OpenSSL Optimizations
Devin Teske
dteske at vicor.com
Wed Dec 1 01:48:51 UTC 2010
On Tue, 2010-11-30 at 16:00 -0800, Chuck Swiger wrote:
> On Nov 30, 2010, at 3:19 PM, Devin Teske wrote:
> > I'm trying to determine what -- if any -- compiler optimizations are
> > applied to crytpo libs/engines in FreeBSD, and the following output is
> > not very helpful:
>
> The default compiler flags are:
>
> cc -O2 -fno-strict-aliasing
That's not the type of optimizations I was referring to. Rather, I was
referring to OpenSSL specific optimizations such as the *_ASM compile-
time directives et cetera.
When pitting the following (built from source via openssl.org):
OpenSSL 0.9.8k 25 Mar 2009
built on: Tue Sep 1 07:48:40 PDT 2009
platform: BSD-x86-elf
options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
OPENSSLDIR: "/etc/ssl"
against the default (provided by FreeBSD):
OpenSSL 0.9.8k 25 Mar 2009
built on: date not available
platform: FreeBSD-i386
options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: cc
OPENSSLDIR: "/etc/ssl"
The baseline FreeBSD version (which reports only "cc") is _faster_ than
the same exact version of OpenSSL taken from OpenSSL.org compiled with
optimizations.
I can't possibly believe that the FreeBSD baseline version is _not_
optimized given empirical testing. I also doubt that `-O2' and `-fno-
strict-aliasing' are the only optimization flags used (and I can prove
that this is not the case).
I notice that crypto/openssl/crypto/cversion.c is simply:
#ifdef CFLAGS
static char buf[sizeof(CFLAGS)+11];
sprintf(buf,"compiler: %s",CFLAGS);
return(buf);
#else
return("compiler: information not available");
#endif
Which cversion.c expects to have CFLAGS defined by buildinf.h (which it
includes at the top) ...
Where buildinf.h as generated from the OpenSSL.org Configure/make
process accurately sets CFLAGS to something meaningful, the FreeBSD make
process doesn't.
buildinf.h under FreeBSD is generated by
secure/lib/libcrypto/Makefile.inc (included by
secure/lib/libcrypto/Makefile):
buildinf.h:
( echo "#ifndef MK1MF_BUILD"; \
echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
echo " #define CFLAGS \"$(CC)\""; \
echo " #define PLATFORM \"`uname -s`-`uname -m`\""; \
echo " #define DATE \"`LC_ALL=C date`\""; \
echo "#endif" ) > ${.TARGET}
As shown above, the output of `openssl version -a' will always simply
show whatever $(CC) expands to (which on all binary releases that I
could find simply reports "cc").
Shouldn't the Makefile.inc set the CFLAGS CPP-Macro to "$(CC) $(CFLAGS)"
in buildinf.h rather than to "$(CC)" ??
I see that in secure/lib/libcrypto/Makefile.inc that CFLAGS does contain
the optimizers that we're looking for... -DSHA1_ASM -DBN_ASM ... ad
nauseum...
.if !defined(NOPERL)
CFLAGS+= -DSHA1_ASM -DBN_ASM -DMD5_ASM -DRMD160_ASM
.endif
I'm seriously considering the following patch:
--- Makefile.inc.orig Wed Aug 7 09:31:48 2002
+++ Makefile.inc Tue Nov 30 17:45:53 2010
@@ -39,7 +39,7 @@ CLEANDIRS+= openssl
buildinf.h:
( echo "#ifndef MK1MF_BUILD"; \
echo " /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
- echo " #define CFLAGS \"$(CC)\""; \
+ echo " #define CFLAGS \"$(CC) $(CFLAGS)\""; \
echo " #define PLATFORM \"`uname -s`-`uname -m`\""; \
echo " #define DATE \"`LC_ALL=C date`\""; \
echo "#endif" ) > ${.TARGET}
Although, there surely must be a reason as to why this hasn't been done
in the past, No?
--
Cheers,
Devin Teske
-> CONTACT INFORMATION <-
Business Solutions Consultant II
FIS - fisglobal.com
510-735-5650 Mobile
510-621-2038 Office
510-621-2020 Office Fax
909-477-4578 Home/Fax
devin.teske at fisglobal.com
-> LEGAL DISCLAIMER <-
This message contains confidential and proprietary information
of the sender, and is intended only for the person(s) to whom it
is addressed. Any use, distribution, copying or disclosure by any
other person is strictly prohibited. If you have received this
message in error, please notify the e-mail sender immediately,
and delete the original message without making a copy.
-> FUN STUFF <-
-----BEGIN GEEK CODE BLOCK-----
Version 3.1
GAT/CS d(+) s: a- C++(++++) UB++++$ P++(++++) L++(++++) !E--- W++ N? o? K- w O
M+ V- PS+ PE Y+ PGP- t(+) 5? X+(++) R>++ tv(+) b+(++) DI+(++) D(+) G+>++ e>+ h
r>++ y+
------END GEEK CODE BLOCK------
http://www.geekcode.com/
-> END TRANSMISSION <-
More information about the freebsd-questions
mailing list