Bug 175663 - [PATCH]security/openssl: enable optimized NIST ECC on 64-bit little-endian machines; minor clean-ups
Summary: [PATCH]security/openssl: enable optimized NIST ECC on 64-bit little-endian ma...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Dirk Meyer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-28 23:40 UTC by Brendan Fabeny
Modified: 2013-02-06 20:26 UTC (History)
0 users

See Also:


Attachments
file.diff (2.77 KB, patch)
2013-01-28 23:40 UTC, Brendan Fabeny
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Brendan Fabeny freebsd_committer freebsd_triage 2013-01-28 23:40:00 UTC
Add an OPTION, enabled by default, to provide optimized versions of NIST ECC on 64-bit little-endian machines.  While here, s/can not/cannot/, make the pkg-message respect PREFIX, and replace the deprecated NOPORTDOCS with the equivalent check under the new options framework.

The optimized implementations should offer significant speed-ups and some added security. (See, e.g.,:

https://static.googleusercontent.com/external_content/untrusted_dlcp/research.google.com/en/us/pubs/archive/37376.pdf

)

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2013-01-28 23:40:08 UTC
Responsible Changed
From-To: freebsd-ports-bugs->dinoex

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Dirk Meyer freebsd_committer freebsd_triage 2013-01-29 05:12:47 UTC
State Changed
From-To: open->feedback


Is the option "enable-ec_nistp_64_gcc_128" 
building even with CLANG as the compiler? 

Did you build it in CURRENT?
Comment 3 dfilter service freebsd_committer freebsd_triage 2013-01-29 05:34:29 UTC
Author: dinoex
Date: Tue Jan 29 05:34:22 2013
New Revision: 311150
URL: http://svnweb.freebsd.org/changeset/ports/311150

Log:
  - make the pkg-message respect PREFIX
  PR:		175663
  Submitted by:	bf

Added:
  head/security/openssl/files/pkg-message.in   (contents, props changed)
Deleted:
  head/security/openssl/pkg-message
Modified:
  head/security/openssl/Makefile

Modified: head/security/openssl/Makefile
==============================================================================
--- head/security/openssl/Makefile	Tue Jan 29 05:06:46 2013	(r311149)
+++ head/security/openssl/Makefile	Tue Jan 29 05:34:22 2013	(r311150)
@@ -43,6 +43,7 @@ NOPRECIOUSSOFTMAKEVARS=	Too many _MLINKS
 USE_PERL5_BUILD=	yes
 MAKE_ARGS+=		WHOLE_ARCHIVE_FLAG=--whole-archive
 MAKE_ENV+=		LIBRPATH="${PREFIX}/lib"
+SUB_FILES=		pkg-message
 OPENSSLDIR=		${PREFIX}/openssl
 MANPREFIX=		${PREFIX}
 

Added: head/security/openssl/files/pkg-message.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/openssl/files/pkg-message.in	Tue Jan 29 05:34:22 2013	(r311150)
@@ -0,0 +1,4 @@
+
+Copy %%PREFIX%%/openssl/openssl.cnf.sample to %%PREFIX%%/openssl/openssl.cnf
+and edit it to fit your needs.
+
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 4 b. f. 2013-01-29 09:36:28 UTC
---------- Forwarded message ----------
From: "b.f." <bf1783@googlemail.com>
Date: Tue, 29 Jan 2013 08:01:56 +0000
Subject: Re: ports/175663: [PATCH]security/openssl: enable optimized
NIST ECC on 64-bit little-endian machines; minor clean-ups
To: dinoex@freebsd.org

On 1/29/13, dinoex@freebsd.org <dinoex@freebsd.org> wrote:
> Synopsis: [PATCH]security/openssl: enable optimized NIST ECC on 64-bit
> little-endian machines; minor clean-ups
>
> State-Changed-From-To: open->feedback
> State-Changed-By: dinoex
> State-Changed-When: Tue Jan 29 06:12:47 CET 2013
> State-Changed-Why:
>
> Is the option "enable-ec_nistp_64_gcc_128"
> building even with CLANG as the compiler?
>
> Did you build it in CURRENT?
>
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=175663
>

Yes, with the patch security/openssl builds, packages, and passes the
regression tests on recent 10.0-CURRENT ia64 with gcc 4.2.x, and on
10.0-CURRENT amd64 with gcc 4.2.x, clang, and lang/gcc46.  Also on
{7.4,8.3,9.0}-{amd64,i386} with gcc 4.2.x (there are no regressions on
i386). Both gcc and clang understand uint128_t on 64-bit platforms.

Regards,
            b.
Comment 5 dfilter service freebsd_committer freebsd_triage 2013-01-29 18:46:46 UTC
Author: dinoex
Date: Tue Jan 29 18:46:39 2013
New Revision: 311178
URL: http://svnweb.freebsd.org/changeset/ports/311178

Log:
  - enable optimized NIST ECC on 64-bit little-endian machines
  PR:		175663
  Submitted by:	bf

Modified:
  head/security/openssl/Makefile

Modified: head/security/openssl/Makefile
==============================================================================
--- head/security/openssl/Makefile	Tue Jan 29 17:55:21 2013	(r311177)
+++ head/security/openssl/Makefile	Tue Jan 29 18:46:39 2013	(r311178)
@@ -4,7 +4,7 @@
 PORTNAME=	openssl
 PORTVERSION=	1.0.1
 DISTVERSIONSUFFIX=	c
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/%SUBDIR%/ \
 		ftp://ftp.openssl.org/%SUBDIR%/ \
@@ -23,6 +23,15 @@ BUILD_DEPENDS=	makedepend:${PORTSDIR}/de
 
 OPTIONS_DEFINE=	SHARED THREADS I386 SSE2 ASM PADLOCK ZLIB SCTP MD2 RC5 RFC3779 GMP
 OPTIONS_DEFAULT=SHARED THREADS SSE2 ASM ZLIB SCTP MD2
+.for a in amd64 ia64
+OPTIONS_DEFINE_${a}=	EC
+OPTIONS_DEFAULT_${a}=	EC
+.endfor
+TARGET_ARCH?=	${MACHINE_ARCH}
+.if ${TARGET_ARCH} == "mips64el"
+OPTIONS_DEFINE_mips=	EC
+OPTIONS_DEFAULT_mips=	EC
+.endif
 NO_OPTIONS_SORT=yes
 I386_DESC?=	Optimize for i386 (instead of i486+)
 SSE2_DESC?=	runtime SSE2 detection
@@ -35,6 +44,7 @@ MD2_DESC?=	MD2 hash (obsolete)
 RC5_DESC?=	RC5 chipher (patented)
 RFC3779_DESC?=	RFC3779 support
 GMP_DESC?=	gmp support (LGPLv3)
+EC_DESC?=	Optimize NIST elliptic curves
 
 MAKE_JOBS_UNSAFE=	yes
 NOPRECIOUSMAKEVARS=	Too many _MLINKS for fetch
@@ -1130,6 +1140,12 @@ EXTRACONFIGURE+=	enable-rfc3779
 EXTRACONFIGURE+=	no-rfc3779
 .endif
 
+.if ${PORT_OPTIONS:MEC}
+EXTRACONFIGURE+=	enable-ec_nistp_64_gcc_128
+.else
+EXTRACONFIGURE+=	no-ec_nistp_64_gcc_128
+.endif
+
 .if ${OPENSSL_SHLIBVER_BASE} > ${OPENSSL_SHLIBVER}
 pre-everything::
 	@${ECHO_CMD} "#"
@@ -1175,7 +1191,7 @@ post-install:
 	@${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${PREFIX}/lib/$i.so
 .endfor
 .endif
-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
 	@${MKDIR} ${DOCSDIR}
 	@${INSTALL_DATA} ${WRKSRC}/doc/openssl.txt ${DOCSDIR}/
 .endif
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 6 Dirk Meyer freebsd_committer freebsd_triage 2013-01-29 18:47:06 UTC
State Changed
From-To: feedback->patched


committed, thanks. 

accoding to this sitte the term "can not" is correct in this context here. 
http://www.dailywritingtips.com/cannot-or-can-not/
Comment 7 Dirk Meyer freebsd_committer freebsd_triage 2013-02-06 20:26:24 UTC
State Changed
From-To: patched->closed

committed, thanks.