To whom it may concern:
problem: Openssl as shipped in fedora 22 is maimed by lawyers.
The issue is documented in this bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1021898
openssl ecparam -list_curves
secp384r1 : NIST/SECG curve over a 384 bit prime field
secp521r1 : NIST/SECG curve over a 521 bit prime field
prime256v1: X9.62/SECG curve over a 256 bit prime field
In order to enable EC curve support within Fedora 22. Do the following.
1. Install a development environment. Preferably in a fedora 22 VM but not required. Instructions can be found here:
https://fedoraproject.org/wiki/How_t...an_RPM_package
2. Download from OpenSSL version openssl-1.0.1k from here:
ftp://ftp.openssl.org/source/openssl-1.0.1k.tar.gz Verify it with the md5 file that you can find in the source directory.
3. Read this if you need more detail:
https://github.com/ptudor/centos6-openssl/issues/8
4. Download the patch files from:
https://github.com/tittof/centos6-openssl Most of these files match what fedora ships. Unzip the package (there's a download zip button on the right).
5. Place all the patch files (yes everything) in the ~/rpmbuild/SOURCES / directory
6. place the openssl-1.0k.tar.gz file in ~/rpmbuild/SOURCES/
7. copy openssl.spec file from ~/rpmbuild/SOURCES/ to ~/rpmbuild/SPECS
8. For some reason openssl-1.0.1i-fix_secure_gentenv.patch file tries to fix something that isn't broken. Unfortunately I was unsuccessful in just commenting out the patch in the spec file. Probably because all the patches build on one another and must be run in sequence. I tricked the patch file by re-replacing the original content: sed -i -e "s/__secure_getenv/secure_getenv/g" openssl-1.0.1i-fix_secure_gentenv.patch Someone more knowledgeable could probably do better.
10. The problem that will happen if you don't do the above is documented here:
http://sourceware.org/glibc/wiki/Tip.../secure_getenv
11. Edit openssl.spec file in the SPECS directory and change the existing release information to this: Release: 11%{?dist}.local
12. cd to the SPEC directory and run: QA_RPATHS=$[ 0x0001|0x0010 ] rpmbuild -ba openssl.spec
13. I altered the above command a little but the source information for it is documented here:
https://www.bfccomputing.com/bitcoin...6k1-on-fedora/
14 As root goto the ~/rpmbuild/RPMS directory after the build completes and run dnf install ./openssl-libs-1.0.1k-11.fc22.local.x86_64.rpm ./openssl-1.0.1k-11.fc22.local.x86_64.rpm ./openssl-devel-1.0.1k-11.fc22.local.x86_64.rpm
15. dont try to do the above one file at a time. It will fail with dependency problems.
16. Verify the result openssl ecparam -list_curves
openssl ecparam -list_curves
secp112r1 : SECG/WTLS curve over a 112 bit prime field
secp112r2 : SECG curve over a 112 bit prime field
secp128r1 : SECG curve over a 128 bit prime field
secp128r2 : SECG curve over a 128 bit prime field
secp160k1 : SECG curve over a 160 bit prime field
secp160r1 : SECG curve over a 160 bit prime field
secp160r2 : SECG/WTLS curve over a 160 bit prime field
secp192k1 : SECG curve over a 192 bit prime field
secp224k1 : SECG curve over a 224 bit prime field
secp224r1 : NIST/SECG curve over a 224 bit prime field
secp256k1 : SECG curve over a 256 bit prime field
secp384r1 : NIST/SECG curve over a 384 bit prime field
secp521r1 : NIST/SECG curve over a 521 bit prime field
prime192v1: NIST/X9.62/SECG curve over a 192 bit prime field
prime192v2: X9.62 curve over a 192 bit prime field
prime192v3: X9.62 curve over a 192 bit prime field
prime239v1: X9.62 curve over a 239 bit prime field
prime239v2: X9.62 curve over a 239 bit prime field
prime239v3: X9.62 curve over a 239 bit prime field
prime256v1: X9.62/SECG curve over a 256 bit prime field
wap-wsg-idm-ecid-wtls6: SECG/WTLS curve over a 112 bit prime field
wap-wsg-idm-ecid-wtls7: SECG/WTLS curve over a 160 bit prime field
wap-wsg-idm-ecid-wtls8: WTLS curve over a 112 bit prime field
wap-wsg-idm-ecid-wtls9: WTLS curve over a 160 bit prime field
wap-wsg-idm-ecid-wtls12: WTLS curvs over a 224 bit prime field
Additional Notes:
– if you want fedora's src RPM for comparison then about mid way down the page are the details for getting the src rpm.
a. use the instructions to download the src
https://www.bfccomputing.com/bitcoin...6k1-on-fedora/
then rpm2cpio openssl-1.0.1k-11.fc22.src.rpm | cpio -idmv