From nobody@FreeBSD.org  Sat Nov  2 06:27:10 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id 1B9C3636
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  2 Nov 2013 06:27:10 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 09EA923CF
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  2 Nov 2013 06:27:10 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id rA26R9X8094035
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 2 Nov 2013 06:27:09 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id rA26R9uJ094022;
	Sat, 2 Nov 2013 06:27:09 GMT
	(envelope-from nobody)
Message-Id: <201311020627.rA26R9uJ094022@oldred.freebsd.org>
Date: Sat, 2 Nov 2013 06:27:09 GMT
From: Yasar Kanis <yanis@jourrapide.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: crypto/openssl: NIST P-* elliptic curves aren't optimized on amd64
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         183584
>Category:       kern
>Synopsis:       [libcrypto] [patch] crypto/openssl: NIST P-* elliptic curves aren't optimized on amd64
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    jmg
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 02 06:30:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Sun May 04 05:23:58 UTC 2014
>Originator:     Yasar Kanis
>Release:        FreeBSD 10.0-BETA2
>Organization:
Balanced Fortune
>Environment:
>Description:
When running security/tor-devel the following message ends up in the
log file.

[notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster.

>How-To-Repeat:
 % nm -D /lib/libcrypto.so.7 | grep ec_GFp_nistp224_points_mul
 <empty>
>Fix:
--- ec_nistp_opt.patch begins here ---
Index: secure/lib/libcrypto/Makefile
===================================================================
--- secure/lib/libcrypto/Makefile	(revision 257540)
+++ secure/lib/libcrypto/Makefile	(working copy)
@@ -159,8 +159,8 @@
 # ec
 SRCS+=	ec2_mult.c ec2_oct.c ec2_smpl.c ec_ameth.c ec_asn1.c ec_check.c \
 	ec_curve.c ec_cvt.c ec_err.c ec_key.c ec_lib.c ec_mult.c ec_oct.c \
-	ec_pmeth.c ec_print.c eck_prn.c ecp_mont.c ecp_nist.c ecp_oct.c \
-	ecp_smpl.c
+	ec_pmeth.c ec_print.c eck_prn.c ecp_mont.c ecp_nist.c ecp_nistp224.c \
+	ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c ecp_oct.c ecp_smpl.c
 INCS+=	ec.h
 
 # ecdh
Index: secure/lib/libcrypto/opensslconf-x86.h
===================================================================
--- secure/lib/libcrypto/opensslconf-x86.h	(revision 257540)
+++ secure/lib/libcrypto/opensslconf-x86.h	(working copy)
@@ -6,9 +6,6 @@
 #ifndef OPENSSL_DOING_MAKEDEPEND
 
 
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
 #ifndef OPENSSL_NO_GMP
 # define OPENSSL_NO_GMP
 #endif
--- ec_nistp_opt.patch ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->jmg 
Responsible-Changed-By: jmg 
Responsible-Changed-When: Fri Jan 24 21:55:02 UTC 2014 
Responsible-Changed-Why:  
I'll look at pushing this through... 

http://www.freebsd.org/cgi/query-pr.cgi?pr=183584 
>Unformatted:
