OpenSSL Optimizations

Devin Teske dteske at
Wed Dec 1 01:48:51 UTC 2010

On Tue, 2010-11-30 at 16:00 -0800, Chuck Swiger wrote:
> On Nov 30, 2010, at 3:19 PM, Devin Teske wrote:
> > I'm trying to determine what -- if any -- compiler optimizations are
> > applied to crytpo libs/engines in FreeBSD, and the following output is
> > not very helpful:
> The default compiler flags are:
>   cc -O2 -fno-strict-aliasing

That's not the type of optimizations I was referring to. Rather, I was
referring to OpenSSL specific optimizations such as the *_ASM compile-
time directives et cetera.

When pitting the following (built from source via

OpenSSL 0.9.8k 25 Mar 2009
built on: Tue Sep  1 07:48:40 PDT 2009
platform: BSD-x86-elf
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx)
OPENSSLDIR: "/etc/ssl"

against the default (provided by FreeBSD):

OpenSSL 0.9.8k 25 Mar 2009
built on: date not available
platform: FreeBSD-i386
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: cc
OPENSSLDIR: "/etc/ssl"

The baseline FreeBSD version (which reports only "cc") is _faster_ than
the same exact version of OpenSSL taken from compiled with

I can't possibly believe that the FreeBSD baseline version is _not_
optimized given empirical testing. I also doubt that `-O2' and `-fno-
strict-aliasing' are the only optimization flags used (and I can prove
that this is not the case).

I notice that crypto/openssl/crypto/cversion.c is simply:

#ifdef CFLAGS
                static char buf[sizeof(CFLAGS)+11];

                sprintf(buf,"compiler: %s",CFLAGS);
                return("compiler: information not available");

Which cversion.c expects to have CFLAGS defined by buildinf.h (which it
includes at the top) ...

Where buildinf.h as generated from the Configure/make
process accurately sets CFLAGS to something meaningful, the FreeBSD make
process doesn't.

buildinf.h under FreeBSD is generated by
secure/lib/libcrypto/ (included by

        ( echo "#ifndef MK1MF_BUILD"; \
        echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
        echo "  #define CFLAGS \"$(CC)\""; \
        echo "  #define PLATFORM \"`uname -s`-`uname -m`\""; \
        echo "  #define DATE \"`LC_ALL=C date`\""; \
        echo "#endif" ) > ${.TARGET}

As shown above, the output of `openssl version -a' will always simply
show whatever $(CC) expands to (which on all binary releases that I
could find simply reports "cc").

Shouldn't the set the CFLAGS CPP-Macro to "$(CC) $(CFLAGS)"
in buildinf.h rather than to "$(CC)" ??

I see that in secure/lib/libcrypto/ that CFLAGS does contain
the optimizers that we're looking for... -DSHA1_ASM -DBN_ASM ... ad

.if !defined(NOPERL)

I'm seriously considering the following patch:

---   Wed Aug  7 09:31:48 2002
+++        Tue Nov 30 17:45:53 2010
@@ -39,7 +39,7 @@ CLEANDIRS+=   openssl
 	( echo "#ifndef MK1MF_BUILD"; \
 	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
-	echo "  #define CFLAGS \"$(CC)\""; \
+	echo "  #define CFLAGS \"$(CC) $(CFLAGS)\""; \
 	echo "  #define PLATFORM \"`uname -s`-`uname -m`\""; \
 	echo "  #define DATE \"`LC_ALL=C date`\""; \
 	echo "#endif" ) > ${.TARGET}

Although, there surely must be a reason as to why this hasn't been done
in the past, No?
Devin Teske

Business Solutions Consultant II
510-735-5650 Mobile
510-621-2038 Office
510-621-2020 Office Fax
909-477-4578 Home/Fax
devin.teske at

This message  contains confidential  and proprietary  information
of the sender,  and is intended only for the person(s) to whom it
is addressed. Any use, distribution, copying or disclosure by any
other person  is strictly prohibited.  If you have  received this
message in error,  please notify  the e-mail sender  immediately,
and delete the original message without making a copy.

Version 3.1
GAT/CS d(+) s: a- C++(++++) UB++++$ P++(++++) L++(++++) !E--- W++ N? o? K- w O
M+ V- PS+ PE Y+ PGP- t(+) 5? X+(++) R>++ tv(+) b+(++) DI+(++) D(+) G+>++ e>+ h
r>++ y+ 


More information about the freebsd-questions mailing list