whooo
commented
3 months ago Just so I know, is this related to missing ECC curves in some distributions (due to patents)?
Closed Jakuje closed 2 months ago
whooo
commented
3 months ago Just so I know, is this related to missing ECC curves in some distributions (due to patents)?
Jakuje
commented
3 months ago I do not know all the background, but the reason for excluding the P-192 I remember was that its too small to be secure.
Fedora spec file is not much more verbose either:
https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/openssl.spec#_65
whooo
commented
2 months ago You should be able to switch to another curve available in the openssl/cryptography, the check is done on cryptography types, so the curve doesn't need to be available in the TPM simulator
Jakuje
commented
2 months ago Indeed! You are right. This fails early before getting to the tpm2 so we could use any other that should be widely available, such as ec.SECP384R1. Let see if it will work in all the cases. Verified it works on Fedora rawhide (in mock).
whooo
commented
2 months ago The build error is fixed on master now, could you rebase and push?
Jakuje
commented
2 months ago Reran, but there is still some likely intermittent failure.
whooo
commented
2 months ago Thanks for your continuing contributions!
and fix the typo in the curve name in other places this is used.