Add "enable-ec_nistp_64_gcc_128" variant to openssl?

[jlg89]

The need for accelerated NIST P-224 and P-256 encryption support is growing. Would it be possible to add the "enable-ec_nistp_64_gcc_128" configure option as a variant to the openssl port?

[mf2k (Frank Schima)]

In the future, please Cc the port maintainers (port info --maintainers openssl).

[jmroot (Joshua Root)]

No need for a variant I would think, better to just enable it always on x86_64?

[jmroot (Joshua Root)]

Some things to note:

• this requires __uint128_t, which is not available in gcc < 4.4
• the code is under a different license (Apache 2.0) to the rest of openssl, which messes up our license checking for GPL + openssl exception

So maybe a variant isn’t a bad idea after all.

[jul_bsd@…]

Cc Me!

[jul_bsd@…]

• patch with variant. don't know how to restrict to gcc>=4.4
• destroot ok
• add as default: to confirm to be safe and improve performances

[vergus@…]

Cc Me!

[neverpanic (Clemens Lang)]

Debian always enables this on amd64 machines, and so should we, I think. Debian doesn't seem to care about the license difference, so they apparently assume it's compatible with the OpenSSL license terms.

I think we should enable this for all machines that support __uint128_t; should we just check $build_arch for x86_64 and enable it for this architecture?

I also don't understand why the patch adds the variant to the default variants if it is already enabled.

Larry, what do you think?