Opened 7 years ago

Last modified 4 years ago

#41973 new enhancement

Add "enable-ec_nistp_64_gcc_128" variant to openssl?

Reported by: jlg@… Owned by: larryv (Lawrence Velázquez)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: neverpanic (Clemens Lang), jul_bsd@…, vergus@…
Port: openssl

Description

The need for accelerated NIST P-224 and P-256 encryption support is growing. Would it be possible to add the "enable-ec_nistp_64_gcc_128" configure option as a variant to the openssl port?

Attachments (1)

patch-openssl-Portfile.diff (825 bytes) - added by jul_bsd@… 6 years ago.

Download all attachments as: .zip

Change History (9)

comment:1 Changed 7 years ago by mf2k (Frank Schima)

Owner: changed from macports-tickets@… to mww@…
Type: requestenhancement
Version: 2.2.1

In the future, please Cc the port maintainers (port info --maintainers openssl).

comment:2 Changed 6 years ago by jmroot (Joshua Root)

No need for a variant I would think, better to just enable it always on x86_64?

comment:3 Changed 6 years ago by jmroot (Joshua Root)

Some things to note:

  • this requires __uint128_t, which is not available in gcc < 4.4
  • the code is under a different license (Apache 2.0) to the rest of openssl, which messes up our license checking for GPL + openssl exception

So maybe a variant isn’t a bad idea after all.

comment:4 Changed 6 years ago by jul_bsd@…

Cc: jul_bsd@… added

Cc Me!

comment:5 Changed 6 years ago by jul_bsd@…

  • patch with variant. don't know how to restrict to gcc>=4.4
  • destroot ok
  • add as default: to confirm to be safe and improve performances

Changed 6 years ago by jul_bsd@…

Attachment: patch-openssl-Portfile.diff added

comment:6 Changed 5 years ago by vergus@…

Cc: vergus@… added

Cc Me!

comment:7 Changed 5 years ago by jmroot (Joshua Root)

Cc: cal@… added
Owner: changed from mww@… to larryv@…

comment:8 Changed 4 years ago by neverpanic (Clemens Lang)

Debian always enables this on amd64 machines, and so should we, I think. Debian doesn't seem to care about the license difference, so they apparently assume it's compatible with the OpenSSL license terms.

I think we should enable this for all machines that support __uint128_t; should we just check $build_arch for x86_64 and enable it for this architecture?

I also don't understand why the patch adds the variant to the default variants if it is already enabled.

Larry, what do you think?

Note: See TracTickets for help on using tickets.