainpool curves can be included in Fedora now [1]. Thank you. [1] https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/message/752Z34MTHB6B4XRUW2TTAPEIUUK4O2LA/
Richard Fontana confirmed Brainpool ECC is allowed for Fedora in this RHBZ [1]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1413618#c14
*** This bug has been marked as a duplicate of bug 2141672 ***