configs/turris1x: disable openssl assember optimizations
On Turris 1.x it seems that some assember code is not correct and result are failures for some domain's certificates such as google.com or pypi.org.
Fixes: https://gitlab.labs.nic.cz/turris/turris-build/issues/143 https://gitlab.labs.nic.cz/turris/turris-os-packages/issues/569
Merge request reports
Activity
changed milestone to %Turris OS 5.0.2
added Bug High Turris 1.x labels
Yeh as a bug report to openssl but I am not sure if the problem is not caused by OpenWrt patch. For now this is just simple fix. We will see if some future update of openssl solves the problem. I don't have capacity at the moment to look for the cause and without that reporting it to upstream makes no sense.
Maybe @cotequeiroz as OpenSSL maintainer in OpenWrt can help us with that.
I dont believe any of the current openwrt patches should affect ppc asm directly.
- 100-* changes the heuristics to determine afalg support at build time;
- 110-* maps openwrt arches to openssl arches, adding $OPENWRT_OPTIMIZATION_FLAGS to CFLAGS. I'm not sure what's being set for ppc there, may be worth a check;
- 120-* changes the string returned by
OpenSSL_version(OPENSSL_CFLAGS)
; - 130-* avoids building anything inside "test" and "fuzz" directories;
- 140-* changes cipher ordering - looks harmless, and can be circumvented by deselecting
OPENSSL_PREFER_CHACHA_OVER_GCM
; - 150-* changes the default config file;
- [45]* affect only the devcrypto engine, which can be turned off to see if it causes trouble.
Unless the
TARGET_CFLAGS
passed somehow causes trouble, it is more likely to be a bug in openssl (asm code) or, however unlikely, the toolchain.
Anyway, you investigated it in #143 (closed) and found that the issue is with OpenSSL. I am fine with your change even it decreases performance on PowerPC, it is important to get this working and this means that we will be able to enable DNS over TLS on Turris 1.x routers.
assigned to @kkoci and unassigned @jschlehofer
I know I'm late, but I can contribute something. What we can do to further pinpoint the problem is to selectively turn off asm use. Here's what's defined in
Configurations/00-base-templates.conf
for ppc32:ppc32_asm => { template => 1, cpuid_asm_src => "ppccpuid.s ppccap.c", bn_asm_src => "bn-ppc.s ppc-mont.s", aes_asm_src => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s", sha1_asm_src => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s", modes_asm_src => "ghashp8-ppc.s", chacha_asm_src => "chacha-ppc.s", poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s", },
I'll check to see if we can just remove one of these lines at a time to compile them selectively, but I may take some time.