NetBSD Problem Report #58414
From christos@astron.com Wed Jul 10 22:23:25 2024
Return-Path: <christos@astron.com>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id EB31D1A9238
for <gnats-bugs@gnats.NetBSD.org>; Wed, 10 Jul 2024 22:23:24 +0000 (UTC)
Message-Id: <20240710210541.BE7566C28D@quasar.astron.com>
Date: Wed, 10 Jul 2024 21:05:41 +0000 (UTC)
From: christos@astron.com
Reply-To: christos@astron.com
To: gnats-bugs@NetBSD.org
Subject: OpenSSL does not use assembly versions.
X-Send-Pr-Version: 3.95
>Number: 58414
>Category: lib
>Synopsis: OpenSSL does not use assembly versions.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jul 10 22:25:00 +0000 2024
>Last-Modified: Mon Jul 15 06:35:02 +0000 2024
>Originator: Christos Zoulas
>Release: NetBSD 10.99.11
>Organization:
Slow but correct, Inc.
>Environment:
System: NetBSD quasar.astron.com 10.99.11 NetBSD 10.99.11 (QUASAR) #6: Wed Jul 10 03:34:01 EDT 2024 christos@quasar.astron.com:/usr/src/sys/arch/amd64/compile/QUASAR amd64
Architecture: x86_64
Machine: amd64
>Description:
OpenSSL does not use aes assembly code anymore making it 10x slow.
[at list on x86_64]
>How-To-Repeat:
Compare the openssl stock build against the in-tree one
$ openssl speed aes-256-cbc
>Fix:
From uwe:
Index: lib/libcrypto/Makefile
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libcrypto/Makefile,v
retrieving revision 1.35
diff -u -p -u -r1.35 Makefile
--- lib/libcrypto/Makefile 28 Jun 2024 21:59:18 -0000 1.35
+++ lib/libcrypto/Makefile 10 Jul 2024 21:04:57 -0000
@@ -43,6 +43,7 @@ OPENSSLINC= ${OPENSSLSRC}/include/openss
CPPFLAGS+= -I${.CURDIR}/../libdefault
CPPFLAGS+= -I${OPENSSLSRC}/providers/common/include
CPPFLAGS+= -I${OPENSSLSRC}/providers/implementations/include
+CPPFLAGS+= ${AESCPPFLAGS}
.PATH: ${.CURDIR}/../libdefault
.include "${.CURDIR}/../libcommon/srcs.inc"
.PATH: ${.CURDIR}/../libcommon
Index: lib/libcrypto/arch/x86_64/sha.inc
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/sha.inc,v
retrieving revision 1.4
diff -u -p -u -r1.4 sha.inc
--- lib/libcrypto/arch/x86_64/sha.inc 25 May 2023 15:52:29 -0000 1.4
+++ lib/libcrypto/arch/x86_64/sha.inc 10 Jul 2024 21:04:57 -0000
@@ -2,7 +2,7 @@
SHA_SRCS = sha1-x86_64.S sha1-mb-x86_64.S keccak1600-x86_64.S
SHACPPFLAGS = -DSHA1_ASM -DKECCAK1600_ASM
KECCAKNI = yes
-.if 0
+.if 1
SHA_SRCS += sha512-x86_64.S sha256-mb-x86_64.S
SHACPPFLAGS+= -DSHA256_ASM -DSHA512_ASM
.endif
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->lib-bug-people
Responsible-Changed-By: dholland@NetBSD.org
Responsible-Changed-When: Thu, 11 Jul 2024 02:28:35 +0000
Responsible-Changed-Why:
Fix up busted PR
From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: lib/58414: OpenSSL does not use assembly versions.
Date: Thu, 11 Jul 2024 06:54:47 +0200
Here is a less intrusive patch:
Index: dist/crypto/evp/e_camellia.c
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssl/dist/crypto/evp/e_camellia.c,v
retrieving revision 1.1.1.9
diff -p -u -r1.1.1.9 e_camellia.c
--- dist/crypto/evp/e_camellia.c 7 May 2023 18:29:19 -0000 1.1.1.9
+++ dist/crypto/evp/e_camellia.c 16 Jun 2024 20:55:50 -0000
@@ -43,9 +43,7 @@ typedef struct {
/* Attribute operation for Camellia */
#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
-#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-/* ---------^^^ this is not a typo, just a way to detect that
- * assembler support was in general requested... */
+#if defined(CMLL_ASM) && (defined(__sparc) || defined(__sparc__))
# include "crypto/sparc_arch.h"
static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
Index: lib/libcrypto/evp.inc
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libcrypto/evp.inc,v
retrieving revision 1.11
diff -p -u -r1.11 evp.inc
--- lib/libcrypto/evp.inc 6 May 2023 17:07:23 -0000 1.11
+++ lib/libcrypto/evp.inc 16 Jun 2024 20:55:51 -0000
@@ -87,5 +87,5 @@ signature.c \
SRCS += ${EVP_SRCS}
.for cryptosrc in ${EVP_SRCS}
-CPPFLAGS.${cryptosrc} += -I${OPENSSLSRC}/crypto/evp ${EVPCPPFLAGS}
+CPPFLAGS.${cryptosrc} += -I${OPENSSLSRC}/crypto/evp ${EVPCPPFLAGS} ${AESCPPFLAGS}
.endfor
Index: lib/libcrypto/arch/sparc64/des.inc
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc64/des.inc,v
retrieving revision 1.2
diff -p -u -r1.2 des.inc
--- lib/libcrypto/arch/sparc64/des.inc 2 Mar 2014 08:58:02 -0000 1.2
+++ lib/libcrypto/arch/sparc64/des.inc 16 Jun 2024 20:55:51 -0000
@@ -1,7 +1,7 @@
# $NetBSD: des.inc,v 1.2 2014/03/02 08:58:02 nakayama Exp $
.PATH.S: ${.PARSEDIR}
-DES_SRCS = des_enc-sparc.S fcrypt_b.c
-CPPFLAGS+= -DDES_RISC2 -DDES_PTR
+DES_SRCS = des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S
+CPPFLAGS+= -DDES_RISC2 -DDES_PTR -DDES_ASM
.include "${.CURDIR}/des.inc"
Index: lib/libcrypto/arch/x86_64/sha.inc
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/sha.inc,v
retrieving revision 1.4
diff -p -u -r1.4 sha.inc
--- lib/libcrypto/arch/x86_64/sha.inc 25 May 2023 15:52:29 -0000 1.4
+++ lib/libcrypto/arch/x86_64/sha.inc 16 Jun 2024 20:55:51 -0000
@@ -2,7 +2,7 @@
SHA_SRCS = sha1-x86_64.S sha1-mb-x86_64.S keccak1600-x86_64.S
SHACPPFLAGS = -DSHA1_ASM -DKECCAK1600_ASM
KECCAKNI = yes
-.if 0
+.if 1
SHA_SRCS += sha512-x86_64.S sha256-mb-x86_64.S
SHACPPFLAGS+= -DSHA256_ASM -DSHA512_ASM
.endif
Index: lib/libdefault/providers_implementations_ciphers.inc
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libdefault/providers_implementations_ciphers.inc,v
retrieving revision 1.1
diff -p -u -r1.1 providers_implementations_ciphers.inc
--- lib/libdefault/providers_implementations_ciphers.inc 6 May 2023 17:07:23 -0000 1.1
+++ lib/libdefault/providers_implementations_ciphers.inc 16 Jun 2024 20:55:51 -0000
@@ -47,5 +47,5 @@ cipher_tdes_wrap_hw.c \
SRCS += ${PROVIDERS_IMPLEMENTATIONS_CIPHERS_SRCS}
.for defaultsrc in ${PROVIDERS_IMPLEMENTATIONS_CIPHERS_SRCS}
-CPPFLAGS.${defaultsrc} += -I${OPENSSLSRC}/providers/implementations/ciphers ${PROVIDERS_IMPLEMENTATIONS_CIPHERSCPPFLAGS}
+CPPFLAGS.${defaultsrc} += -I${OPENSSLSRC}/providers/implementations/ciphers ${PROVIDERS_IMPLEMENTATIONS_CIPHERSCPPFLAGS} ${AESCPPFLAGS}
.endfor
--
Michael van Elst
Internet: mlelstv@serpens.de
"A potential Snark may lurk in every tree."
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58414 CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto
Date: Mon, 15 Jul 2024 06:34:17 +0000
Module Name: src
Committed By: riastradh
Date: Mon Jul 15 06:34:17 UTC 2024
Modified Files:
src/crypto/external/bsd/openssl/lib/libcrypto: Makefile
src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: sha.inc
Log Message:
openssl: Revert openssl asm enabling, which must not used yet.
They appear to have been christos's local changes for PR 58414
inadvertently mixed up in the openssl man page changes.
This stuff ABSOLUTELY MUST NOT BE ENABLED until the SHA-2 symbol mess
is resolved; see PR 58039 and
https://mail-index.netbsd.org/tech-userlevel/2024/03/17/msg014265.html
for more details.
While here, leave a comment to avoid stepping on this rake again.
The explanation was previously only in the commit message that added
the `.if 0', but it needs to be much more obvious.
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 \
src/crypto/external/bsd/openssl/lib/libcrypto/Makefile
cvs rdiff -u -r1.5 -r1.6 \
src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/sha.inc
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.