TBB 3.5's OpenSSL was not built with NIST P224 and P256 curve support

When launching a freshly unzipped TBB-3.5-rc1 (only build 1, I think), and configuring a bridge in the TorLauncher first run dialogue, I get the following log message from tor:

Dec 13 00:42:38.000 [notice] We were built to run on a 64-bit CPU, with OpenSSL
 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated
 support for the NIST P-224 and P-256 groups. Building openssl with such support
 (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make
 ECDH much faster.

added MikePerry201403R component::applications/tor bundles/installation easy gitian owner::isis priority::medium resolution::fixed status::closed type::defect labels

Trac:
Cc: isis to isis, mikeperry
Owner: mikeperry to isis
Status: new to assigned

This is fixed in my branch fix/10383-openssl-nistp-build-flags.

It's here on github, or here on my personal git server (you can't pull from the second one, not even over HTTPS, unless I already have your SSH key, sorry).

Trac:
Status: assigned to needs_review

FWIW, the subject line is mildly inaccurate. These curves are supported by default: that message just means that they aren't accelerated by default.

Merged. All hail the NSA! We can totally trust their crypto primitives, right?

Out of curiosity, does anyone have any idea if the accelerated versions of the curves are any more or less safe against sidechannel/implementation issues than the default versions? Did agl write both versions?

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

Trac:
build.log

build failure log for openssl with enable-ec_nistp_64_gcc_128

Sadly this failed. It appears that the configure option is enable-ec_nistp_64_gcc_128, not --enable-ec_nistp_64_gcc_128. However, the problems go beyond that. The Linux tor build fails on the inline assembly. Possibly the gcc on Ubuntu 10.04 LTS is too old for this code?

I attached the build log if anyone wants to dig deeper.

Trac:
Resolution: fixed to N/A
Status: closed to reopened

Trac:
Status: reopened to needs_revision

Trac:
Cc: isis, mikeperry to isis, mikeperry, gk

In my experience this is working only on linux64 environment : it fails like it is reported in the attached log if the build platform is linux32

Replying to mikeperry:

Out of curiosity, does anyone have any idea if the accelerated versions of the curves are any more or less safe against sidechannel/implementation issues than the default versions?

The accelerated versions should have better side-channel resistance.

Replying to cypherpunks:

In my experience this is working only on linux64 environment : it fails like it is reported in the attached log if the build platform is linux32

Well, that would explain it. The "64" in these options mean that they only work on X86_64 (aka AMD64).

Replying to nickm:

Replying to cypherpunks:

In my experience this is working only on linux64 environment : it fails like it is reported in the attached log if the build platform is linux32

Well, that would explain it. The "64" in these options mean that they only work on X86_64 (aka AMD64).

Ok, I think we should be able to tweak this to only apply on 64bit targets easily enough. I will see if I can apply this patch with a conditional that checks for target bitwidth and get it to work.

Trac:
Keywords: N/A deleted, MikePerry201403R added

Ok, I pushed a conditional fix to the Linux descriptor. Should appear in the next nightly and the next TBB release.

Trac:
Resolution: N/A to fixed
Status: needs_revision to closed

closed