Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 19 Sep 2016 11:35:59 +0200
From:      Franco Fichtner <franco@lastsummer.de>
To:        Dirk Meyer <dirk.meyer@dinoex.sub.org>
Cc:        freebsd-ports <freebsd-ports@freebsd.org>
Subject:   Re: OpenSSL port ASM removal
Message-ID:  <C53200E7-D8BC-498F-A1EB-4006C55BF69D@lastsummer.de>
In-Reply-To: <k%2BlbJAUOvG@dmeyer.dinoex.sub.org>
References:  <71AF3315-6CB0-469D-A289-780C286A2D21@lastsummer.de> <k%2BlbJAUOvG@dmeyer.dinoex.sub.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Dirk,

> On 19 Sep 2016, at 11:22 AM, Dirk Meyer <dirk.meyer@dinoex.sub.org> wrote:
> 
>> ASM support for OpenSSL is missing from the port now,
>> which is kind of unfortunate for two reasons:
>> (a) FreeBSD base (at least for i386 and amd64) has it.
>> (b) ASM is required for AESNI to work last time I checked.
>> Why was it removed? It's not clear from the commit message.
> 
> Users with asm option enabled on amd64 have reported
> random segfaults in many ssl applications.
> 
> They confirmed that disabling asm option fixed their problems.
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210859

This leads to even more questions:

1. Why is a non-default option removed that breaks for "some"
users?  We have thousands of OPNsense users that successfully
run it since October 2015.  Not one single segfault report.

https://github.com/opnsense/tools/commit/e344cfc35e6

2. What is the upstream-supported trigger for enabling AESNI
code in OpenSSL?  Or is AESNI support unaffected?

3. Is AESNI support considered a must-have feature for the
OpenSSL port in FreeBSD or not?  How about base OpenSSL?  And
how does this affect the plans to switch to OpenSSL from ports
by default that would potentially strip AESNI support from all
ports relying on it at the moment?


Cheers,
Franco



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C53200E7-D8BC-498F-A1EB-4006C55BF69D>