Bug 1164210 - Set enable-ec_nistp_64_gcc_128?
Summary: Set enable-ec_nistp_64_gcc_128?
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2014-11-14 11:06 UTC by Federico Leva
Modified: 2015-12-06 19:19 UTC (History)
6 users (show)

Fixed In Version: openssl-1.0.2e-1.fc23
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2015-12-06 19:19:11 UTC
Type: Bug

Attachments (Terms of Use)

Description Federico Leva 2014-11-14 11:06:49 UTC
I'm running a tor exit node and it works correctly, however:

Nov 14 11:59:12.000 [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster.

See http://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options , maybe it's useful.

$ rpm -qa | grep -E '^(tor|openssl)'

Comment 1 Tomas Mraz 2014-11-14 11:12:27 UTC
We do not support NIST P-224 at all due to legal reasons.

Comment 2 Michael Shigorin 2015-01-05 07:59:50 UTC
"Legal" as in certification issues, not swpats this time?

Comment 3 David Black 2015-08-13 12:04:21 UTC
Is the legal reason for not supporting NIST P-224 still in effect ?
If so is it specifically to do with NIST P-224 or to do with the code path enabled by compiling with enable-ec_nistp_64_gcc_128 ?

Regardless debian, ubuntu and a fair amount of other distributions compile with enable-ec_nistp_64_gcc_128 on at least amd64 by default. According to Adam Langley - 

> Bodo Moeller (from the OpenSSL core team, bodo AT openssl DOT org) had this to say when I asked him about this:

> "The main (or maybe only) reason this is not enabled automatically is that the 
>OpenSSL configure script is not clever enough to detect whether the compiler
>supports __uint128_t. If you can use this code, it is superior to the default in
> multiple regards (speed, and also security as the new implementations are secure against timing attacks)."

Comment 4 Hubert Kario 2015-11-02 12:25:19 UTC
While enabling P-224 is not really a good idea (it's weak and generally unused on the Internet). I don't see why we shouldn't be enabling faster implementation for P-256 and P-521.

Comment 5 Fedora Update System 2015-12-04 16:12:16 UTC
openssl-1.0.2e-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-605de37b7f

Comment 6 Fedora Update System 2015-12-06 17:21:06 UTC
openssl-1.0.2e-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update openssl'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-605de37b7f

Comment 7 Fedora Update System 2015-12-06 19:18:35 UTC
openssl-1.0.2e-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.