Bug 13269

Summary: Compile OpenSSL with enable-ec_nistp_64_gcc_128 option
Product: Mageia Reporter: Johnny Accot <accot>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: Normal CC: fundawang, guillomovitch, luigiwalser
Version: CauldronKeywords: Triaged
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: openssl-1.0.1g-3.mga5.src.rpm CVE:
Status comment:

Description Johnny Accot 2014-04-25 12:46:01 CEST 
Running the Tor daemon and looking at /var/log/tor/tor.log one can see the following notice:

"We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster."

The OpenSSL Wiki at:

http://wiki.openssl.org/index.php/Compilation_and_Installation

says about that option:

"Use on x64 platforms when GCC supports __uint128_t. ECDH is about 2 to 4 times faster. Not enabled by default because Configure can't determine it."

I successfully rebuilt the OpenSSL packages with that option enabled on an up-to-date Cauldron x86_64 host, so gcc seems to have what is needed.  Maybe it would make sense to add that option when building the OpenSSL packages in the distribution.  I simply added enable-ec_nistp_64_gcc_128 on the configure line in openssl.spec but it may need a test on the architecture.
Johnny Accot 2014-04-25 12:46:50 CEST

Hardware: i586 => x86_64

Manuel Hiebel 2014-05-01 20:11:36 CEST

Keywords: (none) => Triaged
CC: (none) => fundawang, guillomovitch, luigiwalser

Comment 1 Johnny Accot 2014-09-02 21:15:59 CEST 
According to the openssl-package changelog (rpm -q --changelog openssl|head), the enable-ec_nistp_64_gcc_128 option was enabled in package release 1.0.1h-2.mga5, built on June 26.  I want to mention I have not noticed any OpenSSL problem since then on a x86_64 cauldron.  If there has been no negative feedback on any platform, would it make sense to close this bug?
Comment 2 David Walser 2014-09-02 21:17:32 CEST 
Indeed, Guillaume did fix this.  Thanks for the reminder.

Status: NEW => RESOLVED
Resolution: (none) => FIXED