NetBSD Problem Report #36517

From martin@duskware.de  Wed Jun 20 08:11:06 2007
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 98FDF63B882
	for <gnats-bugs@gnats.netbsd.org>; Wed, 20 Jun 2007 08:11:06 +0000 (UTC)
Message-Id: <20070620072806.719F763B882@narn.NetBSD.org>
Date: Wed, 20 Jun 2007 07:28:06 +0000 (UTC)
From: Lloyd.Parkes@ird.govt.nz
Reply-To: Lloyd.Parkes@ird.govt.nz
To: netbsd-bugs-owner@NetBSD.org
Subject: builtin.mk fails to detect the Solaris built in OpenSSL
X-Send-Pr-Version: www-1.0

>Number:         36517
>Category:       pkg
>Synopsis:       builtin.mk fails to detect the Solaris built in OpenSSL
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    solaris-pkg-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 20 08:15:00 +0000 2007
>Closed-Date:    Thu Feb 07 14:07:25 +0000 2013
>Last-Modified:  Wed Feb 13 15:20:05 +0000 2013
>Originator:     Lloyd Parkes
>Release:        N/A
>Organization:
Inland Revenue
>Environment:
SunOS xxx 5.10 Generic_118822-25 sun4u sparc SUNW,Ultra-5_10

>Description:
Sun's OpenSSL has support for the Sun crypto hardware, so it is necessary to use its OpenSSL libraries instead of the public version. Their software also seems to be better tuned than the public software, so using seems to be a good idea, even on systems without crypto acceleration.
>How-To-Repeat:
Build sysutils/cfengine2 and watch it try to compile OpenSSL.

>Fix:
See the patch at http://www.must-have-coffee.gen.nz/patches/builtin.mk.diff. It'll appear  there in a few hours.

I've tested this on Solaris 10, and sort-of on Solaris 9. I haven't had a chance to test it on NetBSD yet.

Here is a cut and paste copy of the patch (so whitespace will be off):
$NetBSD$

--- builtin.mk.orig     2007-02-23 08:27:08.000000000 +1300
+++ builtin.mk
@@ -4,7 +4,9 @@ BUILTIN_PKG:=   openssl

 BUILTIN_FIND_LIBS:=            des
 BUILTIN_FIND_FILES_VAR:=       H_OPENSSL
-BUILTIN_FIND_FILES.H_OPENSSL=  /usr/include/openssl/opensslv.h
+BUILTIN_FIND_FILES.H_OPENSSL=  /opt/SUNWconn/crypto/include/openssl/opensslv.h \
+                               /usr/sfw/include/openssl/opensslv.h \
+                               /usr/include/openssl/opensslv.h

 .include "../../mk/buildlink3/bsd.builtin.mk"

@@ -135,7 +137,10 @@ CHECK_BUILTIN.openssl?=    no
 .if !empty(CHECK_BUILTIN.openssl:M[nN][oO])

 .  if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
-BUILDLINK_PREFIX.openssl=      /usr
+BUILDLINK_PREFIX.openssl:=     ${H_OPENSSL:S-/include/openssl/opensslv.h--}
+.    if empty(BUILDLINK_PREFIX.openssl:M/usr)
+BUILDLINK_IS_DEPOT.openssl=    YES
+.    endif
 .  endif

 # By default, we don't bother with the old DES API.

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: pkg-manager->solaris-pkg-people
Responsible-Changed-By: wiz@netbsd.org
Responsible-Changed-When: Wed, 20 Jun 2007 22:12:54 +0000
Responsible-Changed-Why:
Solaris pkgsrc problem.


State-Changed-From-To: open->closed
State-Changed-By: jperkin@NetBSD.org
State-Changed-When: Thu, 07 Feb 2013 14:07:25 +0000
State-Changed-Why:
It's likely that the OpenSSL in pkgsrc is now more suitable than that
provided in the base system, but in any case this can be tweaked by
setting PREFER_NATIVE appropriately.


From: =?ISO-8859-1?Q?J=F6rn_Clausen?= <joernc@googlemail.com>
To: gnats-bugs@netbsd.org
Cc: solaris-pkg-people@netbsd.org, pkgsrc-bugs@netbsd.org, 
	gnats-admin@netbsd.org, jperkin@netbsd.org, Lloyd.Parkes@ird.govt.nz
Subject: Re: pkg/36517 (builtin.mk fails to detect the Solaris built in OpenSSL)
Date: Thu, 7 Feb 2013 15:59:01 +0100

 Just for the record: On Sparc, the "native" version of OpenSSL
 (/usr/sfw/bin/openssl) is significantly faster than the one compiled
 from pkgsrc, at least with standard compiler options, and for most of
 the algorithms:

 OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969
 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
 CVE-2007-5135 CVE-2008-5077 CVE-2009-0590)
 type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
 md5               5067.21k    17566.61k    49591.13k    91534.34k   121629.35k
 hmac(md5)         8104.42k    25877.74k    64060.76k   102259.37k   123863.04k
 sha1              5138.62k    17033.11k    42430.38k    72883.20k    92228.27k
 rmd160            4348.91k    11437.06k    27559.81k    42526.04k    50662.06k
 rc4              83807.53k   105162.26k   113817.77k   116205.57k   116176.21k

 versus a not-so-old version from pkgsrc:

 OpenSSL 0.9.8x 10 May 2012
 built on: Thu Oct 18 15:51:58 CEST 2012
 options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long)
 aes(partial) blowfish(ptr)
 compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
 -DDSO_DLFCN -DHAVE_DLFCN_H -O -O3 -fomit-frame-pointer -Wall
 -DB_ENDIAN -DBN_DIV2W
 type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
 md5               7147.72k    22352.38k    53795.16k    82647.38k    97883.48k
 hmac(md5)         7385.30k    22827.86k    54280.28k    82848.43k    97921.71k
 sha1              3696.81k     8823.53k    16139.78k    20247.21k    21686.95k
 rmd160            1400.98k     3082.84k     5371.90k     6588.07k     7080.62k
 rc4              65909.05k    72306.30k    74684.16k    75298.13k    75412.82k

 Especially sha1 is much faster with native OpenSSL. We had to switch
 back from pkgsrc to native for our radius server, because it was not
 able to provide the necessary performance.

 Again, just for the record. No change requested.


 On Thu, Feb 7, 2013 at 3:07 PM,  <jperkin@netbsd.org> wrote:
 > Synopsis: builtin.mk fails to detect the Solaris built in OpenSSL
 >
 > State-Changed-From-To: open->closed
 > State-Changed-By: jperkin@NetBSD.org
 > State-Changed-When: Thu, 07 Feb 2013 14:07:25 +0000
 > State-Changed-Why:
 > It's likely that the OpenSSL in pkgsrc is now more suitable than that
 > provided in the base system, but in any case this can be tweaked by
 > setting PREFER_NATIVE appropriately.
 >
 >
 >



 -- 
 Joern Clausen
 http://thebloeg.blogspot.com/
 http://www.oe-files.de/photography/

From: Jonathan Perkin <jperkin@pkgsrc.org>
To: =?iso-8859-1?Q?J=F6rn?= Clausen <joernc@googlemail.com>
Cc: gnats-bugs@netbsd.org, solaris-pkg-people@netbsd.org,
	pkgsrc-bugs@netbsd.org, gnats-admin@netbsd.org,
	Lloyd.Parkes@ird.govt.nz
Subject: Re: pkg/36517 (builtin.mk fails to detect the Solaris built in
 OpenSSL)
Date: Thu, 7 Feb 2013 15:58:46 +0000

 * On 2013-02-07 at 15:55 GMT, Jörn Clausen wrote:

 > Just for the record: On Sparc, the "native" version of OpenSSL
 > (/usr/sfw/bin/openssl) is significantly faster than the one compiled
 > from pkgsrc, at least with standard compiler options, and for most of
 > the algorithms:
 > 
 > versus a not-so-old version from pkgsrc:
 > 
 > OpenSSL 0.9.8x 10 May 2012

 It would be interesting to re-run this with the 1.0.1d I just imported.

 -- 
 Jonathan Perkin       www.perkin.org.uk
 github.com/jperkin  twitter.com/jperkin

From: =?ISO-8859-1?Q?J=F6rn_Clausen?= <joernc@googlemail.com>
To: Jonathan Perkin <jperkin@pkgsrc.org>
Cc: gnats-bugs@netbsd.org, solaris-pkg-people@netbsd.org, 
	pkgsrc-bugs@netbsd.org, gnats-admin@netbsd.org, Lloyd.Parkes@ird.govt.nz
Subject: Re: pkg/36517 (builtin.mk fails to detect the Solaris built in OpenSSL)
Date: Wed, 13 Feb 2013 16:18:34 +0100

 I reran the speed test with

 OpenSSL 1.0.1d 5 Feb 2013
 built on: Mon Feb 11 17:41:53 CET 2013
 options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long)
 aes(partial) blowfish(ptr)
 compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
 -DDSO_DLFCN -DHAVE_DLFCN_H -O -O3 -fomit-frame-pointer -Wall
 -DB_ENDIAN -DBN_DIV2W

 The results are practically the same as with OpenSSL 0.9.8x,
 especially SHA1 and RMD160 are still significantly slower than their
 counterparts from /usr/sfw/bin/openssl.

 On Thu, Feb 7, 2013 at 4:58 PM, Jonathan Perkin <jperkin@pkgsrc.org> wrote:
 > * On 2013-02-07 at 15:55 GMT, J=F6rn Clausen wrote:
 >
 >> Just for the record: On Sparc, the "native" version of OpenSSL
 >> (/usr/sfw/bin/openssl) is significantly faster than the one compiled
 >> from pkgsrc, at least with standard compiler options, and for most of
 >> the algorithms:
 >>
 >> versus a not-so-old version from pkgsrc:
 >>
 >> OpenSSL 0.9.8x 10 May 2012
 >
 > It would be interesting to re-run this with the 1.0.1d I just imported.
 >
 > --
 > Jonathan Perkin       www.perkin.org.uk
 > github.com/jperkin  twitter.com/jperkin



 --
 Joern Clausen
 http://thebloeg.blogspot.com/
 http://www.oe-files.de/photography/

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.