BUG #16815: Unable to use the X448 an X25519 elliptic curves.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

BUG #16815: Unable to use the X448 an X25519 elliptic curves.

apt.postgresql.org Repository Update
The following bug has been logged on the website:

Bug reference:      16815
Logged by:          - -
Email address:      [hidden email]
PostgreSQL version: 13.1
Operating system:   CentOS8
Description:        

The openssl version that comes with CentOS8 will support both curves.
And using the curves with the apache for example will work, so it is not an
OS related problem.
SSLOpenSSLConfCmd Groups "X448:X25519:secp521r1:secp384r1" will work.
But try the same curves on postgresql 13 will fail.
ssl_ecdh_curve  = 'X448' or
ssl_ecdh_curve  = 'X25519'
will fail with:
FATAL:  ECDH: could not create key
using the lower X it fails with:
FATAL:  ECDH: unrecognized curve name: x25519
Only the NIST ones like secp521r1 will work.

It looks like the curves with the upper X are known, but not correct
initialized.

Reply | Threaded
Open this post in threaded view
|

Re: BUG #16815: Unable to use the X448 an X25519 elliptic curves.

Tom Lane-2
PG Bug reporting form <[hidden email]> writes:
> The openssl version that comes with CentOS8 will support both curves.
> And using the curves with the apache for example will work, so it is not an
> OS related problem.
> SSLOpenSSLConfCmd Groups "X448:X25519:secp521r1:secp384r1" will work.
> But try the same curves on postgresql 13 will fail.
> ssl_ecdh_curve  = 'X448' or
> ssl_ecdh_curve  = 'X25519'

According to the fine manual, the allowed values for ssl_ecdh_curve
on a given system can be found out with "openssl ecparam -list_curves".
When I do that on a RHEL8 or CentOS8 system, I get

$ openssl ecparam -list_curves
  secp224r1 : NIST/SECG curve over a 224 bit prime field
  secp256k1 : SECG curve over a 256 bit prime field
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field

I have no idea what X448 and X25519 are, but they don't seem
to be known in a default Red Hat installation.  It's entirely
possible that the Apache config command you show above is
"working" because it ignores unknown entries.  (But I know zip
about Apache, so I might be wrong.)

                        regards, tom lane


Reply | Threaded
Open this post in threaded view
|

Re: BUG #16815: Unable to use the X448 an X25519 elliptic curves.

Tom Lane-2
In reply to this post by apt.postgresql.org Repository Update
PG Bug reporting form <[hidden email]> writes:
> It looks like the curves with the upper X are known, but not correct
> initialized.

BTW, as far as that goes, I looked into the source code and found

    nid = OBJ_sn2nid(SSLECDHCurve);
    if (!nid)
    {
        ereport(isServerStart ? FATAL : LOG,
                (errcode(ERRCODE_CONFIG_FILE_ERROR),
                 errmsg("ECDH: unrecognized curve name: %s", SSLECDHCurve)));
        return false;
    }

    ecdh = EC_KEY_new_by_curve_name(nid);
    if (!ecdh)
    {
        ereport(isServerStart ? FATAL : LOG,
                (errcode(ERRCODE_CONFIG_FILE_ERROR),
                 errmsg("ECDH: could not create key")));
        return false;
    }

So it would appear that "X448" and "X25519" are known as names for
*some* sort of thing known to OpenSSL, but they aren't ECDH curves.

                        regards, tom lane


Reply | Threaded
Open this post in threaded view
|

Re: [ext] Re: BUG #16815: Unable to use the X448 an X25519 elliptic curves.

Frank Büttner
Hi Tom,

after looking in the API of openssl, I see, that this curves use another
API part of openssl. They use the EVP_... calls of openssl.
See https://www.openssl.org/docs/manmaster/man7/X448.html for more.

This will be the reason, why the curve is know, but an key can't created.

Am 08.01.21 um 21:57 schrieb Tom Lane:

> PG Bug reporting form <[hidden email]> writes:
>> It looks like the curves with the upper X are known, but not correct
>> initialized.
>
> BTW, as far as that goes, I looked into the source code and found
>
>      nid = OBJ_sn2nid(SSLECDHCurve);
>      if (!nid)
>      {
>          ereport(isServerStart ? FATAL : LOG,
>                  (errcode(ERRCODE_CONFIG_FILE_ERROR),
>                   errmsg("ECDH: unrecognized curve name: %s", SSLECDHCurve)));
>          return false;
>      }
>
>      ecdh = EC_KEY_new_by_curve_name(nid);
>      if (!ecdh)
>      {
>          ereport(isServerStart ? FATAL : LOG,
>                  (errcode(ERRCODE_CONFIG_FILE_ERROR),
>                   errmsg("ECDH: could not create key")));
>          return false;
>      }
>
> So it would appear that "X448" and "X25519" are known as names for
> *some* sort of thing known to OpenSSL, but they aren't ECDH curves.
>
> regards, tom lane
>

--
*Frank Büttner*
IT

MDC Berlin-Buch
Max-Delbrück-Centrum für Molekulare Medizin in der Helmholtz-Gemeinschaft
Robert-Rössle-Straße 10
13125 Berlin

☎ +49 30 9406 2038
℻ +49 30 9406 2599
[hidden email]


smime.p7s (7K) Download Attachment