Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[solved] How do I build opensl with NIST P-224 and P-256 ?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3922
Location: Hamburg
PostPosted: Thu Jan 01, 2015 3:27 pm    Post subject: [solved] How do I build opensl with NIST P-224 and P-256 ? Reply with quote
read this in the tor log :
Code:
Jan 01 15:13:18.000 [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster.


Last edited by toralf on Fri Jan 02, 2015 7:08 pm; edited 1 time in total
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
PostPosted: Fri Jan 02, 2015 1:41 pm    Post subject: Re: How do I build opensl with NIST P-224 and P-256 ? Reply with quote
toralf ... you could try using package.env (untested)

/etc/portage/env/openssl.conf
Code:
EXTRA_ECONF="enable-ec_nistp_64_gcc_128"

/etc/portage/package.env
Code:
dev-libs/openssl openssl.conf

HTH & best ... khay
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3922
Location: Hamburg
PostPosted: Fri Jan 02, 2015 6:12 pm    Post subject: Reply with quote
Hhm, won't work :
Code:
$> grep nist /etc/portage/package.env
dev-libs/openssl  test ssl_nist

$> cat /etc/portage/env/ssl_nist
EXTRA_ECONF="enable-ec_nistp_64_gcc_128"

$> zgrep nistp.64 *openssl* *openssl*2015*
dev-libs:openssl-1.0.1j:20150102-135319.log.gz:    no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
:-(
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
PostPosted: Fri Jan 02, 2015 6:39 pm    Post subject: Reply with quote
toralf ...

ok, bug 469976 seems to provide the rational of why its disabled. The specific section {dis,en}abling this is line 128 of the ebuild so its easily copied to a local overlay and uncommented.

best ... khay
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3922
Location: Hamburg
PostPosted: Fri Jan 02, 2015 7:07 pm    Post subject: Reply with quote
khayyam wrote:
toralf ...

ok, bug 469976 seems to provide the rational of why its disabled. The specific section {dis,en}abling this is line 128 of the ebuild so its easily copied to a local overlay and uncommented.

best ... khay
ick - thx kay for pointing me to that bug, wasn't aware of it.

Well, I'll not test this at my tor relay - so I'll live w/o NIST algos.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy