Build OpenSSL with EC, Write spec file, add to a personal respository

[Tuxavant]

I would like someone to walk me through:

• Build OpenSSL with EC
• Write a RPM Spec file for installation
• Create a repository instance
• Add my RPM to the repository

Does anyone have the patience to guide me: Start here, do this, do that.

Update: My intension here is to provide an EC enabled OpenSSL RPM for myself and others so that Bitcoin related sourcecode can be compiled on those systems a bit easier. Please keep this in mind while guiding me so that in the end, all they have to is add my repository to yum and it will override what's in the fedora repositories. I'll want to have my own pgp key for signing and such so I'll need to cover all these topics in this thread.


What I got so far:

Quote:

cd ~/tmp/openssl/
wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz
tar zxvf openssl-1.0.1c.tar.gz
cd openssl-1.0.1c
./config --prefix=~/tmp/openssl/build
make
make install

[stevea]

Quote:

Originally Posted by Tuxavant

I would like someone to walk me through:

• Build OpenSSL with EC
• Write a RPM Spec file for installation
• Create a repository instance
• Add my RPM to the repository

Does anyone have the patience to guide me: Start here, do this, do that.

Nice idea - but it's not gonna happen.
The elliptic curve cryptography is controlled by patents by Certicom (a Canadian company)
http://en.wikipedia.org/wiki/ECC_patents
It appears the patents are related to the implementation, not the mechanism of the crypto, so there is a good likelihood that in the future some algorithms based on RFC6090 will evolve. http://tools.ietf.org/html/rfc6090 This is a sad situation since the EC algorithms provide really great crypto - as you likely know.

If you pull the openssl source package from the fedora repo's you'll see they've zero'ed out all the patented algorithm code. So the fedora openssl source package includes no IDEA, RC5, EC, EDDH, ECSA algorithm code. This is to avoid getting involved in patent infringement cases. But here is what the openssl readme says ...

Quote:

Various companies hold various patents for various algorithms in various
locations around the world. _YOU_ are responsible for ensuring that your use
of any algorithms is legal by checking if there are any patents in your
country. The file contains some of the patents that we know about or are
rumored to exist. This is not a definitive list. ...

So there is zero chance the current openssl EC algorthms will ever be accepted in the official repos. (until the patents expire I suppose).
--

You can pull and build the entire openssl from
http://www.openssl.org/source/
using it has legal ramifications where I live.
---

If you want to be an open-source hero you could get involved in coding an open source version of the RFC6090 algorithms, but personally I'd still want to consult a patent atty on many detailed points before releasing anything.


Hate to crush your great idea - but blame the US patent law - not me.

[Tuxavant]

I don't specifically need it to be published in a official repo. At minimum, I would like to create my own repository. At best offer it to another more public repository like rpmfusion/livna.

[stevea]

Quote:

Originally Posted by Tuxavant

I don't specifically need it to be published in a official repo. At minimum, I would like to create my own repository. At best offer it to another more public repository like rpmfusion/livna.

Use the link and learn to build opensl from source ((it's pretty simple)).
Pull the openssl*.src.rpm and examine it's spec file.
There are howtos on creating rpms, Leigh123 used to be a good resource but rarely here lately.
I wonder if rpmfusion will accept it ? I imagine you personally will have a load of liability

FYI - https://bugzilla.redhat.com/show_bug.cgi?id=319901

[Tuxavant]

My intension here is to provide an EC enabled OpenSSL RPM for myself and others so that Bitcoin related sourcecode can be compiled on those systems a bit easier. Please keep this in mind while guiding me so that in the end, all they have to is add my repository to yum and it will override what's in the fedora repositories. I'll want to have my own pgp key for signing and such so I'll need to cover all these topics in this thread. All my steps are being updated in OP.

So...

Now I'm looking at the spec file from openssl*.src.rpm. What exactly am I looking at here and what parameters should I be focused on to accomplish the above goals?

Quote:

Originally Posted by Tuxavant

What exactly am I looking at here and what parameters should I be focused on to accomplish the above goals?

Remove the highlighted bit from the spec file

Quote:

Originally Posted by http://pkgs.fedoraproject.org/gitweb/?p=openssl.git;a=blob;f=openssl.spec;h=02e2c940146 3ad9d4f0edc647460efc13e7e64b5;hb=f7a9c1c246257f28d cecf025cd9475c73ff31664

220 ./Configure \
221 --prefix=/usr --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
222 zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
223 enable-cms enable-md2 no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa \
224 --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
225 --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}

[Tuxavant]

Thank you!! I will add these notes to the thread I've ended up tracking all this at...

https://bitcointalk.org/index.php?to...6289#msg946289
http://bitquestion.com/question/8