Discover Centmin Mod today
Register Now

OpenSSL [PATCH]30-40% ECDSA performance improvement - OpenSSL 1.1

Discussion in 'CentOS, Redhat & Oracle Linux News' started by bassie, Jan 2, 2018.

  1. bassie

    bassie Active Member

    905
    216
    43
    Apr 29, 2016
    Ratings:
    +639
    Local Time:
    3:59 AM
    Happy new year starts with a gift.

    ECDSA could get faster.
    As can be read here OpenSSL - OpenSSL ECDSA Performance improvements
    An improvement of 30-40% is possible (depending on the hardware).

    Backport patch to improve ECDSA sign 30-40% at OpenSSL 1.1
    openssl-1.1/OpenSSL1.1h-improve-ECDSA-sign-30-40%.patch · openssl-patch · buik / openssl · GitLab

    With this backport patch, OpenSSL 1.1 will have to be able to do the same.


    I am not active in software development, this is pure mathematics and algorithmics.
    The goal is twofold.

    First and foremost nothing more or less than that I have had fun, as this contribution is purely out of interest.
    Second. Freedom happiness. Do what you want with the patch.
    It is freely available at GitLab.
     
    • Informative Informative x 2
  2. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Thanks @bassie for sharing.. definitely will check this out :)

    this patch is against OpenSSL 1.1.0 master branch or 1.1.0g ?
     
  3. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    On OVH Core i7 4790K 4C/8T server with CentOS 7.4 64bit and Centmin Mod 123.09beta01 LEMP stack

    With patch resulted in 43.4% faster ECDSA signs/s and 15.4% faster ECDSA verify/s :cool:

    OpenSSL 1.1.0g rsa 2048 signs/s rsa 2048 verify/s ecdsa 256bit signs/s ecdsa 256bit verify/s
    before patch 8278.4 181818.2 121212.1 43450.5
    after patch 8299.9 181818.2 173813.0 50157.2


    before ECDSA OpenSSL 1.1.0g backported patch
    Code (Text):
    openssl speed -multi 8 rsa2048 ecdsap256
    OpenSSL 1.1.0g  2 Nov 2017
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/openssl\"" -DENGINESDIR="\"/opt/openssl/lib/engines-1.1\""  -Wa,--noexecstack
                     sign    verify    sign/s verify/s
    rsa 2048 bits 0.000121s 0.000005s   8278.4 181818.2
                                 sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s 121212.1  43450.5
    

    after patch
    Code (Text):
    openssl speed -multi 8 rsa2048 ecdsap256
    OpenSSL 1.1.0g  2 Nov 2017
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/openssl\"" -DENGINESDIR="\"/opt/openssl/lib/engines-1.1\""  -Wa,--noexecstack
                     sign    verify    sign/s verify/s
    rsa 2048 bits 0.000120s 0.000005s   8299.9 181818.2
                                 sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s 173913.0  50157.2
    
     
  4. bassie

    bassie Active Member

    905
    216
    43
    Apr 29, 2016
    Ratings:
    +639
    Local Time:
    3:59 AM
    Nice benchmark :)
     
    • Like Like x 1
  5. bassie

    bassie Active Member

    905
    216
    43
    Apr 29, 2016
    Ratings:
    +639
    Local Time:
    3:59 AM
    [UPDATE]Patch has been updated to today's upstream code, January 5th.
    The patch has also been restructured.

    Backport patch update 30-40% ECDSA performance improvement - OpenSSL 1.1

    Changelog [PATCH] OpenSSL1.1g - 30-40% ECDSA performance improvement
    * Fri, 5 Jan 2018 20:45:22 +0100
    - Rebuilt to host the new upstream code (5 Jan 2018).

    ECDSA performance improvements using an old i3:

    Code:
                                  sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s  56444.1  24023.7
    
                                  sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s  81862.6  27645.4
     
    • Informative Informative x 1
  6. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    thanks for the update :D

    looks good enabling optional ECDSA and ECDHX 25519 performance patches via persistent config file /etc/centminmod/custom_config.inc set variables PRIOR to centmin.sh menu option 4 runs
    Code (Text):
    OPENSSLECDSA_PATCH='y'
    OPENSSLECDHX_PATCH='y'
    

    at end of nginx update runs via centmin.sh menu option 4 should get a list of log files for the run and one is log file for openssl patches
    Code (Text):
    log files saved at /root/centminlogs
    -rw-r--r--  1 root root 1.6K Jan  5 06:57 patch_opensslpatches_050118-065726.log
    -rw-r--r--  1 root root   44 Jan  5 06:58 centminmod_opensslinstalltime_050118-065726.log
    -rw-r--r--  1 root root    8 Jan  5 06:58 patch_patchnginx_050118-065726.log
    -rw-r--r--  1 root root 1.6K Jan  5 06:58 nginx-configure-050118-065726.log
    -rw-r--r--  1 root root  26K Jan  5 06:59 nginx_autoconf.err.050118-065726.log
    -rw-r--r--  1 root root 2.8M Jan  5 06:59 centminmod_123.09beta01.b011_050118-065726_nginx_upgrade.log
    
    *************************************************
    * nginx updated
    *************************************************
       _   _         _                _   _             _         _             _ 
      | \ | |  __ _ (_) _ __  __  __ | | | | _ __    __| |  __ _ | |_  ___   __| |
      |  \| | / _` || || '_ \ \ \/ / | | | || '_ \  / _` | / _` || __|/ _ \ / _` |
      | |\  || (_| || || | | | >  <  | |_| || |_) || (_| || (_| || |_|  __/| (_| |
      |_| \_| \__, ||_||_| |_|/_/\_\  \___/ | .__/  \__,_| \__,_| \__|\___| \__,_|
              |___/                         |_|                                   
    
    Total Nginx Upgrade Time: 99.531088158 seconds at /root/centminlogs/patch_opensslpatches_050118-065726.log
    

    contents of log
    Code (Text):
    cat /root/centminlogs/patch_opensslpatches_050118-065726.log
    
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    30-40% performance improvement patch for ECDSA
    https://community.centminmod.com/posts/57725/
    ######################################################################
    /svr-setup/openssl-1.1.0g /svr-setup/openssl-1.1.0g
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    patching file crypto/ec/ec_err.c
    patching file crypto/ec/ec_lcl.h
    patching file crypto/ec/ec_lib.c
    patching file crypto/ec/ecdsa_ossl.c
    patching file crypto/ec/ecp_nistz256.c
    patching file crypto/perlasm/x86_64-xlate.pl
    patching file include/openssl/ec.h
    patch unexpectedly ends in middle of line
    Hunk #1 succeeded at 1389 with fuzz 1.
    /svr-setup/openssl-1.1.0g
    
    
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    ECDHX 25519 performance patch
    https://community.centminmod.com/posts/57726/
    ######################################################################
    /svr-setup/openssl-1.1.0g /svr-setup/openssl-1.1.0g
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-double-performance-ecdhx-25519.patch
    patching file crypto/ec/curve25519.c
    /svr-setup/openssl-1.1.0g
    
    
     
  7. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    retesting openssl 1.1.0g after latest Kernel KPTI patch fixes to see impact on performance

    Code (Text):
    OpenSSL 1.1.0g  2 Nov 2017
    built on: reproducible build, date unspecified
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
    compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/openssl\"" -DENGINESDIR="\"/opt/openssl/lib/engines-1.1\""  -Wa,--noexecstack
                      sign    verify    sign/s verify/s
    rsa 2048 bits 0.000120s 0.000005s   8300.9 181818.2
                                  sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s 170212.8  50000.0
    


    OpenSSL 1.1.0g rsa 2048 signs/s rsa 2048 verify/s ecdsa 256bit signs/s ecdsa 256bit verify/s
    before cloudflare patch 8278.4 181818.2 121212.1 43450.5
    after cloudflare patch 8299.9 181818.2 173813.0 50157.2
    cloudflare + kernel KPTI patch 8300.9 181818.2 170212.8 50000.0
     
  8. bassie

    bassie Active Member

    905
    216
    43
    Apr 29, 2016
    Ratings:
    +639
    Local Time:
    3:59 AM
    • Informative Informative x 1
  9. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    much appreciated.. updated in 123.09beta01 now :D
     
  10. rdan

    rdan Premium Member Premium Member

    4,244
    1,033
    113
    May 25, 2014
    Ratings:
    +1,481
    Local Time:
    9:59 AM
    Mainline
    10.2
    So to enable this I need to set:
    Code:
    OPENSSLECDSA_PATCH='y'
    OPENSSLECDHX_PATCH='y'
    LIBRESSL_SWITCH='n'
    
    That's all?
     
  11. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yup set via persistent config file /etc/centminmod/custom_config.inc set variables PRIOR to centmin.sh menu option 4 runs
     
    • Informative Informative x 1
  12. rdan

    rdan Premium Member Premium Member

    4,244
    1,033
    113
    May 25, 2014
    Ratings:
    +1,481
    Local Time:
    9:59 AM
    Mainline
    10.2
    No 1.0.2n support? :)
     
  13. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    patch is only for 1.1.0g
     
    • Like Like x 1
  14. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    looks like patch doesn't work with OpenSSL 1.1.1-pre1 but luckily 123.09beta01 only patches with OpenSSL 1.1.0g right now
    Code (Text):
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    Reversed (or previously applied) patch detected!  Assume -R? [n]
    Apply anyway? [n]
    Skipping patch.
    3 out of 3 hunks ignored -- saving rejects to file crypto/ec/asm/ecp_nistz256-armv8.pl.rej
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    Hunk #1 FAILED at 1.
    Hunk #2 FAILED at 115.
    Hunk #3 FAILED at 131.
    Hunk #4 FAILED at 165.
    Hunk #5 FAILED at 176.
    Hunk #6 FAILED at 225.
    Hunk #7 FAILED at 236.
    Hunk #8 FAILED at 291.
    Hunk #9 FAILED at 302.
    Hunk #10 FAILED at 337.
    Hunk #11 FAILED at 348.
    Hunk #12 FAILED at 374.
    Hunk #13 FAILED at 470.
    Hunk #14 FAILED at 478.
    Hunk #15 FAILED at 515.
    Hunk #16 FAILED at 611.
    Hunk #17 FAILED at 658.
    Hunk #18 FAILED at 705.
    Hunk #19 FAILED at 718.
    Hunk #20 FAILED at 751.
    Hunk #21 FAILED at 758.
    Hunk #22 FAILED at 791.
    Hunk #23 FAILED at 1278.
    Hunk #24 FAILED at 1360.
    Hunk #25 FAILED at 1488.
    Hunk #26 FAILED at 1593.
    Hunk #27 FAILED at 1617.
    Hunk #28 FAILED at 1694.
    Hunk #29 FAILED at 1721.
    Hunk #30 FAILED at 1814.
    Hunk #31 FAILED at 2022.
    Hunk #32 FAILED at 2038.
    Hunk #33 FAILED at 2114.
    Hunk #34 FAILED at 2203.
    Hunk #35 FAILED at 2219.
    Hunk #36 FAILED at 2252.
    Hunk #37 FAILED at 2268.
    Hunk #38 FAILED at 2587.
    Hunk #39 FAILED at 2619.
    Hunk #40 FAILED at 2635.
    Hunk #41 FAILED at 2890.
    Hunk #42 FAILED at 3048.
    42 out of 42 hunks FAILED -- saving rejects to file crypto/ec/asm/ecp_nistz256-x86_64.pl.rej
    patching file crypto/ec/ec_err.c
    Hunk #1 FAILED at 46.
    1 out of 1 hunk FAILED -- saving rejects to file crypto/ec/ec_err.c.rej
    patching file crypto/ec/ec_lcl.h
    Reversed (or previously applied) patch detected!  Assume -R? [n]
    Apply anyway? [n]
    Skipping patch.
    3 out of 3 hunks ignored -- saving rejects to file crypto/ec/ec_lcl.h.rej
    patching file crypto/ec/ec_lib.c
    Reversed (or previously applied) patch detected!  Assume -R? [n]
    Apply anyway? [n]
    Skipping patch.
    3 out of 3 hunks ignored -- saving rejects to file crypto/ec/ec_lib.c.rej
    patching file crypto/ec/ecdsa_ossl.c
    Reversed (or previously applied) patch detected!  Assume -R? [n]
    Apply anyway? [n]
    Skipping patch.
    2 out of 2 hunks ignored -- saving rejects to file crypto/ec/ecdsa_ossl.c.rej
    patching file crypto/ec/ecp_nistz256.c
    Hunk #1 FAILED at 1.
    Hunk #2 FAILED at 29.
    Hunk #3 FAILED at 916.
    Hunk #4 succeeded at 1680 with fuzz 2 (offset 177 lines).
    Hunk #5 FAILED at 1735.
    4 out of 5 hunks FAILED -- saving rejects to file crypto/ec/ecp_nistz256.c.rej
    patching file crypto/perlasm/x86_64-xlate.pl
    Reversed (or previously applied) patch detected!  Assume -R? [n]
    Apply anyway? [n]
    Skipping patch.
    25 out of 25 hunks ignored -- saving rejects to file crypto/perlasm/x86_64-xlate.pl.rej
    patching file include/openssl/ec.h
    patch unexpectedly ends in middle of line
    Hunk #1 FAILED at 1389.
    1 out of 1 hunk FAILED -- saving rejects to file include/openssl/ec.h.rej
    patch failed, revert patch /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
     
  15. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  16. bassie

    bassie Active Member

    905
    216
    43
    Apr 29, 2016
    Ratings:
    +639
    Local Time:
    3:59 AM
    • Like Like x 1
  17. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Exciting times with OpenSSL 1.1.1. LibreSSL is falling further behind with each day !
     
  18. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Let's compare OpenSSL 1.1.1-pre1 with integrated ECDSA performance patch with OpenSSL 1.1.0g with and without the ECDSA performance patch. Can confirm OpenSSL 1.1.1-pre1 natively added the ECDSA performance patch :D
    Code (Text):
    OpenSSL 1.1.1-pre1 (alpha) 13 Feb 2018
    built on: Tue Feb 20 18:52:21 2018 UTC
    options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) 
    compiler: ccache gcc -Wall -O3 -pthread -m64 -Wa,--noexecstack -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSL_USE_NODELETE -DL_ENDIAN
                      sign    verify    sign/s verify/s
    rsa 2048 bits 0.000119s 0.000006s   8374.2 180585.7
                                  sign    verify    sign/s verify/s
     256 bit ecdsa (nistp256)   0.0000s   0.0000s 172068.6  50028.8
    


    OpenSSL 1.1.0g vs 1.1.1-pre1 rsa 2048 signs/s rsa 2048 verify/s ecdsa 256bit signs/s ecdsa 256bit verify/s
    OpenSSL 1.1.0g before cloudflare patch 8278.4 181818.2 121212.1 43450.5
    OpenSSL 1.1.0g after cloudflare patch 8299.9 181818.2 173813.0 50157.2
    OpenSSL 1.1.0g after cloudflare + kernel KPTI patch 8300.9 181818.2 170212.8 50000.0
    OpenSSL 1.1.1-pre1 after cloudflare + kernel KPTI patch 8374.2 180585.7 172068.6 50028.8
     
  19. eva2000

    eva2000 Administrator Staff Member

    35,618
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,092
    Local Time:
    11:59 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    looks like patch needs an update for OpenSSL 1.1.0i :)

    Code (Text):
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1h-improve-ECDSA-sign-30-40.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    Hunk #1 FAILED at 22.
    Hunk #2 FAILED at 109.
    Hunk #3 FAILED at 1309.
    3 out of 3 hunks FAILED -- saving rejects to file crypto/ec/asm/ecp_nistz256-armv8.pl.rej
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    Hunk #1 FAILED at 1.
    Hunk #3 FAILED at 137.
    Hunk #4 FAILED at 171.
    Hunk #5 FAILED at 182.
    Hunk #6 FAILED at 231.
    Hunk #7 FAILED at 242.
    Hunk #8 FAILED at 297.
    Hunk #9 FAILED at 308.
    Hunk #10 FAILED at 343.
    Hunk #11 FAILED at 354.
    Hunk #12 FAILED at 380.
    Hunk #13 succeeded at 476 with fuzz 2.
    Hunk #14 FAILED at 485.
    Hunk #15 FAILED at 522.
    Hunk #16 FAILED at 618.
    Hunk #17 FAILED at 665.
    Hunk #18 FAILED at 712.
    Hunk #19 FAILED at 725.
    Hunk #20 succeeded at 758 with fuzz 2.
    Hunk #21 FAILED at 766.
    Hunk #22 FAILED at 799.
    Hunk #23 FAILED at 1286.
    Hunk #24 FAILED at 1368.
    Hunk #25 FAILED at 1496.
    Hunk #26 FAILED at 1601.
    Hunk #27 FAILED at 1625.
    Hunk #28 FAILED at 1702.
    Hunk #29 FAILED at 1729.
    Hunk #30 FAILED at 1822.
    Hunk #31 succeeded at 2030 with fuzz 2.
    Hunk #32 FAILED at 2047.
    Hunk #33 FAILED at 2123.
    Hunk #34 FAILED at 2212.
    Hunk #35 FAILED at 2228.
    Hunk #36 succeeded at 2261 with fuzz 2.
    Hunk #37 FAILED at 2278.
    Hunk #38 FAILED at 2597.
    Hunk #39 succeeded at 2629 with fuzz 2.
    Hunk #40 FAILED at 2646.
    Hunk #41 FAILED at 2901.
    Hunk #42 FAILED at 3059.
    36 out of 42 hunks FAILED -- saving rejects to file crypto/ec/asm/ecp_nistz256-x86_64.pl.rej
    patching file crypto/ec/ec_err.c
    patching file crypto/ec/ec_lcl.h
    Hunk #2 succeeded at 553 (offset 16 lines).
    Hunk #3 succeeded at 629 (offset 16 lines).
    patching file crypto/ec/ec_lib.c
    Hunk #1 succeeded at 257 (offset 1 line).
    Hunk #2 succeeded at 964 (offset 5 lines).
    Hunk #3 succeeded at 1009 (offset 5 lines).
    patching file crypto/ec/ecdsa_ossl.c
    Hunk #1 succeeded at 144 with fuzz 2 (offset -9 lines).
    patching file crypto/ec/ecp_nistz256.c
    Hunk #1 FAILED at 1.
    Hunk #4 succeeded at 1488 (offset -16 lines).
    Hunk #5 succeeded at 1720 (offset -16 lines).
    1 out of 5 hunks FAILED -- saving rejects to file crypto/ec/ecp_nistz256.c.rej
    patching file crypto/perlasm/x86_64-xlate.pl
    Hunk #1 FAILED at 51.
    Hunk #2 FAILED at 100.
    Hunk #3 FAILED at 130.
    Hunk #4 FAILED at 151.
    Hunk #5 FAILED at 178.
    Hunk #6 FAILED at 224.
    Hunk #7 FAILED at 276.
    Hunk #8 FAILED at 285.
    Hunk #9 FAILED at 309.
    Hunk #10 FAILED at 331.
    Hunk #11 FAILED at 358.
    Hunk #12 FAILED at 383.
    Hunk #13 FAILED at 458.
    Hunk #14 FAILED at 482.
    Hunk #15 FAILED at 647.
    Hunk #16 FAILED at 657.
    Hunk #18 FAILED at 702.
    Hunk #20 succeeded at 868 with fuzz 1.
    Hunk #21 FAILED at 904.
    Hunk #22 FAILED at 982.
    Hunk #23 FAILED at 1063.
    Hunk #24 FAILED at 1075.
    Hunk #25 FAILED at 1171.
    22 out of 25 hunks FAILED -- saving rejects to file crypto/perlasm/x86_64-xlate.pl.rej
    patching file include/openssl/ec.h
    patch failed, revert patch /usr/local/src/centminmod/patches/openssl/OpenSSL1.1h-improve-ECDSA-sign-30-40.patch
    
     
  20. bassie

    bassie Active Member

    905
    216
    43
    Apr 29, 2016
    Ratings:
    +639
    Local Time:
    3:59 AM
    Could you please test this test patch as i am not using OpenSSL anymore.
    openssl-1.1/OpenSSL1.1i-improve-ECDSA-sign-30-40_.patch · openssl-patch · buik / openssl · GitLab

    Code:
    [[email protected] openssl-1.1.0i]$ patch -p1 -b < /home/build/rpmbuild/diff/a/test.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    patching file crypto/ec/ec_err.c
    patching file crypto/ec/ec_lcl.h
    Hunk #2 succeeded at 553 (offset 16 lines).
    Hunk #3 succeeded at 629 (offset 16 lines).
    patching file crypto/ec/ec_lib.c
    Hunk #1 succeeded at 257 (offset 1 line).
    Hunk #2 succeeded at 964 (offset 5 lines).
    Hunk #3 succeeded at 1009 (offset 5 lines).
    patching file crypto/ec/ecdsa_ossl.c
    Hunk #1 succeeded at 144 with fuzz 2 (offset -9 lines).
    patching file crypto/ec/ecp_nistz256.c
    Hunk #3 succeeded at 1488 (offset -16 lines).
    Hunk #4 succeeded at 1720 (offset -16 lines).
    patching file crypto/perlasm/x86_64-xlate.pl
    patching file include/openssl/ec.h
    [[email protected] openssl-1.1.0i]$
    
    
     
..