Date: Mon, 19 Sep 2016 11:35:59 +0200 From: Franco Fichtner <franco@lastsummer.de> To: Dirk Meyer <dirk.meyer@dinoex.sub.org> Cc: freebsd-ports <freebsd-ports@freebsd.org> Subject: Re: OpenSSL port ASM removal Message-ID: <C53200E7-D8BC-498F-A1EB-4006C55BF69D@lastsummer.de> In-Reply-To: <k%2BlbJAUOvG@dmeyer.dinoex.sub.org> References: <71AF3315-6CB0-469D-A289-780C286A2D21@lastsummer.de> <k%2BlbJAUOvG@dmeyer.dinoex.sub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Dirk, > On 19 Sep 2016, at 11:22 AM, Dirk Meyer <dirk.meyer@dinoex.sub.org> wrote: > >> ASM support for OpenSSL is missing from the port now, >> which is kind of unfortunate for two reasons: >> (a) FreeBSD base (at least for i386 and amd64) has it. >> (b) ASM is required for AESNI to work last time I checked. >> Why was it removed? It's not clear from the commit message. > > Users with asm option enabled on amd64 have reported > random segfaults in many ssl applications. > > They confirmed that disabling asm option fixed their problems. > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210859 This leads to even more questions: 1. Why is a non-default option removed that breaks for "some" users? We have thousands of OPNsense users that successfully run it since October 2015. Not one single segfault report. https://github.com/opnsense/tools/commit/e344cfc35e6 2. What is the upstream-supported trigger for enabling AESNI code in OpenSSL? Or is AESNI support unaffected? 3. Is AESNI support considered a must-have feature for the OpenSSL port in FreeBSD or not? How about base OpenSSL? And how does this affect the plans to switch to OpenSSL from ports by default that would potentially strip AESNI support from all ports relying on it at the moment? Cheers, Franco
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C53200E7-D8BC-498F-A1EB-4006C55BF69D>