Re: [ext] Re: BUG #16815: Unable to use the X448 an X25519 elliptic curves.

Hi Tom,

after looking in the API of openssl, I see, that this curves use another
API part of openssl. They use the EVP_... calls of openssl.
See https://www.openssl.org/docs/manmaster/man7/X448.html for more.

This will be the reason, why the curve is know, but an key can't created.

Am 08.01.21 um 21:57 schrieb Tom Lane:
> PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
>> It looks like the curves with the upper X are known, but not correct
>> initialized.
>
> BTW, as far as that goes, I looked into the source code and found
>
> nid = OBJ_sn2nid(SSLECDHCurve);
> if (!nid)
> {
> ereport(isServerStart ? FATAL : LOG,
> (errcode(ERRCODE_CONFIG_FILE_ERROR),
> errmsg("ECDH: unrecognized curve name: %s", SSLECDHCurve)));
> return false;
> }
>
> ecdh = EC_KEY_new_by_curve_name(nid);
> if (!ecdh)
> {
> ereport(isServerStart ? FATAL : LOG,
> (errcode(ERRCODE_CONFIG_FILE_ERROR),
> errmsg("ECDH: could not create key")));
> return false;
> }
>
> So it would appear that "X448" and "X25519" are known as names for
> *some* sort of thing known to OpenSSL, but they aren't ECDH curves.
>
> regards, tom lane
>

--
*Frank Büttner*
IT

MDC Berlin-Buch
Max-Delbrück-Centrum für Molekulare Medizin in der Helmholtz-Gemeinschaft
Robert-Rössle-Straße 10
13125 Berlin

☎ +49 30 9406 2038
℻ +49 30 9406 2599
✉ frank(dot)buettner(at)mdc-berlin(dot)de