Enable optimized 64bit elliptic curve code contributed by Google
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Fix Released
|
High
|
Dimitri John Ledkov | ||
Precise |
Fix Released
|
Low
|
Unassigned | ||
Quantal |
Fix Released
|
Low
|
Unassigned |
Bug Description
[Impact]
* Optional optimisations that are available, were not enabled at build time, thus reducing openssl performance of ecdsa for 224, 256, 521 bit.
* This is an SRU as part of Hardware Enablement.
[Test Case]
* Compare `openssl speed` for ecdsa on amd64 platform. There should be noticeable improvement.
(Here is a sample from my machine, note that the below benchmarks were whilst the machine was under variable load)
Before:
Doing 224 bit sign ecdsa's for 10s: 24059 224 bit ECDSA signs in 9.95s
Doing 224 bit verify ecdsa's for 10s: 6197 224 bit ECDSA verify in 9.97s
Doing 256 bit sign ecdsa's for 10s: 20640 256 bit ECDSA signs in 9.94s
Doing 256 bit verify ecdsa's for 10s: 5222 256 bit ECDSA verify in 9.95s
Doing 521 bit sign ecdsa's for 10s: 5683 521 bit ECDSA signs in 9.97s
Doing 521 bit verify ecdsa's for 10s: 1137 521 bit ECDSA verify in 9.94s
After:
Doing 224 bit sign ecdsa's for 10s: 32087 224 bit ECDSA signs in 9.92s
Doing 224 bit verify ecdsa's for 10s: 15929 224 bit ECDSA verify in 9.94s
Doing 256 bit sign ecdsa's for 10s: 18875 256 bit ECDSA signs in 9.91s
Doing 256 bit verify ecdsa's for 10s: 7744 256 bit ECDSA verify in 9.94s
Doing 521 bit sign ecdsa's for 10s: 6587 521 bit ECDSA signs in 9.90s
Doing 521 bit verify ecdsa's for 10s: 3028 521 bit ECDSA verify in 9.85s
The almost threefold improvement in 224 & 521 verify is clearly visible.
[Regression Potential]
* This change affects only amd64 and only ecdsa.
* The test-suite passes correctly.
[Other Info]
This is to turn on the code contributed by Google for optimized 64bit implementations of elliptic curves.
From the OpenSSL changelog, http://
Specify "enable-
line to include this in your build of OpenSSL, and run "make depend" (or
"make update"). This enables the following EC_METHODs:
So it really is as simple as enabling an additional compile flag.
Related branches
Changed in openssl (Ubuntu): | |
assignee: | nobody → Dmitrijs Ledkovs (xnox) |
Changed in openssl (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in openssl (Ubuntu Quantal): | |
status: | New → Confirmed |
Changed in openssl (Ubuntu): | |
importance: | Undecided → High |
Changed in openssl (Ubuntu Precise): | |
importance: | Undecided → Low |
assignee: | nobody → Dmitrijs Ledkovs (xnox) |
Changed in openssl (Ubuntu Quantal): | |
importance: | Undecided → Low |
assignee: | nobody → Dmitrijs Ledkovs (xnox) |
description: | updated |
tags: | added: verification-done-quantal |
This should be enabled in Precise and newer...