Date: Sat, 22 Apr 2017 17:26:14 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 218815] security/openssl-devel doesn't run correctly during encryption/decryption use Message-ID: <bug-218815-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D218815 Bug ID: 218815 Summary: security/openssl-devel doesn't run correctly during encryption/decryption use Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: brnrd@freebsd.org Reporter: dewayne@heuristicsystems.com.au Assignee: brnrd@freebsd.org Flags: maintainer-feedback?(brnrd@freebsd.org) Doesn't run correctly - vague title I'm sorry. Basically this is the problem. dd if=3D/dev/zero bs=3D8m count=3D64 | openssl enc -e -aes-256-cbc -pass pa= ss:fred | openssl enc -d -aes-256-cbc -pass pass:fred | dd of=3D/dev/null takes longer than the expected sub-2 seconds. After 2 minutes I ^c. Background I'm having a few problems with libressl on amd64 (latest FreeBSD 11.0Stable= ).=20 Due to deadline I need to update vulnerable ports, hence the need to consid= er openssl-devel (primarily for the chacha cipher). Testing So step 1. Check performance of=20 openssl speed md5 aes-256-cbc (i386 jail on amd64 base, expected to be slow= er) OpenSSL 1.0.2k 26 Jan 2017 type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 byt= es md5 33310.31k 101690.17k 225189.68k 325980.15k 374042.= 04k aes-256 cbc 100778.51k 108379.29k 110181.76k 110869.89k 110494.= 38k dd if=3D/dev/zero bs=3D8m count=3D64 | openssl enc -e -aes-256-cbc -pass pa= ss:fred | openssl enc -d -aes-256-cbc -pass pass:fred | dd of=3D/dev/null 536870912 bytes transferred in 1.978219 secs (271391044 bytes/sec) 536870912 bytes transferred in 1.978499 secs (271352608 bytes/sec) Compare against existing libressl (amd64) openssl version; openssl speed md5 aes-256-cbc LibreSSL 2.4.5 The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 byt= es md5 42508.63k 140502.95k 320085.21k 473776.60k 550627.= 68k aes-256 cbc 81890.66k 87571.86k 89172.71k 89595.03k 89826.= 19k hathor# dd if=3D/dev/zero bs=3D8m count=3D64 | openssl enc -e -aes-256-cbc = -pass pass:fred | openssl enc -d -aes-256-cbc -pass pass:fred | dd of=3D/dev/null 536870912 bytes transferred in 1.691704 secs (317355170 bytes/sec) 536870912 bytes transferred in 1.691909 secs (317316725 bytes/sec) Step 2 Build openssl-devel and compare, first on the amd64 then i386. I've left more information in this. OpenSSL 1.1.0e 16 Feb 2017 built on: reproducible build, date unspecified options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr) compiler: /usr/local/libexec/ccache/cc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_S= SE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_A= SM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES= _ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR=3D"\"/usr/local/openssl\"" -DENGINESDIR=3D"\"/usr/local/lib/engines-1.1\"" The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 byt= es=20 16384 bytes md5 79251.15k 223127.65k 407711.12k 513011.04k 553732.= 56k=20 555582.29k aes-256 cbc 79520.54k 85543.12k 86719.75k 87328.00k 87522.= 05k=20 87346.92k dd if=3D/dev/zero bs=3D8m count=3D64 | openssl enc -e -aes-256-cbc -pass pa= ss:fred | openssl enc -d -aes-256-cbc -pass pass:fred | dd of=3D/dev/null Hmm ^t load: 2.34 cmd: openssl 22223 [running] 170.60r 26.77u 143.66s 100% 5588k 550825+0 records in 550825+0 records out 282022400 bytes transferred in 170.607199 secs (1653051 bytes/sec) 34+0 records in 33+2 records out 285212672 bytes transferred in 172.487025 secs (1653531 bytes/sec) Well. That's a little outside tolerance... Hence the title. It does build and does run, but...unsuccessfully.=20=20 Ok so I methodically removed the defaults: asm, sse2, threads. Each default option was removed, the package rebuilt and reinstalled (first asm, then asm and sse2...). Same problem. Out of "options" and ideas :( --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-218815-13>