Welcome to Centmin Mod Community
Become a Member

OpenSSL [PATCH]30-40% ECDSA performance improvement - OpenSSL 1.1

Discussion in 'CentOS, Redhat & Oracle Linux News' started by buik, Jan 2, 2018.

  1. buik

    buik “The best traveler is one without a camera.”

    2,023
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,672
    Local Time:
    4:21 AM
    Happy new year starts with a gift.

    ECDSA could get faster.
    As can be read here OpenSSL - OpenSSL ECDSA Performance improvements
    An improvement of 30-40% is possible (depending on the hardware).

    Backport patch to improve ECDSA sign 30-40% at OpenSSL 1.1
    openssl-1.1/OpenSSL1.1h-improve-ECDSA-sign-30-40%.patch · openssl-patch · buik / openssl · GitLab

    With this backport patch, OpenSSL 1.1 will have to be able to do the same.


    I am not active in software development, this is pure mathematics and algorithmics.
    The goal is twofold.


    First and foremost nothing more or less than that I have had fun, as this contribution is purely out of interest.
    Second. Freedom happiness. Do what you want with the patch.
    It is freely available at GitLab.
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Thanks @bassie for sharing.. definitely will check this out :)

    this patch is against OpenSSL 1.1.0 master branch or 1.1.0g ?
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    On OVH Core i7 4790K 4C/8T server with CentOS 7.4 64bit and Centmin Mod 123.09beta01 LEMP stack

    With patch resulted in 43.4% faster ECDSA signs/s and 15.4% faster ECDSA verify/s :cool:

    OpenSSL 1.1.0g rsa 2048 signs/s rsa 2048 verify/s ecdsa 256bit signs/s ecdsa 256bit verify/s
    before patch 8278.4 181818.2 121212.1 43450.5
    after patch 8299.9 181818.2 173813.0 50157.2


    before ECDSA OpenSSL 1.1.0g backported patch
    Code (Text):
    openssl speed -multi 8 rsa2048 ecdsap256
    OpenSSL 1.1.0g  2 Nov 2017
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/openssl\"" -DENGINESDIR="\"/opt/openssl/lib/engines-1.1\""  -Wa,--noexecstack
                     sign    verify    sign/s verify/s
    rsa 2048 bits 0.000121s 0.000005s   8278.4 181818.2
                                 sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s 121212.1  43450.5
    

    after patch
    Code (Text):
    openssl speed -multi 8 rsa2048 ecdsap256
    OpenSSL 1.1.0g  2 Nov 2017
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/openssl\"" -DENGINESDIR="\"/opt/openssl/lib/engines-1.1\""  -Wa,--noexecstack
                     sign    verify    sign/s verify/s
    rsa 2048 bits 0.000120s 0.000005s   8299.9 181818.2
                                 sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s 173913.0  50157.2
    
     
  4. buik

    buik “The best traveler is one without a camera.”

    2,023
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,672
    Local Time:
    4:21 AM
    Nice benchmark :)
     
  5. buik

    buik “The best traveler is one without a camera.”

    2,023
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,672
    Local Time:
    4:21 AM
    [UPDATE]Patch has been updated to today's upstream code, January 5th.
    The patch has also been restructured.

    Backport patch update 30-40% ECDSA performance improvement - OpenSSL 1.1

    Changelog [PATCH] OpenSSL1.1g - 30-40% ECDSA performance improvement
    * Fri, 5 Jan 2018 20:45:22 +0100
    - Rebuilt to host the new upstream code (5 Jan 2018).

    ECDSA performance improvements using an old i3:

    Code:
                                  sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s  56444.1  24023.7
    
                                  sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s  81862.6  27645.4
     
  6. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    thanks for the update :D

    looks good enabling optional ECDSA and ECDHX 25519 performance patches via persistent config file /etc/centminmod/custom_config.inc set variables PRIOR to centmin.sh menu option 4 runs
    Code (Text):
    OPENSSLECDSA_PATCH='y'
    OPENSSLECDHX_PATCH='y'
    

    at end of nginx update runs via centmin.sh menu option 4 should get a list of log files for the run and one is log file for openssl patches
    Code (Text):
    log files saved at /root/centminlogs
    -rw-r--r--  1 root root 1.6K Jan  5 06:57 patch_opensslpatches_050118-065726.log
    -rw-r--r--  1 root root   44 Jan  5 06:58 centminmod_opensslinstalltime_050118-065726.log
    -rw-r--r--  1 root root    8 Jan  5 06:58 patch_patchnginx_050118-065726.log
    -rw-r--r--  1 root root 1.6K Jan  5 06:58 nginx-configure-050118-065726.log
    -rw-r--r--  1 root root  26K Jan  5 06:59 nginx_autoconf.err.050118-065726.log
    -rw-r--r--  1 root root 2.8M Jan  5 06:59 centminmod_123.09beta01.b011_050118-065726_nginx_upgrade.log
    
    *************************************************
    * nginx updated
    *************************************************
       _   _         _                _   _             _         _             _ 
      | \ | |  __ _ (_) _ __  __  __ | | | | _ __    __| |  __ _ | |_  ___   __| |
      |  \| | / _` || || '_ \ \ \/ / | | | || '_ \  / _` | / _` || __|/ _ \ / _` |
      | |\  || (_| || || | | | >  <  | |_| || |_) || (_| || (_| || |_|  __/| (_| |
      |_| \_| \__, ||_||_| |_|/_/\_\  \___/ | .__/  \__,_| \__,_| \__|\___| \__,_|
              |___/                         |_|                                   
    
    Total Nginx Upgrade Time: 99.531088158 seconds at /root/centminlogs/patch_opensslpatches_050118-065726.log
    

    contents of log
    Code (Text):
    cat /root/centminlogs/patch_opensslpatches_050118-065726.log
    
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    30-40% performance improvement patch for ECDSA
    https://community.centminmod.com/posts/57725/
    ######################################################################
    /svr-setup/openssl-1.1.0g /svr-setup/openssl-1.1.0g
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    patching file crypto/ec/ec_err.c
    patching file crypto/ec/ec_lcl.h
    patching file crypto/ec/ec_lib.c
    patching file crypto/ec/ecdsa_ossl.c
    patching file crypto/ec/ecp_nistz256.c
    patching file crypto/perlasm/x86_64-xlate.pl
    patching file include/openssl/ec.h
    patch unexpectedly ends in middle of line
    Hunk #1 succeeded at 1389 with fuzz 1.
    /svr-setup/openssl-1.1.0g
    
    
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    ECDHX 25519 performance patch
    https://community.centminmod.com/posts/57726/
    ######################################################################
    /svr-setup/openssl-1.1.0g /svr-setup/openssl-1.1.0g
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-double-performance-ecdhx-25519.patch
    patching file crypto/ec/curve25519.c
    /svr-setup/openssl-1.1.0g
    
    
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    retesting openssl 1.1.0g after latest Kernel KPTI patch fixes to see impact on performance

    Code (Text):
    OpenSSL 1.1.0g  2 Nov 2017
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/openssl\"" -DENGINESDIR="\"/opt/openssl/lib/engines-1.1\""  -Wa,--noexecstack
                      sign    verify    sign/s verify/s
    rsa 2048 bits 0.000120s 0.000005s   8300.9 181818.2
                                  sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s 170212.8  50000.0
    


    OpenSSL 1.1.0g rsa 2048 signs/s rsa 2048 verify/s ecdsa 256bit signs/s ecdsa 256bit verify/s
    before cloudflare patch 8278.4 181818.2 121212.1 43450.5
    after cloudflare patch 8299.9 181818.2 173813.0 50157.2
    cloudflare + kernel KPTI patch 8300.9 181818.2 170212.8 50000.0
     
  8. buik

    buik “The best traveler is one without a camera.”

    2,023
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,672
    Local Time:
    4:21 AM
  9. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    much appreciated.. updated in 123.09beta01 now :D
     
  10. rdan

    rdan Well-Known Member

    5,443
    1,402
    113
    May 25, 2014
    Ratings:
    +2,194
    Local Time:
    11:21 AM
    Mainline
    10.2
    So to enable this I need to set:
    Code:
    OPENSSLECDSA_PATCH='y'
    OPENSSLECDHX_PATCH='y'
    LIBRESSL_SWITCH='n'
    
    That's all?
     
  11. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yup set via persistent config file /etc/centminmod/custom_config.inc set variables PRIOR to centmin.sh menu option 4 runs
     
  12. rdan

    rdan Well-Known Member

    5,443
    1,402
    113
    May 25, 2014
    Ratings:
    +2,194
    Local Time:
    11:21 AM
    Mainline
    10.2
    No 1.0.2n support? :)
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    patch is only for 1.1.0g
     
  14. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    looks like patch doesn't work with OpenSSL 1.1.1-pre1 but luckily 123.09beta01 only patches with OpenSSL 1.1.0g right now
    Code (Text):
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    Reversed (or previously applied) patch detected!  Assume -R? [n]
    Apply anyway? [n]
    Skipping patch.
    3 out of 3 hunks ignored -- saving rejects to file crypto/ec/asm/ecp_nistz256-armv8.pl.rej
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    Hunk #1 FAILED at 1.
    Hunk #2 FAILED at 115.
    Hunk #3 FAILED at 131.
    Hunk #4 FAILED at 165.
    Hunk #5 FAILED at 176.
    Hunk #6 FAILED at 225.
    Hunk #7 FAILED at 236.
    Hunk #8 FAILED at 291.
    Hunk #9 FAILED at 302.
    Hunk #10 FAILED at 337.
    Hunk #11 FAILED at 348.
    Hunk #12 FAILED at 374.
    Hunk #13 FAILED at 470.
    Hunk #14 FAILED at 478.
    Hunk #15 FAILED at 515.
    Hunk #16 FAILED at 611.
    Hunk #17 FAILED at 658.
    Hunk #18 FAILED at 705.
    Hunk #19 FAILED at 718.
    Hunk #20 FAILED at 751.
    Hunk #21 FAILED at 758.
    Hunk #22 FAILED at 791.
    Hunk #23 FAILED at 1278.
    Hunk #24 FAILED at 1360.
    Hunk #25 FAILED at 1488.
    Hunk #26 FAILED at 1593.
    Hunk #27 FAILED at 1617.
    Hunk #28 FAILED at 1694.
    Hunk #29 FAILED at 1721.
    Hunk #30 FAILED at 1814.
    Hunk #31 FAILED at 2022.
    Hunk #32 FAILED at 2038.
    Hunk #33 FAILED at 2114.
    Hunk #34 FAILED at 2203.
    Hunk #35 FAILED at 2219.
    Hunk #36 FAILED at 2252.
    Hunk #37 FAILED at 2268.
    Hunk #38 FAILED at 2587.
    Hunk #39 FAILED at 2619.
    Hunk #40 FAILED at 2635.
    Hunk #41 FAILED at 2890.
    Hunk #42 FAILED at 3048.
    42 out of 42 hunks FAILED -- saving rejects to file crypto/ec/asm/ecp_nistz256-x86_64.pl.rej
    patching file crypto/ec/ec_err.c
    Hunk #1 FAILED at 46.
    1 out of 1 hunk FAILED -- saving rejects to file crypto/ec/ec_err.c.rej
    patching file crypto/ec/ec_lcl.h
    Reversed (or previously applied) patch detected!  Assume -R? [n]
    Apply anyway? [n]
    Skipping patch.
    3 out of 3 hunks ignored -- saving rejects to file crypto/ec/ec_lcl.h.rej
    patching file crypto/ec/ec_lib.c
    Reversed (or previously applied) patch detected!  Assume -R? [n]
    Apply anyway? [n]
    Skipping patch.
    3 out of 3 hunks ignored -- saving rejects to file crypto/ec/ec_lib.c.rej
    patching file crypto/ec/ecdsa_ossl.c
    Reversed (or previously applied) patch detected!  Assume -R? [n]
    Apply anyway? [n]
    Skipping patch.
    2 out of 2 hunks ignored -- saving rejects to file crypto/ec/ecdsa_ossl.c.rej
    patching file crypto/ec/ecp_nistz256.c
    Hunk #1 FAILED at 1.
    Hunk #2 FAILED at 29.
    Hunk #3 FAILED at 916.
    Hunk #4 succeeded at 1680 with fuzz 2 (offset 177 lines).
    Hunk #5 FAILED at 1735.
    4 out of 5 hunks FAILED -- saving rejects to file crypto/ec/ecp_nistz256.c.rej
    patching file crypto/perlasm/x86_64-xlate.pl
    Reversed (or previously applied) patch detected!  Assume -R? [n]
    Apply anyway? [n]
    Skipping patch.
    25 out of 25 hunks ignored -- saving rejects to file crypto/perlasm/x86_64-xlate.pl.rej
    patching file include/openssl/ec.h
    patch unexpectedly ends in middle of line
    Hunk #1 FAILED at 1389.
    1 out of 1 hunk FAILED -- saving rejects to file include/openssl/ec.h.rej
    patch failed, revert patch /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  16. buik

    buik “The best traveler is one without a camera.”

    2,023
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,672
    Local Time:
    4:21 AM
  17. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Exciting times with OpenSSL 1.1.1. LibreSSL is falling further behind with each day !
     
  18. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Let's compare OpenSSL 1.1.1-pre1 with integrated ECDSA performance patch with OpenSSL 1.1.0g with and without the ECDSA performance patch. Can confirm OpenSSL 1.1.1-pre1 natively added the ECDSA performance patch :D
    Code (Text):
    OpenSSL 1.1.1-pre1 (alpha) 13 Feb 2018
    built on: Tue Feb 20 18:52:21 2018 UTC
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) 
    compiler: ccache gcc -Wall -O3 -pthread -m64 -Wa,--noexecstack -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSL_USE_NODELETE -DL_ENDIAN
                      sign    verify    sign/s verify/s
    rsa 2048 bits 0.000119s 0.000006s   8374.2 180585.7
                                  sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s 172068.6  50028.8
    


    OpenSSL 1.1.0g vs 1.1.1-pre1 rsa 2048 signs/s rsa 2048 verify/s ecdsa 256bit signs/s ecdsa 256bit verify/s
    OpenSSL 1.1.0g before cloudflare patch 8278.4 181818.2 121212.1 43450.5
    OpenSSL 1.1.0g after cloudflare patch 8299.9 181818.2 173813.0 50157.2
    OpenSSL 1.1.0g after cloudflare + kernel KPTI patch 8300.9 181818.2 170212.8 50000.0
    OpenSSL 1.1.1-pre1 after cloudflare + kernel KPTI patch 8374.2 180585.7 172068.6 50028.8
     
  19. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:21 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    looks like patch needs an update for OpenSSL 1.1.0i :)

    Code (Text):
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1h-improve-ECDSA-sign-30-40.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    Hunk #1 FAILED at 22.
    Hunk #2 FAILED at 109.
    Hunk #3 FAILED at 1309.
    3 out of 3 hunks FAILED -- saving rejects to file crypto/ec/asm/ecp_nistz256-armv8.pl.rej
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    Hunk #1 FAILED at 1.
    Hunk #3 FAILED at 137.
    Hunk #4 FAILED at 171.
    Hunk #5 FAILED at 182.
    Hunk #6 FAILED at 231.
    Hunk #7 FAILED at 242.
    Hunk #8 FAILED at 297.
    Hunk #9 FAILED at 308.
    Hunk #10 FAILED at 343.
    Hunk #11 FAILED at 354.
    Hunk #12 FAILED at 380.
    Hunk #13 succeeded at 476 with fuzz 2.
    Hunk #14 FAILED at 485.
    Hunk #15 FAILED at 522.
    Hunk #16 FAILED at 618.
    Hunk #17 FAILED at 665.
    Hunk #18 FAILED at 712.
    Hunk #19 FAILED at 725.
    Hunk #20 succeeded at 758 with fuzz 2.
    Hunk #21 FAILED at 766.
    Hunk #22 FAILED at 799.
    Hunk #23 FAILED at 1286.
    Hunk #24 FAILED at 1368.
    Hunk #25 FAILED at 1496.
    Hunk #26 FAILED at 1601.
    Hunk #27 FAILED at 1625.
    Hunk #28 FAILED at 1702.
    Hunk #29 FAILED at 1729.
    Hunk #30 FAILED at 1822.
    Hunk #31 succeeded at 2030 with fuzz 2.
    Hunk #32 FAILED at 2047.
    Hunk #33 FAILED at 2123.
    Hunk #34 FAILED at 2212.
    Hunk #35 FAILED at 2228.
    Hunk #36 succeeded at 2261 with fuzz 2.
    Hunk #37 FAILED at 2278.
    Hunk #38 FAILED at 2597.
    Hunk #39 succeeded at 2629 with fuzz 2.
    Hunk #40 FAILED at 2646.
    Hunk #41 FAILED at 2901.
    Hunk #42 FAILED at 3059.
    36 out of 42 hunks FAILED -- saving rejects to file crypto/ec/asm/ecp_nistz256-x86_64.pl.rej
    patching file crypto/ec/ec_err.c
    patching file crypto/ec/ec_lcl.h
    Hunk #2 succeeded at 553 (offset 16 lines).
    Hunk #3 succeeded at 629 (offset 16 lines).
    patching file crypto/ec/ec_lib.c
    Hunk #1 succeeded at 257 (offset 1 line).
    Hunk #2 succeeded at 964 (offset 5 lines).
    Hunk #3 succeeded at 1009 (offset 5 lines).
    patching file crypto/ec/ecdsa_ossl.c
    Hunk #1 succeeded at 144 with fuzz 2 (offset -9 lines).
    patching file crypto/ec/ecp_nistz256.c
    Hunk #1 FAILED at 1.
    Hunk #4 succeeded at 1488 (offset -16 lines).
    Hunk #5 succeeded at 1720 (offset -16 lines).
    1 out of 5 hunks FAILED -- saving rejects to file crypto/ec/ecp_nistz256.c.rej
    patching file crypto/perlasm/x86_64-xlate.pl
    Hunk #1 FAILED at 51.
    Hunk #2 FAILED at 100.
    Hunk #3 FAILED at 130.
    Hunk #4 FAILED at 151.
    Hunk #5 FAILED at 178.
    Hunk #6 FAILED at 224.
    Hunk #7 FAILED at 276.
    Hunk #8 FAILED at 285.
    Hunk #9 FAILED at 309.
    Hunk #10 FAILED at 331.
    Hunk #11 FAILED at 358.
    Hunk #12 FAILED at 383.
    Hunk #13 FAILED at 458.
    Hunk #14 FAILED at 482.
    Hunk #15 FAILED at 647.
    Hunk #16 FAILED at 657.
    Hunk #18 FAILED at 702.
    Hunk #20 succeeded at 868 with fuzz 1.
    Hunk #21 FAILED at 904.
    Hunk #22 FAILED at 982.
    Hunk #23 FAILED at 1063.
    Hunk #24 FAILED at 1075.
    Hunk #25 FAILED at 1171.
    22 out of 25 hunks FAILED -- saving rejects to file crypto/perlasm/x86_64-xlate.pl.rej
    patching file include/openssl/ec.h
    patch failed, revert patch /usr/local/src/centminmod/patches/openssl/OpenSSL1.1h-improve-ECDSA-sign-30-40.patch
    
     
  20. buik

    buik “The best traveler is one without a camera.”

    2,023
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,672
    Local Time:
    4:21 AM
    Could you please test this test patch as i am not using OpenSSL anymore.
    openssl-1.1/OpenSSL1.1i-improve-ECDSA-sign-30-40_.patch · openssl-patch · buik / openssl · GitLab

    Code:
    [build@localhost openssl-1.1.0i]$ patch -p1 -b < /home/build/rpmbuild/diff/a/test.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    patching file crypto/ec/ec_err.c
    patching file crypto/ec/ec_lcl.h
    Hunk #2 succeeded at 553 (offset 16 lines).
    Hunk #3 succeeded at 629 (offset 16 lines).
    patching file crypto/ec/ec_lib.c
    Hunk #1 succeeded at 257 (offset 1 line).
    Hunk #2 succeeded at 964 (offset 5 lines).
    Hunk #3 succeeded at 1009 (offset 5 lines).
    patching file crypto/ec/ecdsa_ossl.c
    Hunk #1 succeeded at 144 with fuzz 2 (offset -9 lines).
    patching file crypto/ec/ecp_nistz256.c
    Hunk #3 succeeded at 1488 (offset -16 lines).
    Hunk #4 succeeded at 1720 (offset -16 lines).
    patching file crypto/perlasm/x86_64-xlate.pl
    patching file include/openssl/ec.h
    [build@localhost openssl-1.1.0i]$