Opened 2 years ago
Last modified 2 years ago
#23232 needs_information enhancement
misleading log message related to used SSL vendor
Reported by: | toralf | Owned by: | |
---|---|---|---|
Priority: | Low | Milestone: | Tor: unspecified |
Component: | Core Tor/Tor | Version: | Tor: 0.3.1.5-alpha |
Severity: | Trivial | Keywords: | |
Cc: | Actual Points: | ||
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
At a stable Gentoo Linux with LibreSSL I do get :
We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster.
That hint is however not applicable to LibreSSL, isn't it ?
Child Tickets
Change History (5)
comment:1 Changed 2 years ago by
comment:2 Changed 2 years ago by
Milestone: | → Tor: unspecified |
---|---|
Status: | new → needs_information |
comment:4 Changed 2 years ago by
Why should LibreSSL include more than one ECDH implementation? It is an OpenSSL specific option so the warning should only appear if tor is using OpenSSL.
LibreSSL offers the following optional features (excerpt from ./configure --help
):
Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-silent-rules less verbose build output (undo: "make V=1") --disable-silent-rules verbose build output (undo: "make V=0") --enable-dependency-tracking do not reject slow dependency extractors --disable-dependency-tracking speeds up one-time build --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --enable-nc Enable installing TLS-enabled nc(1) --disable-hardening Disable options to frustrate memory corruption exploits --enable-windows-ssp Enable building the stack smashing protection on Windows. This currently distributing libssp-0.dll. --enable-extratests Enable extra tests that may be unreliable on some platforms --disable-asm Disable assembly
comment:5 Changed 2 years ago by
Why should LibreSSL include more than one ECDH implementation?
Ask the LibreSSL developers that question, they ship several.
As far as I can tell, if the tor warning message is getting displayed on a LibreSSL system, the library isn't using any of the fast EC implementations that are present in the source tree (agl's or Gueron/Krasnov's).
https://github.com/libressl-portable/openbsd/tree/master/src/lib/libcrypto/ec
Is it? I don't know if it is. Does LibreSSL always include the fast ecdh implementation, or never include it, or something else?