[Bug 1018522] Re: Enable optimized 64bit elliptic curve code contributed by Google

[Brian Murray]

Hello cc, or anyone else affected,

Accepted openssl into quantal-proposed. The package will build now and
be available at http://launchpad.net/ubuntu/+source/openssl/1.0.1c-
3ubuntu2.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: openssl (Ubuntu Quantal)
       Status: In Progress => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1018522

Title:
  Enable optimized 64bit elliptic curve code contributed by Google

Status in “openssl” package in Ubuntu:
  Fix Released
Status in “openssl” source package in Precise:
  In Progress
Status in “openssl” source package in Quantal:
  Fix Committed

Bug description:
  [Impact]

   * Optional optimisations that are available, were not enabled at
  build time, thus reducing openssl performance of ecdsa for 224, 256,
  521 bit.

   * This is an SRU as part of Hardware Enablement.

  [Test Case]

  * Compare `openssl speed` for ecdsa on amd64 platform. There should be noticeable improvement.
  (Here is a sample from my machine, note that the below benchmarks were whilst the machine was under variable load)
  Before:
  Doing 224 bit sign ecdsa's for 10s: 24059 224 bit ECDSA signs in 9.95s 
  Doing 224 bit verify ecdsa's for 10s: 6197 224 bit ECDSA verify in 9.97s
  Doing 256 bit sign ecdsa's for 10s: 20640 256 bit ECDSA signs in 9.94s 
  Doing 256 bit verify ecdsa's for 10s: 5222 256 bit ECDSA verify in 9.95s
  Doing 521 bit sign ecdsa's for 10s: 5683 521 bit ECDSA signs in 9.97s 
  Doing 521 bit verify ecdsa's for 10s: 1137 521 bit ECDSA verify in 9.94s

  After:
  Doing 224 bit sign ecdsa's for 10s: 32087 224 bit ECDSA signs in 9.92s 
  Doing 224 bit verify ecdsa's for 10s: 15929 224 bit ECDSA verify in 9.94s
  Doing 256 bit sign ecdsa's for 10s: 18875 256 bit ECDSA signs in 9.91s 
  Doing 256 bit verify ecdsa's for 10s: 7744 256 bit ECDSA verify in 9.94s
  Doing 521 bit sign ecdsa's for 10s: 6587 521 bit ECDSA signs in 9.90s 
  Doing 521 bit verify ecdsa's for 10s: 3028 521 bit ECDSA verify in 9.85s

  The almost threefold improvement in 224 & 521 verify is clearly
  visible.

  [Regression Potential]

  * This change affects only amd64 and only ecdsa.
  * The test-suite passes correctly.

  [Other Info]
   
  This is to turn on the code contributed by Google for optimized 64bit implementations of elliptic curves.

  From the OpenSSL changelog, http://www.openssl.org/news/changelog.html

  Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
       line to include this in your build of OpenSSL, and run "make depend" (or
       "make update"). This enables the following EC_METHODs:

  So it really is as simple as enabling an additional compile flag.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1018522/+subscriptions