[openssl-dev] Error with async speed in OpenSSL 1.1.0-pre6
Grandi, Andrea
andrea.grandi at intel.com
Wed Aug 17 10:40:28 UTC 2016
Hello!
We observed a failure when running speed with async jobs in the latest beta release.
> openssl speed -elapsed -async_jobs 1 dsa512
You have chosen to measure elapsed time instead of user CPU time.
Doing 512 bit sign dsa's for 10s: 70486 512 bit DSA signs in 10.00s
DSA verify failure. No DSA verify will be done.
OpenSSL 1.1.0-pre6 (beta) 4 Aug 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wa,--noexecstack
I believe that this is caused by the following commit:
https://github.com/openssl/openssl/commit/0930e07d1eb522e663abe543ee865a508749946e
The changes were not necessary and the allocation of siglen in a separate buffer is actually required for the async jobs to work correctly.
After this commit the siglen is stored directly in tempargs.
When we start the ASYNC_JOB the struct is copied into the new execution context and all the changes done to siglen are visible only inside the ASYNC_JOB.
When the ASYNC_JOB finishes the async infrastructure does not copy the struct back in speed.
This is a design decision and not a bug in the async code.
In order to solve the error we need to pass siglen as a pointer so that the correct value is visible also from the caller (i.e. speed) and the verify operation can complete successfully.
Reverting the commit solves the problem:
git revert 0930e07d1eb522e663abe543ee865a508749946e
> openssl speed -elapsed -async_jobs 1 dsa512
You have chosen to measure elapsed time instead of user CPU time.
Doing 512 bit sign dsa's for 10s: 70485 512 bit DSA signs in 9.99s
Doing 512 bit verify dsa's for 10s: 119001 512 bit DSA verify in 10.00s
OpenSSL 1.1.0-pre6 (beta) 4 Aug 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wa,--noexecstack
sign verify sign/s verify/s
dsa 512 bits 0.000142s 0.000084s 7055.6 11900.1
Here is the link to the pull request: https://github.com/openssl/openssl/pull/1462
What do you think?
Kind regards,
Andrea
--------------------------------------------------------------
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160817/6b18b17c/attachment.html>
More information about the openssl-dev
mailing list