Hi Tom,
after looking in the API of openssl, I see, that this curves use another
API part of openssl. They use the EVP_... calls of openssl.
See https://www.openssl.org/docs/manmaster/man7/X448.html for more.
This will be the reason, why the curve is know, but an key can't created.
Am 08.01.21 um 21:57 schrieb Tom Lane:
> PG Bug reporting form <noreply@postgresql.org> writes:
>> It looks like the curves with the upper X are known, but not correct
>> initialized.
>
> BTW, as far as that goes, I looked into the source code and found
>
> nid = OBJ_sn2nid(SSLECDHCurve);
> if (!nid)
> {
> ereport(isServerStart ? FATAL : LOG,
> (errcode(ERRCODE_CONFIG_FILE_ERROR),
> errmsg("ECDH: unrecognized curve name: %s", SSLECDHCurve)));
> return false;
> }
>
> ecdh = EC_KEY_new_by_curve_name(nid);
> if (!ecdh)
> {
> ereport(isServerStart ? FATAL : LOG,
> (errcode(ERRCODE_CONFIG_FILE_ERROR),
> errmsg("ECDH: could not create key")));
> return false;
> }
>
> So it would appear that "X448" and "X25519" are known as names for
> *some* sort of thing known to OpenSSL, but they aren't ECDH curves.
>
> regards, tom lane
>
--
*Frank Büttner*
IT
MDC Berlin-Buch
Max-Delbrück-Centrum für Molekulare Medizin in der Helmholtz-Gemeinschaft
Robert-Rössle-Straße 10
13125 Berlin
☎ +49 30 9406 2038
℻ +49 30 9406 2599
✉ frank.buettner@mdc-berlin.de