kern/183584: crypto/openssl: NIST P-* elliptic curves aren't optimized on amd64

Yasar Kanis yanis at jourrapide.com
Sat Nov 2 06:30:01 UTC 2013


>Number:         183584
>Category:       kern
>Synopsis:       crypto/openssl: NIST P-* elliptic curves aren't optimized on amd64
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 02 06:30:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Yasar Kanis
>Release:        FreeBSD 10.0-BETA2
>Organization:
Balanced Fortune
>Environment:
>Description:
When running security/tor-devel the following message ends up in the
log file.

[notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster.

>How-To-Repeat:
 % nm -D /lib/libcrypto.so.7 | grep ec_GFp_nistp224_points_mul
 <empty>
>Fix:
--- ec_nistp_opt.patch begins here ---
Index: secure/lib/libcrypto/Makefile
===================================================================
--- secure/lib/libcrypto/Makefile	(revision 257540)
+++ secure/lib/libcrypto/Makefile	(working copy)
@@ -159,8 +159,8 @@
 # ec
 SRCS+=	ec2_mult.c ec2_oct.c ec2_smpl.c ec_ameth.c ec_asn1.c ec_check.c \
 	ec_curve.c ec_cvt.c ec_err.c ec_key.c ec_lib.c ec_mult.c ec_oct.c \
-	ec_pmeth.c ec_print.c eck_prn.c ecp_mont.c ecp_nist.c ecp_oct.c \
-	ecp_smpl.c
+	ec_pmeth.c ec_print.c eck_prn.c ecp_mont.c ecp_nist.c ecp_nistp224.c \
+	ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c ecp_oct.c ecp_smpl.c
 INCS+=	ec.h
 
 # ecdh
Index: secure/lib/libcrypto/opensslconf-x86.h
===================================================================
--- secure/lib/libcrypto/opensslconf-x86.h	(revision 257540)
+++ secure/lib/libcrypto/opensslconf-x86.h	(working copy)
@@ -6,9 +6,6 @@
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
 
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
 #ifndef OPENSSL_NO_GMP
 # define OPENSSL_NO_GMP
 #endif
--- ec_nistp_opt.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list