NetBSD Problem Report #36517
From martin@duskware.de Wed Jun 20 08:11:06 2007
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 98FDF63B882
for <gnats-bugs@gnats.netbsd.org>; Wed, 20 Jun 2007 08:11:06 +0000 (UTC)
Message-Id: <20070620072806.719F763B882@narn.NetBSD.org>
Date: Wed, 20 Jun 2007 07:28:06 +0000 (UTC)
From: Lloyd.Parkes@ird.govt.nz
Reply-To: Lloyd.Parkes@ird.govt.nz
To: netbsd-bugs-owner@NetBSD.org
Subject: builtin.mk fails to detect the Solaris built in OpenSSL
X-Send-Pr-Version: www-1.0
>Number: 36517
>Category: pkg
>Synopsis: builtin.mk fails to detect the Solaris built in OpenSSL
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: solaris-pkg-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jun 20 08:15:00 +0000 2007
>Closed-Date: Thu Feb 07 14:07:25 +0000 2013
>Last-Modified: Wed Feb 13 15:20:05 +0000 2013
>Originator: Lloyd Parkes
>Release: N/A
>Organization:
Inland Revenue
>Environment:
SunOS xxx 5.10 Generic_118822-25 sun4u sparc SUNW,Ultra-5_10
>Description:
Sun's OpenSSL has support for the Sun crypto hardware, so it is necessary to use its OpenSSL libraries instead of the public version. Their software also seems to be better tuned than the public software, so using seems to be a good idea, even on systems without crypto acceleration.
>How-To-Repeat:
Build sysutils/cfengine2 and watch it try to compile OpenSSL.
>Fix:
See the patch at http://www.must-have-coffee.gen.nz/patches/builtin.mk.diff. It'll appear there in a few hours.
I've tested this on Solaris 10, and sort-of on Solaris 9. I haven't had a chance to test it on NetBSD yet.
Here is a cut and paste copy of the patch (so whitespace will be off):
$NetBSD$
--- builtin.mk.orig 2007-02-23 08:27:08.000000000 +1300
+++ builtin.mk
@@ -4,7 +4,9 @@ BUILTIN_PKG:= openssl
BUILTIN_FIND_LIBS:= des
BUILTIN_FIND_FILES_VAR:= H_OPENSSL
-BUILTIN_FIND_FILES.H_OPENSSL= /usr/include/openssl/opensslv.h
+BUILTIN_FIND_FILES.H_OPENSSL= /opt/SUNWconn/crypto/include/openssl/opensslv.h \
+ /usr/sfw/include/openssl/opensslv.h \
+ /usr/include/openssl/opensslv.h
.include "../../mk/buildlink3/bsd.builtin.mk"
@@ -135,7 +137,10 @@ CHECK_BUILTIN.openssl?= no
.if !empty(CHECK_BUILTIN.openssl:M[nN][oO])
. if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
-BUILDLINK_PREFIX.openssl= /usr
+BUILDLINK_PREFIX.openssl:= ${H_OPENSSL:S-/include/openssl/opensslv.h--}
+. if empty(BUILDLINK_PREFIX.openssl:M/usr)
+BUILDLINK_IS_DEPOT.openssl= YES
+. endif
. endif
# By default, we don't bother with the old DES API.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: pkg-manager->solaris-pkg-people
Responsible-Changed-By: wiz@netbsd.org
Responsible-Changed-When: Wed, 20 Jun 2007 22:12:54 +0000
Responsible-Changed-Why:
Solaris pkgsrc problem.
State-Changed-From-To: open->closed
State-Changed-By: jperkin@NetBSD.org
State-Changed-When: Thu, 07 Feb 2013 14:07:25 +0000
State-Changed-Why:
It's likely that the OpenSSL in pkgsrc is now more suitable than that
provided in the base system, but in any case this can be tweaked by
setting PREFER_NATIVE appropriately.
From: =?ISO-8859-1?Q?J=F6rn_Clausen?= <joernc@googlemail.com>
To: gnats-bugs@netbsd.org
Cc: solaris-pkg-people@netbsd.org, pkgsrc-bugs@netbsd.org,
gnats-admin@netbsd.org, jperkin@netbsd.org, Lloyd.Parkes@ird.govt.nz
Subject: Re: pkg/36517 (builtin.mk fails to detect the Solaris built in OpenSSL)
Date: Thu, 7 Feb 2013 15:59:01 +0100
Just for the record: On Sparc, the "native" version of OpenSSL
(/usr/sfw/bin/openssl) is significantly faster than the one compiled
from pkgsrc, at least with standard compiler options, and for most of
the algorithms:
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969
CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
CVE-2007-5135 CVE-2008-5077 CVE-2009-0590)
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 5067.21k 17566.61k 49591.13k 91534.34k 121629.35k
hmac(md5) 8104.42k 25877.74k 64060.76k 102259.37k 123863.04k
sha1 5138.62k 17033.11k 42430.38k 72883.20k 92228.27k
rmd160 4348.91k 11437.06k 27559.81k 42526.04k 50662.06k
rc4 83807.53k 105162.26k 113817.77k 116205.57k 116176.21k
versus a not-so-old version from pkgsrc:
OpenSSL 0.9.8x 10 May 2012
built on: Thu Oct 18 15:51:58 CEST 2012
options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long)
aes(partial) blowfish(ptr)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -O -O3 -fomit-frame-pointer -Wall
-DB_ENDIAN -DBN_DIV2W
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 7147.72k 22352.38k 53795.16k 82647.38k 97883.48k
hmac(md5) 7385.30k 22827.86k 54280.28k 82848.43k 97921.71k
sha1 3696.81k 8823.53k 16139.78k 20247.21k 21686.95k
rmd160 1400.98k 3082.84k 5371.90k 6588.07k 7080.62k
rc4 65909.05k 72306.30k 74684.16k 75298.13k 75412.82k
Especially sha1 is much faster with native OpenSSL. We had to switch
back from pkgsrc to native for our radius server, because it was not
able to provide the necessary performance.
Again, just for the record. No change requested.
On Thu, Feb 7, 2013 at 3:07 PM, <jperkin@netbsd.org> wrote:
> Synopsis: builtin.mk fails to detect the Solaris built in OpenSSL
>
> State-Changed-From-To: open->closed
> State-Changed-By: jperkin@NetBSD.org
> State-Changed-When: Thu, 07 Feb 2013 14:07:25 +0000
> State-Changed-Why:
> It's likely that the OpenSSL in pkgsrc is now more suitable than that
> provided in the base system, but in any case this can be tweaked by
> setting PREFER_NATIVE appropriately.
>
>
>
--
Joern Clausen
http://thebloeg.blogspot.com/
http://www.oe-files.de/photography/
From: Jonathan Perkin <jperkin@pkgsrc.org>
To: =?iso-8859-1?Q?J=F6rn?= Clausen <joernc@googlemail.com>
Cc: gnats-bugs@netbsd.org, solaris-pkg-people@netbsd.org,
pkgsrc-bugs@netbsd.org, gnats-admin@netbsd.org,
Lloyd.Parkes@ird.govt.nz
Subject: Re: pkg/36517 (builtin.mk fails to detect the Solaris built in
OpenSSL)
Date: Thu, 7 Feb 2013 15:58:46 +0000
* On 2013-02-07 at 15:55 GMT, Jörn Clausen wrote:
> Just for the record: On Sparc, the "native" version of OpenSSL
> (/usr/sfw/bin/openssl) is significantly faster than the one compiled
> from pkgsrc, at least with standard compiler options, and for most of
> the algorithms:
>
> versus a not-so-old version from pkgsrc:
>
> OpenSSL 0.9.8x 10 May 2012
It would be interesting to re-run this with the 1.0.1d I just imported.
--
Jonathan Perkin www.perkin.org.uk
github.com/jperkin twitter.com/jperkin
From: =?ISO-8859-1?Q?J=F6rn_Clausen?= <joernc@googlemail.com>
To: Jonathan Perkin <jperkin@pkgsrc.org>
Cc: gnats-bugs@netbsd.org, solaris-pkg-people@netbsd.org,
pkgsrc-bugs@netbsd.org, gnats-admin@netbsd.org, Lloyd.Parkes@ird.govt.nz
Subject: Re: pkg/36517 (builtin.mk fails to detect the Solaris built in OpenSSL)
Date: Wed, 13 Feb 2013 16:18:34 +0100
I reran the speed test with
OpenSSL 1.0.1d 5 Feb 2013
built on: Mon Feb 11 17:41:53 CET 2013
options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long)
aes(partial) blowfish(ptr)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -O -O3 -fomit-frame-pointer -Wall
-DB_ENDIAN -DBN_DIV2W
The results are practically the same as with OpenSSL 0.9.8x,
especially SHA1 and RMD160 are still significantly slower than their
counterparts from /usr/sfw/bin/openssl.
On Thu, Feb 7, 2013 at 4:58 PM, Jonathan Perkin <jperkin@pkgsrc.org> wrote:
> * On 2013-02-07 at 15:55 GMT, J=F6rn Clausen wrote:
>
>> Just for the record: On Sparc, the "native" version of OpenSSL
>> (/usr/sfw/bin/openssl) is significantly faster than the one compiled
>> from pkgsrc, at least with standard compiler options, and for most of
>> the algorithms:
>>
>> versus a not-so-old version from pkgsrc:
>>
>> OpenSSL 0.9.8x 10 May 2012
>
> It would be interesting to re-run this with the 1.0.1d I just imported.
>
> --
> Jonathan Perkin www.perkin.org.uk
> github.com/jperkin twitter.com/jperkin
--
Joern Clausen
http://thebloeg.blogspot.com/
http://www.oe-files.de/photography/
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.36 2007/11/24 03:27:39 kano Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home