From owner-freebsd-ports@freebsd.org Mon Sep 19 10:01:18 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B5A2BDFF4E for ; Mon, 19 Sep 2016 10:01:18 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from host64.shmhost.net (unknown [IPv6:2a01:4f8:a0:51d6::108:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1D2C2187D for ; Mon, 19 Sep 2016 10:01:18 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from francos-mbp.homeoffice.local (ipservice-092-208-160-166.092.208.pools.vodafone-ip.de [92.208.160.166]) by host64.shmhost.net (Postfix) with ESMTPSA id 1F37E80E45; Mon, 19 Sep 2016 12:01:16 +0200 (CEST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: OpenSSL port ASM removal From: Franco Fichtner In-Reply-To: Date: Mon, 19 Sep 2016 12:01:15 +0200 Cc: freebsd-ports Content-Transfer-Encoding: quoted-printable Message-Id: <9E14976D-78C4-4C0D-B950-64956A87D982@lastsummer.de> References: <71AF3315-6CB0-469D-A289-780C286A2D21@lastsummer.de> To: Dirk Meyer X-Mailer: Apple Mail (2.3124) X-Virus-Scanned: clamav-milter 0.99.2 at host64.shmhost.net X-Virus-Status: Clean X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2016 10:01:18 -0000 > On 19 Sep 2016, at 11:35 AM, Franco Fichtner = wrote: >=20 > 3. Is AESNI support considered a must-have feature for the > OpenSSL port in FreeBSD or not? How about base OpenSSL? And > how does this affect the plans to switch to OpenSSL from ports > by default that would potentially strip AESNI support from all > ports relying on it at the moment? Some data off a FreeBSD 10.3 with base and ports OpenSSL/LibreSSL. Base OpenSSL and ports LibreSSL are both four times faster than ports OpenSSL in the default configuration for the particular envelope mode. The only fix here was the ASM option. Segfaults in non-OpenSSL code that is OpenSSL-related hints to improper linking/building between OpenSSL from ports and base. I've done parallel builds for OpenSSL and LibreSSL from ports for over a year and this doesn't happen unless there is something stuck in the build system. Please bring it back for the FreeBSD users that rely on AESNI and do not have these problems. Cheers, Franco -- + uname -a FreeBSD sensey64 10.3-RELEASE-p7 FreeBSD 10.3-RELEASE-p7 #0: Thu Aug 11 = 18:38:15 UTC 2016 = root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 + /usr/bin/openssl version OpenSSL 1.0.1s-freebsd 1 Mar 2016 + /usr/bin/openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 130910375 aes-128-cbc's in = 3.01s Doing aes-128-cbc for 3s on 64 size blocks: 35016412 aes-128-cbc's in = 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 8989961 aes-128-cbc's in = 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 2255832 aes-128-cbc's in = 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 281046 aes-128-cbc's in = 3.00s OpenSSL 1.0.1s-freebsd 1 Mar 2016 built on: date not available options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) = idea(int) blowfish(idx)=20 compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 = bytes aes-128-cbc 696375.19k 747016.79k 767143.34k 769990.66k = 767442.94k + pkg query %n-%v openssl openssl-1.0.2_15,1 + /usr/local/bin/openssl version WARNING: can't open config file: /usr/local/openssl/openssl.cnf OpenSSL 1.0.2h 3 May 2016 + /usr/local/bin/openssl speed -evp aes-128-cbc WARNING: can't open config file: /usr/local/openssl/openssl.cnf Doing aes-128-cbc for 3s on 16 size blocks: 31667033 aes-128-cbc's in = 3.01s Doing aes-128-cbc for 3s on 64 size blocks: 8481827 aes-128-cbc's in = 3.04s Doing aes-128-cbc for 3s on 256 size blocks: 2177621 aes-128-cbc's in = 3.09s Doing aes-128-cbc for 3s on 1024 size blocks: 535092 aes-128-cbc's in = 3.03s Doing aes-128-cbc for 3s on 8192 size blocks: 66121 aes-128-cbc's in = 3.02s OpenSSL 1.0.2h 3 May 2016 built on: reproducible build, date unspecified options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) = aes(partial) idea(int) blowfish(idx)=20 compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC = -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN = -DHAVE_DLFCN_H -DL_ENDIAN -O3 -Wall -O2 -pipe -fstack-protector = -fno-strict-aliasing The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 = bytes aes-128-cbc 168452.17k 178619.86k 180192.64k 180761.80k = 179618.90k + pkg query %n-%v libressl libressl-2.4.2 + /usr/local/bin/openssl version LibreSSL 2.4.2 + /usr/local/bin/openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 131903200 aes-128-cbc's in = 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 35044060 aes-128-cbc's in = 2.99s Doing aes-128-cbc for 3s on 256 size blocks: 8969315 aes-128-cbc's in = 3.02s Doing aes-128-cbc for 3s on 1024 size blocks: 2291514 aes-128-cbc's in = 3.09s Doing aes-128-cbc for 3s on 8192 size blocks: 281113 aes-128-cbc's in = 3.01s LibreSSL 2.4.2 built on: date not available options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) = idea(int) blowfish(idx)=20 compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 = bytes aes-128-cbc 703483.73k 749558.59k 759448.36k 760388.16k = 765632.07k=