NetBSD Problem Report #58414

From christos@astron.com  Wed Jul 10 22:23:25 2024
Return-Path: <christos@astron.com>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id EB31D1A9238
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 10 Jul 2024 22:23:24 +0000 (UTC)
Message-Id: <20240710210541.BE7566C28D@quasar.astron.com>
Date: Wed, 10 Jul 2024 21:05:41 +0000 (UTC)
From: christos@astron.com
Reply-To: christos@astron.com
To: gnats-bugs@NetBSD.org
Subject: OpenSSL does not use assembly versions.
X-Send-Pr-Version: 3.95

>Number:         58414
>Category:       lib
>Synopsis:       OpenSSL does not use assembly versions.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 10 22:25:00 +0000 2024
>Last-Modified:  Mon Jul 15 06:35:02 +0000 2024
>Originator:     Christos Zoulas
>Release:        NetBSD 10.99.11
>Organization:
	Slow but correct, Inc.
>Environment:
System: NetBSD quasar.astron.com 10.99.11 NetBSD 10.99.11 (QUASAR) #6: Wed Jul 10 03:34:01 EDT 2024 christos@quasar.astron.com:/usr/src/sys/arch/amd64/compile/QUASAR amd64
Architecture: x86_64
Machine: amd64
>Description:
	OpenSSL does not use aes assembly code anymore making it 10x slow.
	[at list on x86_64]
>How-To-Repeat:
	Compare the openssl stock build against the in-tree one
	$ openssl speed aes-256-cbc
>Fix:

From uwe:

Index: lib/libcrypto/Makefile
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libcrypto/Makefile,v
retrieving revision 1.35
diff -u -p -u -r1.35 Makefile
--- lib/libcrypto/Makefile      28 Jun 2024 21:59:18 -0000      1.35
+++ lib/libcrypto/Makefile      10 Jul 2024 21:04:57 -0000
@@ -43,6 +43,7 @@ OPENSSLINC=   ${OPENSSLSRC}/include/openss
 CPPFLAGS+= -I${.CURDIR}/../libdefault
 CPPFLAGS+= -I${OPENSSLSRC}/providers/common/include
 CPPFLAGS+= -I${OPENSSLSRC}/providers/implementations/include
+CPPFLAGS+= ${AESCPPFLAGS}
 .PATH: ${.CURDIR}/../libdefault
 .include "${.CURDIR}/../libcommon/srcs.inc"
 .PATH: ${.CURDIR}/../libcommon
Index: lib/libcrypto/arch/x86_64/sha.inc
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/sha.inc,v
retrieving revision 1.4
diff -u -p -u -r1.4 sha.inc
--- lib/libcrypto/arch/x86_64/sha.inc   25 May 2023 15:52:29 -0000      1.4
+++ lib/libcrypto/arch/x86_64/sha.inc   10 Jul 2024 21:04:57 -0000
@@ -2,7 +2,7 @@
 SHA_SRCS = sha1-x86_64.S sha1-mb-x86_64.S keccak1600-x86_64.S
 SHACPPFLAGS = -DSHA1_ASM -DKECCAK1600_ASM
 KECCAKNI = yes
-.if 0
+.if 1
 SHA_SRCS += sha512-x86_64.S sha256-mb-x86_64.S
 SHACPPFLAGS+= -DSHA256_ASM -DSHA512_ASM
 .endif

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: gnats-admin->lib-bug-people
Responsible-Changed-By: dholland@NetBSD.org
Responsible-Changed-When: Thu, 11 Jul 2024 02:28:35 +0000
Responsible-Changed-Why:
Fix up busted PR


From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: lib/58414: OpenSSL does not use assembly versions.
Date: Thu, 11 Jul 2024 06:54:47 +0200

 Here is a less intrusive patch:


 Index: dist/crypto/evp/e_camellia.c
 ===================================================================
 RCS file: /cvsroot/src/crypto/external/bsd/openssl/dist/crypto/evp/e_camellia.c,v
 retrieving revision 1.1.1.9
 diff -p -u -r1.1.1.9 e_camellia.c
 --- dist/crypto/evp/e_camellia.c	7 May 2023 18:29:19 -0000	1.1.1.9
 +++ dist/crypto/evp/e_camellia.c	16 Jun 2024 20:55:50 -0000
 @@ -43,9 +43,7 @@ typedef struct {
  /* Attribute operation for Camellia */
  #define data(ctx)       EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)

 -#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
 -/* ---------^^^ this is not a typo, just a way to detect that
 - * assembler support was in general requested... */
 +#if defined(CMLL_ASM) && (defined(__sparc) || defined(__sparc__))
  # include "crypto/sparc_arch.h"

  static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 Index: lib/libcrypto/evp.inc
 ===================================================================
 RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libcrypto/evp.inc,v
 retrieving revision 1.11
 diff -p -u -r1.11 evp.inc
 --- lib/libcrypto/evp.inc	6 May 2023 17:07:23 -0000	1.11
 +++ lib/libcrypto/evp.inc	16 Jun 2024 20:55:51 -0000
 @@ -87,5 +87,5 @@ signature.c \
  SRCS += ${EVP_SRCS}

  .for cryptosrc in ${EVP_SRCS}
 -CPPFLAGS.${cryptosrc} += -I${OPENSSLSRC}/crypto/evp ${EVPCPPFLAGS}
 +CPPFLAGS.${cryptosrc} += -I${OPENSSLSRC}/crypto/evp ${EVPCPPFLAGS} ${AESCPPFLAGS}
  .endfor
 Index: lib/libcrypto/arch/sparc64/des.inc
 ===================================================================
 RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libcrypto/arch/sparc64/des.inc,v
 retrieving revision 1.2
 diff -p -u -r1.2 des.inc
 --- lib/libcrypto/arch/sparc64/des.inc	2 Mar 2014 08:58:02 -0000	1.2
 +++ lib/libcrypto/arch/sparc64/des.inc	16 Jun 2024 20:55:51 -0000
 @@ -1,7 +1,7 @@
  #	$NetBSD: des.inc,v 1.2 2014/03/02 08:58:02 nakayama Exp $

  .PATH.S: ${.PARSEDIR}
 -DES_SRCS = des_enc-sparc.S fcrypt_b.c
 -CPPFLAGS+=	-DDES_RISC2 -DDES_PTR
 +DES_SRCS = des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S
 +CPPFLAGS+=	-DDES_RISC2 -DDES_PTR -DDES_ASM

  .include "${.CURDIR}/des.inc"
 Index: lib/libcrypto/arch/x86_64/sha.inc
 ===================================================================
 RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/sha.inc,v
 retrieving revision 1.4
 diff -p -u -r1.4 sha.inc
 --- lib/libcrypto/arch/x86_64/sha.inc	25 May 2023 15:52:29 -0000	1.4
 +++ lib/libcrypto/arch/x86_64/sha.inc	16 Jun 2024 20:55:51 -0000
 @@ -2,7 +2,7 @@
  SHA_SRCS = sha1-x86_64.S sha1-mb-x86_64.S keccak1600-x86_64.S
  SHACPPFLAGS = -DSHA1_ASM -DKECCAK1600_ASM
  KECCAKNI = yes
 -.if 0
 +.if 1
  SHA_SRCS += sha512-x86_64.S sha256-mb-x86_64.S
  SHACPPFLAGS+= -DSHA256_ASM -DSHA512_ASM
  .endif
 Index: lib/libdefault/providers_implementations_ciphers.inc
 ===================================================================
 RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libdefault/providers_implementations_ciphers.inc,v
 retrieving revision 1.1
 diff -p -u -r1.1 providers_implementations_ciphers.inc
 --- lib/libdefault/providers_implementations_ciphers.inc	6 May 2023 17:07:23 -0000	1.1
 +++ lib/libdefault/providers_implementations_ciphers.inc	16 Jun 2024 20:55:51 -0000
 @@ -47,5 +47,5 @@ cipher_tdes_wrap_hw.c \
  SRCS += ${PROVIDERS_IMPLEMENTATIONS_CIPHERS_SRCS}

  .for defaultsrc in ${PROVIDERS_IMPLEMENTATIONS_CIPHERS_SRCS}
 -CPPFLAGS.${defaultsrc} += -I${OPENSSLSRC}/providers/implementations/ciphers ${PROVIDERS_IMPLEMENTATIONS_CIPHERSCPPFLAGS}
 +CPPFLAGS.${defaultsrc} += -I${OPENSSLSRC}/providers/implementations/ciphers ${PROVIDERS_IMPLEMENTATIONS_CIPHERSCPPFLAGS} ${AESCPPFLAGS}
  .endfor


 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."

From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/58414 CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto
Date: Mon, 15 Jul 2024 06:34:17 +0000

 Module Name:	src
 Committed By:	riastradh
 Date:		Mon Jul 15 06:34:17 UTC 2024

 Modified Files:
 	src/crypto/external/bsd/openssl/lib/libcrypto: Makefile
 	src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64: sha.inc

 Log Message:
 openssl: Revert openssl asm enabling, which must not used yet.

 They appear to have been christos's local changes for PR 58414
 inadvertently mixed up in the openssl man page changes.

 This stuff ABSOLUTELY MUST NOT BE ENABLED until the SHA-2 symbol mess
 is resolved; see PR 58039 and
 https://mail-index.netbsd.org/tech-userlevel/2024/03/17/msg014265.html
 for more details.

 While here, leave a comment to avoid stepping on this rake again.
 The explanation was previously only in the commit message that added
 the `.if 0', but it needs to be much more obvious.


 To generate a diff of this commit:
 cvs rdiff -u -r1.36 -r1.37 \
     src/crypto/external/bsd/openssl/lib/libcrypto/Makefile
 cvs rdiff -u -r1.5 -r1.6 \
     src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/sha.inc

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.