Re: [ext] Re: BUG #16815: Unable to use the X448 an X25519 elliptic curves.

Hi Tom,

after looking in the API of openssl, I see, that this curves use another
API part of openssl. They use the EVP_... calls of openssl.
See https://www.openssl.org/docs/manmaster/man7/X448.html for more.

This will be the reason, why the curve is know, but an key can't created.

Am 08.01.21 um 21:57 schrieb Tom Lane:
> PG Bug reporting form <noreply@postgresql.org> writes:
>> It looks like the curves with the upper X are known, but not correct
>> initialized.
>
> BTW, as far as that goes, I looked into the source code and found
>
>      nid = OBJ_sn2nid(SSLECDHCurve);
>      if (!nid)
>      {
>          ereport(isServerStart ? FATAL : LOG,
>                  (errcode(ERRCODE_CONFIG_FILE_ERROR),
>                   errmsg("ECDH: unrecognized curve name: %s", SSLECDHCurve)));
>          return false;
>      }
>
>      ecdh = EC_KEY_new_by_curve_name(nid);
>      if (!ecdh)
>      {
>          ereport(isServerStart ? FATAL : LOG,
>                  (errcode(ERRCODE_CONFIG_FILE_ERROR),
>                   errmsg("ECDH: could not create key")));
>          return false;
>      }
>
> So it would appear that "X448" and "X25519" are known as names for
> *some* sort of thing known to OpenSSL, but they aren't ECDH curves.
>
>             regards, tom lane
>


--
*Frank Büttner*
IT

MDC Berlin-Buch
Max-Delbrück-Centrum für Molekulare Medizin in der Helmholtz-Gemeinschaft
Robert-Rössle-Straße 10
13125 Berlin

☎ +49 30 9406 2038
℻ +49 30 9406 2599
✉ frank.buettner@mdc-berlin.de