-dynamic-linker=/libexec/ld.elf_so) if the BINDIR of the program being
built is /bin or /sbin.
The reason we do this is because now all programs *except* those in
/bin and /sbin (i.e. the "special cases") match the default the compiler
uses, which is what is used for things in e.g. xsrc, pkgsrc, and other
random 3rd party programs.
This is done by decoupling where a shlib is installed from how it
is located. Two new variables, SHLIBINSTALLDIR and SHLINKINSTALLDIR,
contain the former information, and key off MKDYNAMICROOT only. SHLIBDIR
and SHLINKDIR contain the latter, and key off MKDYNAMICROOT and BINDIR.
The SHLIBINSTALLDIR, SHLIBDIR, _LIBSODIR, SHLINKINSTALLDIR, and
SHLINKDIR parameters are moved to a new <bsd.shlib.mk>; see bsd.README
for usage details.
libcrypto shared major when we moved from OpenSSL 0.9.5 to 0.9.6.
Add note to libcrypto shlib_version file to remind people to also
update libdes shlib_version.
- SHLIBDIR Location to install shared libraries if ${USE_SHLIBDIR}
is "yes". Defaults to "/usr/lib".
- USE_SHLIBDIR If "yes", install shared libraries in ${SHLIBDIR}
instead of ${LIBDIR}. Defaults to "no".
Sets ${_LIBSODIR} to the appropriate value.
This may be set by individual Makefiles as well.
- SHLINKDIR Location of shared linker. Defaults to "/usr/libexec".
If != "/usr/libexec", change the dynamic-linker
encoded in shared programs
* Set USE_SHLIBDIR for libraries used by /bin and /sbin:
libc libcrypt libcrypto libedit libipsec libkvm libm libmi387
libtermcap libutil libz
* If ${_LIBSODIR} != ${LIBDIR}, add symlinks from ${LIBDIR}/${LIB}.so*
to ${_LIBSODIR}/${LIB}.so* for compatibility.
* Always install /sbin/init statically (for now)
The net effect of these changes depends on how the variables are set:
1.) If nothing is set or changed, there is no change from the
current behaviour:
- Static /bin, /sbin, and bits of /usr/*
- Dynamic rest
- Shared linker is /usr/libexec/ld*so
2.) If the following make variables are set:
LDSTATIC=
SHLINKDIR=/lib
SHLIBDIR=/lib
Then the behaviour becomes:
- Dynamic tools
- .so libraries used by /bin and /sbin are installed to /lib,
with symlinks from /usr/lib/lib*so to -> /lib/lib*so
where appropriate
- Shared linker is /lib/ld*so
3.) As per 2.), but add the following variable:
USE_SHLIBDIR=yes
This forces all .so's to be instaleld in /lib (with compat
symlinks), not just those tagged by their Makefiles to be.
Again, compat symlinks are installed
different architectures.
Doesn't help some platforms much, helps others quite a bit. These
options are from options.txt in the libdes/libcrypto distribution; it
would probably be best to test and replace them with what's best with
the current gcc on each of our architectures.
of about 3.5X on my 1333MHz Athlon (about 37MB/sec!) compared to the old
C versions.
We could boost the speed of the C versions on most other architectures with
des.inc files that set the compile-time flags (DES_PTR, DES_RISC1, DES_RISC2)
correctly; at the moment they aren't set at all.
don't use unsigned long where 32bit unsigned variable is asked for.
use u_int32_t. (not sure if uint32_t is better or not, but anyway,
u_int32_t <-> uint32_t should not raise binary compatibility issue)
PR10921.
TODO: have arch-dependent Makefiles where we supply -DFOO for optimization.
(do not change size of variable though)
XXX: we should actually nuke all other #ifdef in /usr/include/openssl/*.h,
however, that needs a lot of work and will make future openssl upgrade harder.
remove RC5 and IDEA by default. build them separately as
libcrypto_{rc5,idea}.a. put dummy function, which is "warning to stderr
and exit(1)". NOCRYPTO_{RC5,IDEA} are obsoleted.
PR10883.
routines from OpenSSL. Speeds up DSA significantly. A similar
gain should also be seen for RSA.
Before:
Doing 512 bit sign dsa's for 10s: 965 512 bit DSA signs in 9.97s
Doing 512 bit verify dsa's for 10s: 766 512 bit DSA verify in 9.93s
Doing 1024 bit sign dsa's for 10s: 276 1024 bit DSA signs in 9.99s
Doing 1024 bit verify dsa's for 10s: 217 1024 bit DSA verify in 9.93s
sign verify sign/s verify/s
dsa 512 bits 0.0103s 0.0130s 96.8 77.1
dsa 1024 bits 0.0362s 0.0458s 27.6 21.9
After:
Doing 512 bit sign dsa's for 10s: 3742 512 bit DSA signs in 9.88s
Doing 512 bit verify dsa's for 10s: 3065 512 bit DSA verify in 9.92s
Doing 1024 bit sign dsa's for 10s: 1357 1024 bit DSA signs in 9.99s
Doing 1024 bit verify dsa's for 10s: 1094 1024 bit DSA verify in 9.83s
sign verify sign/s verify/s
dsa 512 bits 0.0026s 0.0032s 378.7 309.0
dsa 1024 bits 0.0074s 0.0090s 135.8 111.3
Before:
Doing rmd160 for 3s on 8 size blocks: 778828 rmd160's in 3.00s
Doing rmd160 for 3s on 64 size blocks: 430214 rmd160's in 3.00s
Doing rmd160 for 3s on 256 size blocks: 182108 rmd160's in 3.00s
Doing rmd160 for 3s on 1024 size blocks: 55050 rmd160's in 3.00s
Doing rmd160 for 3s on 8192 size blocks: 7339 rmd160's in 3.00s
type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
rmd160 2076.87k 9177.90k 15539.88k 18790.40k 20040.36k
After:
Doing rmd160 for 3s on 8 size blocks: 1084941 rmd160's in 3.00s
Doing rmd160 for 3s on 64 size blocks: 617966 rmd160's in 3.00s
Doing rmd160 for 3s on 256 size blocks: 267381 rmd160's in 2.99s
Doing rmd160 for 3s on 1024 size blocks: 82001 rmd160's in 3.00s
Doing rmd160 for 3s on 8192 size blocks: 10974 rmd160's in 3.00s
type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
rmd160 2893.18k 13183.27k 22892.82k 27989.67k 29966.34k
Before:
Doing md5 for 3s on 8 size blocks: 1490796 md5's in 3.00s
Doing md5 for 3s on 64 size blocks: 895849 md5's in 3.00s
Doing md5 for 3s on 256 size blocks: 410807 md5's in 3.00s
Doing md5 for 3s on 1024 size blocks: 129416 md5's in 3.00s
Doing md5 for 3s on 8192 size blocks: 17527 md5's in 3.00s
type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 3975.46k 19111.45k 35055.53k 44173.99k 47860.39k
After:
Doing md5 for 3s on 8 size blocks: 2041410 md5's in 3.00s
Doing md5 for 3s on 64 size blocks: 1345402 md5's in 3.00s
Doing md5 for 3s on 256 size blocks: 669827 md5's in 3.10s
Doing md5 for 3s on 1024 size blocks: 221744 md5's in 2.96s
Doing md5 for 3s on 8192 size blocks: 30685 md5's in 3.00s
type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
md5 5443.76k 28701.91k 56968.68k 76711.44k 83790.51k
and decrypt from OpenSSL. Right now we only build the 586 version,
but eventually we will be able to build the 686 version based on a
CPP flag defined as a result of using `cc -mcpu=pentiumpro'.
We don't build the assembly version of BF_cbc_encrypt(), as it would
have to be rewritten to be PIC.
Performance difference is quite noticeable.
Before:
Doing blowfish cbc for 3s on 8 size blocks: 2891026 blowfish cbc's in 2.97s
Doing blowfish cbc for 3s on 64 size blocks: 411766 blowfish cbc's in 3.10s
Doing blowfish cbc for 3s on 256 size blocks: 104721 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 1024 size blocks: 26291 blowfish cbc's in 2.98s
Doing blowfish cbc for 3s on 8192 size blocks: 3290 blowfish cbc's in 3.10s
type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
blowfish cbc 7787.28k 8755.16k 8936.19k 9034.22k 8954.05k
After:
Doing blowfish cbc for 3s on 8 size blocks: 4573792 blowfish cbc's in 3.10s
Doing blowfish cbc for 3s on 64 size blocks: 713440 blowfish cbc's in 2.99s
Doing blowfish cbc for 3s on 256 size blocks: 183125 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 1024 size blocks: 46221 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 8192 size blocks: 5787 blowfish cbc's in 3.00s
type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
blowfish cbc 12156.26k 15270.96k 15626.67k 15776.77k 15802.37k
des_new_random_key(), and des_init_random_number_generator()
from the crypto-us libdes.
While I'm here, fix a serious bug in des_init_random_number_generator()
whereby the accumlated data to be hashed was zero'd *before* actually
being hashed. NOTE: The bug only affects people who are not using the
rnd(4) in-kernel random number generator, and it is worth noting that
the resulting keys are not always the same, but are likely easy to
determine.
adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate
bsd.crypto.mk.
There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
jschauma