kern/183584: crypto/openssl: NIST P-* elliptic curves aren't optimized on amd64

Yasar Kanis yanis at
Sat Nov 2 06:30:01 UTC 2013

>Number:         183584
>Category:       kern
>Synopsis:       crypto/openssl: NIST P-* elliptic curves aren't optimized on amd64
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 02 06:30:00 UTC 2013
>Originator:     Yasar Kanis
>Release:        FreeBSD 10.0-BETA2
Balanced Fortune
When running security/tor-devel the following message ends up in the
log file.

[notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster.

 % nm -D /lib/ | grep ec_GFp_nistp224_points_mul
--- ec_nistp_opt.patch begins here ---
Index: secure/lib/libcrypto/Makefile
--- secure/lib/libcrypto/Makefile	(revision 257540)
+++ secure/lib/libcrypto/Makefile	(working copy)
@@ -159,8 +159,8 @@
 # ec
 SRCS+=	ec2_mult.c ec2_oct.c ec2_smpl.c ec_ameth.c ec_asn1.c ec_check.c \
 	ec_curve.c ec_cvt.c ec_err.c ec_key.c ec_lib.c ec_mult.c ec_oct.c \
-	ec_pmeth.c ec_print.c eck_prn.c ecp_mont.c ecp_nist.c ecp_oct.c \
-	ecp_smpl.c
+	ec_pmeth.c ec_print.c eck_prn.c ecp_mont.c ecp_nist.c ecp_nistp224.c \
+	ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c ecp_oct.c ecp_smpl.c
 INCS+=	ec.h
 # ecdh
Index: secure/lib/libcrypto/opensslconf-x86.h
--- secure/lib/libcrypto/opensslconf-x86.h	(revision 257540)
+++ secure/lib/libcrypto/opensslconf-x86.h	(working copy)
@@ -6,9 +6,6 @@
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
 # define OPENSSL_NO_GMP
--- ec_nistp_opt.patch ends here ---


More information about the freebsd-bugs mailing list