OpenSSL port ASM removal
Franco Fichtner
franco at lastsummer.de
Mon Sep 19 09:36:04 UTC 2016
Hi Dirk,
> On 19 Sep 2016, at 11:22 AM, Dirk Meyer <dirk.meyer at dinoex.sub.org> wrote:
>
>> ASM support for OpenSSL is missing from the port now,
>> which is kind of unfortunate for two reasons:
>> (a) FreeBSD base (at least for i386 and amd64) has it.
>> (b) ASM is required for AESNI to work last time I checked.
>> Why was it removed? It's not clear from the commit message.
>
> Users with asm option enabled on amd64 have reported
> random segfaults in many ssl applications.
>
> They confirmed that disabling asm option fixed their problems.
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210859
This leads to even more questions:
1. Why is a non-default option removed that breaks for "some"
users? We have thousands of OPNsense users that successfully
run it since October 2015. Not one single segfault report.
https://github.com/opnsense/tools/commit/e344cfc35e6
2. What is the upstream-supported trigger for enabling AESNI
code in OpenSSL? Or is AESNI support unaffected?
3. Is AESNI support considered a must-have feature for the
OpenSSL port in FreeBSD or not? How about base OpenSSL? And
how does this affect the plans to switch to OpenSSL from ports
by default that would potentially strip AESNI support from all
ports relying on it at the moment?
Cheers,
Franco
More information about the freebsd-ports
mailing list