From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Jan 28 23:40:00 2013 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 79CB2E38 for ; Mon, 28 Jan 2013 23:40:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 5DF10786 for ; Mon, 28 Jan 2013 23:40:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r0SNe0ID073916 for ; Mon, 28 Jan 2013 23:40:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r0SNe0AJ073915; Mon, 28 Jan 2013 23:40:00 GMT (envelope-from gnats) Resent-Date: Mon, 28 Jan 2013 23:40:00 GMT Resent-Message-Id: <201301282340.r0SNe0AJ073915@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "b.f." Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 4F48AC0F for ; Mon, 28 Jan 2013 23:31:56 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 2708A70E for ; Mon, 28 Jan 2013 23:31:56 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.5/8.14.5) with ESMTP id r0SNVt5M062721 for ; Mon, 28 Jan 2013 23:31:55 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.5/8.14.5/Submit) id r0SNVtLi062720; Mon, 28 Jan 2013 23:31:55 GMT (envelope-from nobody) Message-Id: <201301282331.r0SNVtLi062720@red.freebsd.org> Date: Mon, 28 Jan 2013 23:31:55 GMT From: "b.f." To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: ports/175663: [PATCH]security/openssl: enable optimized NIST ECC on 64-bit little-endian machines; minor clean-ups X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jan 2013 23:40:00 -0000 >Number: 175663 >Category: ports >Synopsis: [PATCH]security/openssl: enable optimized NIST ECC on 64-bit little-endian machines; minor clean-ups >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Jan 28 23:40:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: b.f. >Release: 10.0-CURRENT amd64 >Organization: - >Environment: >Description: Add an OPTION, enabled by default, to provide optimized versions of NIST ECC on 64-bit little-endian machines. While here, s/can not/cannot/, make the pkg-message respect PREFIX, and replace the deprecated NOPORTDOCS with the equivalent check under the new options framework. The optimized implementations should offer significant speed-ups and some added security. (See, e.g.,: https://static.googleusercontent.com/external_content/untrusted_dlcp/research.google.com/en/us/pubs/archive/37376.pdf ) >How-To-Repeat: >Fix: Patch attached with submission follows: Index: Makefile =================================================================== --- Makefile (revision 311136) +++ Makefile (working copy) @@ -4,7 +4,7 @@ PORTNAME= openssl PORTVERSION= 1.0.1 DISTVERSIONSUFFIX= c -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ @@ -23,6 +23,15 @@ OPTIONS_DEFINE= SHARED THREADS I386 SSE2 ASM PADLOCK ZLIB SCTP MD2 RC5 RFC3779 GMP OPTIONS_DEFAULT=SHARED THREADS SSE2 ASM ZLIB SCTP MD2 +.for a in amd64 ia64 +OPTIONS_DEFINE_${a}= EC +OPTIONS_DEFAULT_${a}= EC +.endfor +TARGET_ARCH?= ${MACHINE_ARCH} +.if ${TARGET_ARCH} == "mips64el" +OPTIONS_DEFINE_mips= EC +OPTIONS_DEFAULT_mips= EC +.endif NO_OPTIONS_SORT=yes I386_DESC?= Optimize for i386 (instead of i486+) SSE2_DESC?= runtime SSE2 detection @@ -35,6 +44,7 @@ RC5_DESC?= RC5 chipher (patented) RFC3779_DESC?= RFC3779 support GMP_DESC?= gmp support (LGPLv3) +EC_DESC?= Optimize NIST elliptic curves MAKE_JOBS_UNSAFE= yes NOPRECIOUSMAKEVARS= Too many _MLINKS for fetch @@ -44,6 +54,7 @@ MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive MAKE_ENV+= LIBRPATH="${PREFIX}/lib" OPENSSLDIR= ${PREFIX}/openssl +SUB_FILES= pkg-message MANPREFIX= ${PREFIX} MAN1= CA.pl.1 asn1parse.1 ca.1 ciphers.1 cms.1 crl.1 crl2pkcs7.1 dgst.1 \ @@ -1118,7 +1129,7 @@ .if ${PORT_OPTIONS:MGMP} EXTRACONFIGURE+= enable-gmp -IGNORE= GMP is LGPLv3 and can not be linked +IGNORE= GMP is LGPLv3 and cannot be linked .else EXTRACONFIGURE+= no-gmp .endif @@ -1129,6 +1140,12 @@ EXTRACONFIGURE+= no-rfc3779 .endif +.if ${PORT_OPTIONS:MEC} +EXTRACONFIGURE+= enable-ec_nistp_64_gcc_128 +.else +EXTRACONFIGURE+= no-ec_nistp_64_gcc_128 +.endif + .if ${OPENSSL_SHLIBVER_BASE} > ${OPENSSL_SHLIBVER} pre-everything:: @${ECHO_CMD} "#" @@ -1174,7 +1191,7 @@ @${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${PREFIX}/lib/$i.so .endfor .endif -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} @${MKDIR} ${DOCSDIR} @${INSTALL_DATA} ${WRKSRC}/doc/openssl.txt ${DOCSDIR}/ .endif Index: files/pkg-message.in =================================================================== --- files/pkg-message.in (revision 0) +++ files/pkg-message.in (working copy) @@ -0,0 +1,4 @@ + +Copy %%PREFIX%%/openssl/openssl.cnf.sample to %%PREFIX%%/openssl/openssl.cnf +and edit it to fit your needs. + Property changes on: files/pkg-message.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: pkg-message =================================================================== --- pkg-message (revision 311136) +++ pkg-message (working copy) @@ -1,4 +0,0 @@ - -Copy /usr/local/openssl/openssl.cnf.sample to /usr/local/openssl/openssl.cnf -and edit it to fit your needs. - >Release-Note: >Audit-Trail: >Unformatted: