Add an OPTION, enabled by default, to provide optimized versions of NIST ECC on 64-bit little-endian machines. While here, s/can not/cannot/, make the pkg-message respect PREFIX, and replace the deprecated NOPORTDOCS with the equivalent check under the new options framework. The optimized implementations should offer significant speed-ups and some added security. (See, e.g.,: https://static.googleusercontent.com/external_content/untrusted_dlcp/research.google.com/en/us/pubs/archive/37376.pdf ) Fix: Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->dinoex Over to maintainer (via the GNATS Auto Assign Tool)
State Changed From-To: open->feedback Is the option "enable-ec_nistp_64_gcc_128" building even with CLANG as the compiler? Did you build it in CURRENT?
Author: dinoex Date: Tue Jan 29 05:34:22 2013 New Revision: 311150 URL: http://svnweb.freebsd.org/changeset/ports/311150 Log: - make the pkg-message respect PREFIX PR: 175663 Submitted by: bf Added: head/security/openssl/files/pkg-message.in (contents, props changed) Deleted: head/security/openssl/pkg-message Modified: head/security/openssl/Makefile Modified: head/security/openssl/Makefile ============================================================================== --- head/security/openssl/Makefile Tue Jan 29 05:06:46 2013 (r311149) +++ head/security/openssl/Makefile Tue Jan 29 05:34:22 2013 (r311150) @@ -43,6 +43,7 @@ NOPRECIOUSSOFTMAKEVARS= Too many _MLINKS USE_PERL5_BUILD= yes MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive MAKE_ENV+= LIBRPATH="${PREFIX}/lib" +SUB_FILES= pkg-message OPENSSLDIR= ${PREFIX}/openssl MANPREFIX= ${PREFIX} Added: head/security/openssl/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssl/files/pkg-message.in Tue Jan 29 05:34:22 2013 (r311150) @@ -0,0 +1,4 @@ + +Copy %%PREFIX%%/openssl/openssl.cnf.sample to %%PREFIX%%/openssl/openssl.cnf +and edit it to fit your needs. + _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
---------- Forwarded message ---------- From: "b.f." <bf1783@googlemail.com> Date: Tue, 29 Jan 2013 08:01:56 +0000 Subject: Re: ports/175663: [PATCH]security/openssl: enable optimized NIST ECC on 64-bit little-endian machines; minor clean-ups To: dinoex@freebsd.org On 1/29/13, dinoex@freebsd.org <dinoex@freebsd.org> wrote: > Synopsis: [PATCH]security/openssl: enable optimized NIST ECC on 64-bit > little-endian machines; minor clean-ups > > State-Changed-From-To: open->feedback > State-Changed-By: dinoex > State-Changed-When: Tue Jan 29 06:12:47 CET 2013 > State-Changed-Why: > > Is the option "enable-ec_nistp_64_gcc_128" > building even with CLANG as the compiler? > > Did you build it in CURRENT? > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=175663 > Yes, with the patch security/openssl builds, packages, and passes the regression tests on recent 10.0-CURRENT ia64 with gcc 4.2.x, and on 10.0-CURRENT amd64 with gcc 4.2.x, clang, and lang/gcc46. Also on {7.4,8.3,9.0}-{amd64,i386} with gcc 4.2.x (there are no regressions on i386). Both gcc and clang understand uint128_t on 64-bit platforms. Regards, b.
Author: dinoex Date: Tue Jan 29 18:46:39 2013 New Revision: 311178 URL: http://svnweb.freebsd.org/changeset/ports/311178 Log: - enable optimized NIST ECC on 64-bit little-endian machines PR: 175663 Submitted by: bf Modified: head/security/openssl/Makefile Modified: head/security/openssl/Makefile ============================================================================== --- head/security/openssl/Makefile Tue Jan 29 17:55:21 2013 (r311177) +++ head/security/openssl/Makefile Tue Jan 29 18:46:39 2013 (r311178) @@ -4,7 +4,7 @@ PORTNAME= openssl PORTVERSION= 1.0.1 DISTVERSIONSUFFIX= c -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ @@ -23,6 +23,15 @@ BUILD_DEPENDS= makedepend:${PORTSDIR}/de OPTIONS_DEFINE= SHARED THREADS I386 SSE2 ASM PADLOCK ZLIB SCTP MD2 RC5 RFC3779 GMP OPTIONS_DEFAULT=SHARED THREADS SSE2 ASM ZLIB SCTP MD2 +.for a in amd64 ia64 +OPTIONS_DEFINE_${a}= EC +OPTIONS_DEFAULT_${a}= EC +.endfor +TARGET_ARCH?= ${MACHINE_ARCH} +.if ${TARGET_ARCH} == "mips64el" +OPTIONS_DEFINE_mips= EC +OPTIONS_DEFAULT_mips= EC +.endif NO_OPTIONS_SORT=yes I386_DESC?= Optimize for i386 (instead of i486+) SSE2_DESC?= runtime SSE2 detection @@ -35,6 +44,7 @@ MD2_DESC?= MD2 hash (obsolete) RC5_DESC?= RC5 chipher (patented) RFC3779_DESC?= RFC3779 support GMP_DESC?= gmp support (LGPLv3) +EC_DESC?= Optimize NIST elliptic curves MAKE_JOBS_UNSAFE= yes NOPRECIOUSMAKEVARS= Too many _MLINKS for fetch @@ -1130,6 +1140,12 @@ EXTRACONFIGURE+= enable-rfc3779 EXTRACONFIGURE+= no-rfc3779 .endif +.if ${PORT_OPTIONS:MEC} +EXTRACONFIGURE+= enable-ec_nistp_64_gcc_128 +.else +EXTRACONFIGURE+= no-ec_nistp_64_gcc_128 +.endif + .if ${OPENSSL_SHLIBVER_BASE} > ${OPENSSL_SHLIBVER} pre-everything:: @${ECHO_CMD} "#" @@ -1175,7 +1191,7 @@ post-install: @${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${PREFIX}/lib/$i.so .endfor .endif -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} @${MKDIR} ${DOCSDIR} @${INSTALL_DATA} ${WRKSRC}/doc/openssl.txt ${DOCSDIR}/ .endif _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->patched committed, thanks. accoding to this sitte the term "can not" is correct in this context here. http://www.dailywritingtips.com/cannot-or-can-not/
State Changed From-To: patched->closed committed, thanks.