OpenSSL Optimizations

Devin Teske dteske at vicor.com
Wed Dec 1 01:48:51 UTC 2010


On Tue, 2010-11-30 at 16:00 -0800, Chuck Swiger wrote:
> On Nov 30, 2010, at 3:19 PM, Devin Teske wrote:
> > I'm trying to determine what -- if any -- compiler optimizations are
> > applied to crytpo libs/engines in FreeBSD, and the following output is
> > not very helpful:
> 
> The default compiler flags are:
> 
>   cc -O2 -fno-strict-aliasing

That's not the type of optimizations I was referring to. Rather, I was
referring to OpenSSL specific optimizations such as the *_ASM compile-
time directives et cetera.

When pitting the following (built from source via openssl.org):

OpenSSL 0.9.8k 25 Mar 2009
built on: Tue Sep  1 07:48:40 PDT 2009
platform: BSD-x86-elf
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
OPENSSLDIR: "/etc/ssl"

against the default (provided by FreeBSD):

OpenSSL 0.9.8k 25 Mar 2009
built on: date not available
platform: FreeBSD-i386
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: cc
OPENSSLDIR: "/etc/ssl"

The baseline FreeBSD version (which reports only "cc") is _faster_ than
the same exact version of OpenSSL taken from OpenSSL.org compiled with
optimizations.

I can't possibly believe that the FreeBSD baseline version is _not_
optimized given empirical testing. I also doubt that `-O2' and `-fno-
strict-aliasing' are the only optimization flags used (and I can prove
that this is not the case).

I notice that crypto/openssl/crypto/cversion.c is simply:

#ifdef CFLAGS
                static char buf[sizeof(CFLAGS)+11];

                sprintf(buf,"compiler: %s",CFLAGS);
                return(buf);
#else
                return("compiler: information not available");
#endif

Which cversion.c expects to have CFLAGS defined by buildinf.h (which it
includes at the top) ...

Where buildinf.h as generated from the OpenSSL.org Configure/make
process accurately sets CFLAGS to something meaningful, the FreeBSD make
process doesn't.

buildinf.h under FreeBSD is generated by
secure/lib/libcrypto/Makefile.inc (included by
secure/lib/libcrypto/Makefile):

buildinf.h:
        ( echo "#ifndef MK1MF_BUILD"; \
        echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
        echo "  #define CFLAGS \"$(CC)\""; \
        echo "  #define PLATFORM \"`uname -s`-`uname -m`\""; \
        echo "  #define DATE \"`LC_ALL=C date`\""; \
        echo "#endif" ) > ${.TARGET}

As shown above, the output of `openssl version -a' will always simply
show whatever $(CC) expands to (which on all binary releases that I
could find simply reports "cc").

Shouldn't the Makefile.inc set the CFLAGS CPP-Macro to "$(CC) $(CFLAGS)"
in buildinf.h rather than to "$(CC)" ??

I see that in secure/lib/libcrypto/Makefile.inc that CFLAGS does contain
the optimizers that we're looking for... -DSHA1_ASM -DBN_ASM ... ad
nauseum...

.if !defined(NOPERL)
CFLAGS+= -DSHA1_ASM -DBN_ASM -DMD5_ASM -DRMD160_ASM
.endif

I'm seriously considering the following patch:

--- Makefile.inc.orig   Wed Aug  7 09:31:48 2002
+++ Makefile.inc        Tue Nov 30 17:45:53 2010
@@ -39,7 +39,7 @@ CLEANDIRS+=   openssl
 buildinf.h:
 	( echo "#ifndef MK1MF_BUILD"; \
 	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
-	echo "  #define CFLAGS \"$(CC)\""; \
+	echo "  #define CFLAGS \"$(CC) $(CFLAGS)\""; \
 	echo "  #define PLATFORM \"`uname -s`-`uname -m`\""; \
 	echo "  #define DATE \"`LC_ALL=C date`\""; \
 	echo "#endif" ) > ${.TARGET}

Although, there surely must be a reason as to why this hasn't been done
in the past, No?
-- 
Cheers,
Devin Teske

-> CONTACT INFORMATION <-
Business Solutions Consultant II
FIS - fisglobal.com
510-735-5650 Mobile
510-621-2038 Office
510-621-2020 Office Fax
909-477-4578 Home/Fax
devin.teske at fisglobal.com

-> LEGAL DISCLAIMER <-
This message  contains confidential  and proprietary  information
of the sender,  and is intended only for the person(s) to whom it
is addressed. Any use, distribution, copying or disclosure by any
other person  is strictly prohibited.  If you have  received this
message in error,  please notify  the e-mail sender  immediately,
and delete the original message without making a copy.

-> FUN STUFF <-
-----BEGIN GEEK CODE BLOCK-----
Version 3.1
GAT/CS d(+) s: a- C++(++++) UB++++$ P++(++++) L++(++++) !E--- W++ N? o? K- w O
M+ V- PS+ PE Y+ PGP- t(+) 5? X+(++) R>++ tv(+) b+(++) DI+(++) D(+) G+>++ e>+ h
r>++ y+ 
------END GEEK CODE BLOCK------
http://www.geekcode.com/

-> END TRANSMISSION <-



More information about the freebsd-questions mailing list