Skip to content
Snippets Groups Projects

configs/turris1x: disable openssl assember optimizations

Merged Karel Koci requested to merge hotfix/turris1x-openssl into hbk
1 unresolved thread

On Turris 1.x it seems that some assember code is not correct and result are failures for some domain's certificates such as google.com or pypi.org.

Fixes: https://gitlab.labs.nic.cz/turris/turris-build/issues/143 https://gitlab.labs.nic.cz/turris/turris-os-packages/issues/569

Edited by Karel Koci

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Karel Koci changed milestone to %Turris OS 5.0.2

    changed milestone to %Turris OS 5.0.2

  • Karel Koci changed the description

    changed the description

    • I am thinking if this shouldn't be sent to upstream.

    • Author Contributor

      Yeh as a bug report to openssl but I am not sure if the problem is not caused by OpenWrt patch. For now this is just simple fix. We will see if some future update of openssl solves the problem. I don't have capacity at the moment to look for the cause and without that reporting it to upstream makes no sense.

    • Maybe @cotequeiroz as OpenSSL maintainer in OpenWrt can help us with that.

    • I dont believe any of the current openwrt patches should affect ppc asm directly.

      • 100-* changes the heuristics to determine afalg support at build time;
      • 110-* maps openwrt arches to openssl arches, adding $OPENWRT_OPTIMIZATION_FLAGS to CFLAGS. I'm not sure what's being set for ppc there, may be worth a check;
      • 120-* changes the string returned by OpenSSL_version(OPENSSL_CFLAGS);
      • 130-* avoids building anything inside "test" and "fuzz" directories;
      • 140-* changes cipher ordering - looks harmless, and can be circumvented by deselecting OPENSSL_PREFER_CHACHA_OVER_GCM;
      • 150-* changes the default config file;
      • [45]* affect only the devcrypto engine, which can be turned off to see if it causes trouble.

      Unless the TARGET_CFLAGS passed somehow causes trouble, it is more likely to be a bug in openssl (asm code) or, however unlikely, the toolchain.

    • Thanks for answer!

    • Please register or sign in to reply
  • Anyway, you investigated it in #143 (closed) and found that the issue is with OpenSSL. I am fine with your change even it decreases performance on PowerPC, it is important to get this working and this means that we will be able to enable DNS over TLS on Turris 1.x routers.

  • Josef Schlehofer assigned to @kkoci and unassigned @jschlehofer

    assigned to @kkoci and unassigned @jschlehofer

  • Karel Koci added 2 commits

    added 2 commits

    • 76a9b3e8 - 1 commit from branch hbk
    • c1dd09eb - configs/turris1x: disable openssl assember optimizations

    Compare with previous version

  • merged

  • I know I'm late, but I can contribute something. What we can do to further pinpoint the problem is to selectively turn off asm use. Here's what's defined in Configurations/00-base-templates.conf for ppc32:

        ppc32_asm => {
            template        => 1,
            cpuid_asm_src   => "ppccpuid.s ppccap.c",
            bn_asm_src      => "bn-ppc.s ppc-mont.s",
            aes_asm_src     => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s",
            sha1_asm_src    => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s",
            modes_asm_src   => "ghashp8-ppc.s",
            chacha_asm_src  => "chacha-ppc.s",
            poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s",
        },

    I'll check to see if we can just remove one of these lines at a time to compile them selectively, but I may take some time.

  • Karel Koci changed the description

    changed the description

Please register or sign in to reply