Description of problem: For some reason ECC was limited to a subset of the NIST ECC. After some investigation of RH-legal Brainpool ECC is now allowed in Fedora. Expected results: Brainpool ECC will be supported. Additional info: Richard Fontana confirmed Brainpool ECC is allowed for Fedora in this RHBZ [1]. Matthew Miller confirmed on Fedora legal mailinglist [2]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1413618#c14 [2] https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/message/752Z34MTHB6B4XRUW2TTAPEIUUK4O2LA/
*** Bug 1976662 has been marked as a duplicate of this bug. ***
I would like to enable the OpenSSL crypto backend in sequoia-openpgp v1.13.0 (which will be used for the RPM GPG backend in the future, instead of Nettle), but this assumes that OpenSSL was built with Brainpool curves enabled.
If I remember correctly, currently we disable Brainpool curves on the hobbling stage. Would you mind to submit a patch?
This bug appears to have been reported against 'rawhide' during the Fedora Linux 38 development cycle. Changing version to 38.
I don't understand why this bug is closed: As far as I can see the hobble script still removes the brainpool curves. On my rawhide machine I also don't see the brainpool curves: # openssl ecparam -list_curves secp224r1 : NIST/SECG curve over a 224 bit prime field secp256k1 : SECG curve over a 256 bit prime field secp384r1 : NIST/SECG curve over a 384 bit prime field secp521r1 : NIST/SECG curve over a 521 bit prime field prime256v1: X9.62/SECG curve over a 256 bit prime field while I expected something like this (Debian output): ... brainpoolP160r1: RFC 5639 curve over a 160 bit prime field brainpoolP160t1: RFC 5639 curve over a 160 bit prime field brainpoolP192r1: RFC 5639 curve over a 192 bit prime field brainpoolP192t1: RFC 5639 curve over a 192 bit prime field brainpoolP224r1: RFC 5639 curve over a 224 bit prime field brainpoolP224t1: RFC 5639 curve over a 224 bit prime field brainpoolP256r1: RFC 5639 curve over a 256 bit prime field brainpoolP256t1: RFC 5639 curve over a 256 bit prime field brainpoolP320r1: RFC 5639 curve over a 320 bit prime field brainpoolP320t1: RFC 5639 curve over a 320 bit prime field brainpoolP384r1: RFC 5639 curve over a 384 bit prime field brainpoolP384t1: RFC 5639 curve over a 384 bit prime field brainpoolP512r1: RFC 5639 curve over a 512 bit prime field brainpoolP512t1: RFC 5639 curve over a 512 bit prime field ... Am I missing something?
Whoops. Sorry, misclick. Thank you for your attention!
FEDORA-2023-493fb6034b has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
Sahana, thanks for your update. I can use brainpool in rawhide now. Any chance that we can also update F38?
FEDORA-2023-931b7f44af has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-931b7f44af
FEDORA-2023-931b7f44af has been pushed to the Fedora 38 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-931b7f44af See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-931b7f44af has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.