[Bug 218815] security/openssl-devel doesn't run correctly during encryption/decryption use

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sat Apr 22 17:26:15 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218815

            Bug ID: 218815
           Summary: security/openssl-devel doesn't run correctly during
                    encryption/decryption use
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: brnrd at freebsd.org
          Reporter: dewayne at heuristicsystems.com.au
          Assignee: brnrd at freebsd.org
             Flags: maintainer-feedback?(brnrd at freebsd.org)

Doesn't run correctly - vague title I'm sorry.

Basically this is the problem.
dd if=/dev/zero bs=8m count=64 | openssl enc -e -aes-256-cbc -pass pass:fred |
openssl enc -d -aes-256-cbc -pass pass:fred | dd of=/dev/null
takes longer than the expected sub-2 seconds.  After 2 minutes I ^c.

Background
I'm having a few problems with libressl on amd64 (latest FreeBSD 11.0Stable). 
Due to deadline I need to update vulnerable ports, hence the need to consider
openssl-devel (primarily for the chacha cipher).

Testing
So step 1. Check performance of 
openssl speed md5 aes-256-cbc (i386 jail on amd64 base, expected to be slower)
OpenSSL 1.0.2k  26 Jan 2017
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              33310.31k   101690.17k   225189.68k   325980.15k   374042.04k
aes-256 cbc     100778.51k   108379.29k   110181.76k   110869.89k   110494.38k
dd if=/dev/zero bs=8m count=64 | openssl enc -e -aes-256-cbc -pass pass:fred |
openssl enc -d -aes-256-cbc -pass pass:fred | dd of=/dev/null
536870912 bytes transferred in 1.978219 secs (271391044 bytes/sec)
536870912 bytes transferred in 1.978499 secs (271352608 bytes/sec)

Compare against existing libressl (amd64)
openssl version; openssl speed md5 aes-256-cbc
LibreSSL 2.4.5
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              42508.63k   140502.95k   320085.21k   473776.60k   550627.68k
aes-256 cbc      81890.66k    87571.86k    89172.71k    89595.03k    89826.19k
hathor# dd if=/dev/zero bs=8m count=64 | openssl enc -e -aes-256-cbc -pass
pass:fred | openssl enc -d -aes-256-cbc -pass pass:fred | dd of=/dev/null
536870912 bytes transferred in 1.691704 secs (317355170 bytes/sec)
536870912 bytes transferred in 1.691909 secs (317316725 bytes/sec)

Step 2 Build openssl-devel and compare, first on the amd64 then i386.  I've
left more information in this.

OpenSSL 1.1.0e  16 Feb 2017
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr)
compiler: /usr/local/libexec/ccache/cc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG
-DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM
-DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM
-DOPENSSLDIR="\"/usr/local/openssl\""
-DENGINESDIR="\"/usr/local/lib/engines-1.1\""
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes 
16384 bytes
md5              79251.15k   223127.65k   407711.12k   513011.04k   553732.56k 
 555582.29k
aes-256 cbc      79520.54k    85543.12k    86719.75k    87328.00k    87522.05k 
  87346.92k

dd if=/dev/zero bs=8m count=64 | openssl enc -e -aes-256-cbc -pass pass:fred |
openssl enc -d -aes-256-cbc -pass pass:fred | dd of=/dev/null
Hmm ^t
load: 2.34  cmd: openssl 22223 [running] 170.60r 26.77u 143.66s 100% 5588k
550825+0 records in
550825+0 records out
282022400 bytes transferred in 170.607199 secs (1653051 bytes/sec)
34+0 records in
33+2 records out
285212672 bytes transferred in 172.487025 secs (1653531 bytes/sec)

Well.  That's a little outside tolerance...  Hence the title.  It does build
and does run, but...unsuccessfully.  

Ok so I methodically removed the defaults: asm, sse2, threads.  Each default
option was removed, the package rebuilt and reinstalled (first asm, then asm
and sse2...).  Same problem. Out of "options" and ideas  :(

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list