[Bug 1018522] Re: Enable optimized 64bit elliptic curve code contributed by Google

Launchpad Bug Tracker 1018522 at bugs.launchpad.net
Mon May 6 19:34:21 UTC 2013 

This bug was fixed in the package openssl - 1.0.1c-3ubuntu2.4

---------------
openssl (1.0.1c-3ubuntu2.4) quantal; urgency=low

  [ Dmitrijs Ledkovs ]
  * Enable arm assembly code. (LP: #1083498) (Closes: #676533)
  * Enable optimized 64bit elliptic curve code contributed by Google. (LP: #1018522)

  [ Marc Deslauriers ]
  * debian/patches/fix_key_decoding_deadlock.patch: Fix possible deadlock
    when decoding public keys. (LP: #1066032)
 -- Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com>   Thu, 04 Apr 2013 12:15:11 +0100

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1018522

Title:
  Enable optimized 64bit elliptic curve code contributed by Google

Status in “openssl” package in Ubuntu:
  Fix Released
Status in “openssl” source package in Precise:
  Fix Released
Status in “openssl” source package in Quantal:
  Fix Released

Bug description:
  [Impact]

   * Optional optimisations that are available, were not enabled at
  build time, thus reducing openssl performance of ecdsa for 224, 256,
  521 bit.

   * This is an SRU as part of Hardware Enablement.

  [Test Case]

  * Compare `openssl speed` for ecdsa on amd64 platform. There should be noticeable improvement.
  (Here is a sample from my machine, note that the below benchmarks were whilst the machine was under variable load)
  Before:
  Doing 224 bit sign ecdsa's for 10s: 24059 224 bit ECDSA signs in 9.95s 
  Doing 224 bit verify ecdsa's for 10s: 6197 224 bit ECDSA verify in 9.97s
  Doing 256 bit sign ecdsa's for 10s: 20640 256 bit ECDSA signs in 9.94s 
  Doing 256 bit verify ecdsa's for 10s: 5222 256 bit ECDSA verify in 9.95s
  Doing 521 bit sign ecdsa's for 10s: 5683 521 bit ECDSA signs in 9.97s 
  Doing 521 bit verify ecdsa's for 10s: 1137 521 bit ECDSA verify in 9.94s

  After:
  Doing 224 bit sign ecdsa's for 10s: 32087 224 bit ECDSA signs in 9.92s 
  Doing 224 bit verify ecdsa's for 10s: 15929 224 bit ECDSA verify in 9.94s
  Doing 256 bit sign ecdsa's for 10s: 18875 256 bit ECDSA signs in 9.91s 
  Doing 256 bit verify ecdsa's for 10s: 7744 256 bit ECDSA verify in 9.94s
  Doing 521 bit sign ecdsa's for 10s: 6587 521 bit ECDSA signs in 9.90s 
  Doing 521 bit verify ecdsa's for 10s: 3028 521 bit ECDSA verify in 9.85s

  The almost threefold improvement in 224 & 521 verify is clearly
  visible.

  [Regression Potential]

  * This change affects only amd64 and only ecdsa.
  * The test-suite passes correctly.

  [Other Info]
   
  This is to turn on the code contributed by Google for optimized 64bit implementations of elliptic curves.

  From the OpenSSL changelog, http://www.openssl.org/news/changelog.html

  Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
       line to include this in your build of OpenSSL, and run "make depend" (or
       "make update"). This enables the following EC_METHODs:

  So it really is as simple as enabling an additional compile flag.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1018522/+subscriptions

More information about the foundations-bugs mailing list