From owner-freebsd-ports@freebsd.org  Mon Sep 19 09:36:04 2016
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 695C5BDFA4E
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Mon, 19 Sep 2016 09:36:04 +0000 (UTC)
 (envelope-from franco@lastsummer.de)
Received: from host64.shmhost.net (host64.kissl.de [213.239.241.64])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 31DB8FC7
 for <freebsd-ports@freebsd.org>; Mon, 19 Sep 2016 09:36:03 +0000 (UTC)
 (envelope-from franco@lastsummer.de)
Received: from francos-mbp.homeoffice.local
 (ipservice-092-208-160-166.092.208.pools.vodafone-ip.de [92.208.160.166])
 by host64.shmhost.net (Postfix) with ESMTPSA id 5E6A880E45;
 Mon, 19 Sep 2016 11:36:00 +0200 (CEST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: OpenSSL port ASM removal
From: Franco Fichtner <franco@lastsummer.de>
In-Reply-To: <k+lbJAUOvG@dmeyer.dinoex.sub.org>
Date: Mon, 19 Sep 2016 11:35:59 +0200
Cc: freebsd-ports <freebsd-ports@freebsd.org>
Content-Transfer-Encoding: 7bit
Message-Id: <C53200E7-D8BC-498F-A1EB-4006C55BF69D@lastsummer.de>
References: <71AF3315-6CB0-469D-A289-780C286A2D21@lastsummer.de>
 <k+lbJAUOvG@dmeyer.dinoex.sub.org>
To: Dirk Meyer <dirk.meyer@dinoex.sub.org>
X-Mailer: Apple Mail (2.3124)
X-Virus-Scanned: clamav-milter 0.99.2 at host64.shmhost.net
X-Virus-Status: Clean
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Sep 2016 09:36:04 -0000

Hi Dirk,

> On 19 Sep 2016, at 11:22 AM, Dirk Meyer <dirk.meyer@dinoex.sub.org> wrote:
> 
>> ASM support for OpenSSL is missing from the port now,
>> which is kind of unfortunate for two reasons:
>> (a) FreeBSD base (at least for i386 and amd64) has it.
>> (b) ASM is required for AESNI to work last time I checked.
>> Why was it removed? It's not clear from the commit message.
> 
> Users with asm option enabled on amd64 have reported
> random segfaults in many ssl applications.
> 
> They confirmed that disabling asm option fixed their problems.
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210859

This leads to even more questions:

1. Why is a non-default option removed that breaks for "some"
users?  We have thousands of OPNsense users that successfully
run it since October 2015.  Not one single segfault report.

https://github.com/opnsense/tools/commit/e344cfc35e6

2. What is the upstream-supported trigger for enabling AESNI
code in OpenSSL?  Or is AESNI support unaffected?

3. Is AESNI support considered a must-have feature for the
OpenSSL port in FreeBSD or not?  How about base OpenSSL?  And
how does this affect the plans to switch to OpenSSL from ports
by default that would potentially strip AESNI support from all
ports relying on it at the moment?


Cheers,
Franco