kern/183584: crypto/openssl: NIST P-* elliptic curves aren't optimized on amd64
Yasar Kanis
yanis at jourrapide.com
Sat Nov 2 06:30:01 UTC 2013
>Number: 183584
>Category: kern
>Synopsis: crypto/openssl: NIST P-* elliptic curves aren't optimized on amd64
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Nov 02 06:30:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Yasar Kanis
>Release: FreeBSD 10.0-BETA2
>Organization:
Balanced Fortune
>Environment:
>Description:
When running security/tor-devel the following message ends up in the
log file.
[notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster.
>How-To-Repeat:
% nm -D /lib/libcrypto.so.7 | grep ec_GFp_nistp224_points_mul
<empty>
>Fix:
--- ec_nistp_opt.patch begins here ---
Index: secure/lib/libcrypto/Makefile
===================================================================
--- secure/lib/libcrypto/Makefile (revision 257540)
+++ secure/lib/libcrypto/Makefile (working copy)
@@ -159,8 +159,8 @@
# ec
SRCS+= ec2_mult.c ec2_oct.c ec2_smpl.c ec_ameth.c ec_asn1.c ec_check.c \
ec_curve.c ec_cvt.c ec_err.c ec_key.c ec_lib.c ec_mult.c ec_oct.c \
- ec_pmeth.c ec_print.c eck_prn.c ecp_mont.c ecp_nist.c ecp_oct.c \
- ecp_smpl.c
+ ec_pmeth.c ec_print.c eck_prn.c ecp_mont.c ecp_nist.c ecp_nistp224.c \
+ ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c ecp_oct.c ecp_smpl.c
INCS+= ec.h
# ecdh
Index: secure/lib/libcrypto/opensslconf-x86.h
===================================================================
--- secure/lib/libcrypto/opensslconf-x86.h (revision 257540)
+++ secure/lib/libcrypto/opensslconf-x86.h (working copy)
@@ -6,9 +6,6 @@
#ifndef OPENSSL_DOING_MAKEDEPEND
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
#ifndef OPENSSL_NO_GMP
# define OPENSSL_NO_GMP
#endif
--- ec_nistp_opt.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list