Your message dated Thu, 25 May 2017 21:33:55 +0000
with message-id <[email protected]>
and subject line Bug#861145: fixed in openssl 1.1.0f-1
has caused the Debian Bug report #861145,
regarding openssl: SHA Extension routine is not called on new AMD cpu "Ryzen".
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
861145: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861145
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openssl
Version: 1.1.0e-1
Severity: normal
Dear Maintainer,
[Introduction]
AMD added support in their processors for SHA Extensions[1] (CPU flag:
sha_ni[2]) starting with Ryzen[3] CPU.
Note that Ryzen CPU come in 64bit only. Current OpenSSL version in Ryzens still
calls SHA for SSSE3 routine as result a number of extensions were effectively
masked on Ryzen and shows no improvement.
[1] /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 23
model : 1
model name : AMD Ryzen 5 1600 Six-Core Processor
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36
clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm
constant_tsc rep_good nopl nonstop_tsc extd_apicid aperfmperf eagerfpu pni
pclmulqdq monitor ssse3 fma cx16 sse
4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm
extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce
topoext perfctr_core perfctr_nb bpext perfctr_l2 mwaitx hw_pstate vmmcall
fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflusho
pt sha_ni xsaveopt xsavec xgetbv1 clzero arat npt lbrv svm_lock nrip_save
tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold
[2] - sha_ni: SHA1/SHA256 Instruction Extensions
[3] - https://en.wikipedia.org/wiki/Ryzen
....
All models support: x87, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AES,
CLMUL, AVX, AVX2, FMA, CVT16/F16C, ABM, BMI1, BMI2, SHA.[5]
....
[Program to performs the CPUID check]
Reference :
https://software.intel.com/en-us/articles/intel-sha-extensions
.... Availability of the IntelĀ® SHA Extensions on a particular processor can be
determined by checking the SHA CPUID bit in CPUID.(EAX=07H, ECX=0):EBX.SHA [bit
29]. The following C function, using inline assembly, performs the CPUID check:
--
int CheckForIntelShaExtensions() {
int a, b, c, d;
// Look for CPUID.7.0.EBX[29]
// EAX = 7, ECX = 0
a = 7;
c = 0;
asm volatile ("cpuid"
:"=a"(a), "=b"(b), "=c"(c), "=d"(d)
:"a"(a), "c"(c)
);
// IntelĀ® SHA Extensions feature bit is EBX[29]
return ((b >> 29) & 1);
}
--
On CPU with sha_ni the program return "1". Otherwise it return "0".
[Upstream work]
- GitHub PR :
https://github.com/openssl/openssl/issues/2848
- Repository :
https://github.com/openssl/openssl.git
- Commits :
1aed5e1 crypto/x86*cpuid.pl: move extended feature detection.
## This fix moves extended feature detection past basic feature detection where
it belongs.
f8418d8 crypto/x86_64cpuid.pl: move extended feature detection upwards.
## This commit for x86_64cpuid.pl addressed the problem, but messed up
processor vendor detection.
-- System Information:
Debian Release: 8.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.4.0-62-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: openssl
Source-Version: 1.1.0f-1
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 25 May 2017 18:29:01 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
libssl-dev - Secure Sockets Layer toolkit - development files
libssl-doc - Secure Sockets Layer toolkit - development documentation
libssl1.1 - Secure Sockets Layer toolkit - shared libraries
libssl1.1-udeb - ssl shared library - udeb (udeb)
openssl - Secure Sockets Layer toolkit - cryptographic utility
Closes: 839575 859191 861145
Changes:
openssl (1.1.0f-1) unstable; urgency=medium
.
* New upstream version
- Fix regression in req -x509 (Closes: #839575)
- Properly detect features on the AMD Ryzen processor (Closes: #861145)
- Don't mention -tls1_3 in the manpage (Closes: #859191)
* Update libssl1.1.symbols for new symbols
* Update man-section.patch
Checksums-Sha1:
1278ae2b062e21d6733a690145ea35e2c71ca627 2583 openssl_1.1.0f-1.dsc
9e3e02bc8b4965477a7a1d33be1249299a9deb15 5278176 openssl_1.1.0f.orig.tar.gz
20caf5129e5791e14434e80f48e70b397c471c35 455 openssl_1.1.0f.orig.tar.gz.asc
d912d8d9bd9517ca263a98196fd845193fa7f507 53460 openssl_1.1.0f-1.debian.tar.xz
412406af3b846ace72ecbc2d20ac2e9d0a855daf 5200 openssl_1.1.0f-1_source.buildinfo
Checksums-Sha256:
5cf2b7cb18228d5050e86d155f14d03fe2b2a17c7cdccfe7a235285fc45746fb 2583
openssl_1.1.0f-1.dsc
12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 5278176
openssl_1.1.0f.orig.tar.gz
9f2feb0494ebcc1cf152d95a11bc966cb94bc1957d88650285db3966866801b0 455
openssl_1.1.0f.orig.tar.gz.asc
767136df6a4ddce89ea754dbcbfc59e47a7b442a7f8e428b7ec8299293d69ba4 53460
openssl_1.1.0f-1.debian.tar.xz
f0c7b27127be34f5745751e80e8ec2204a772c4172197f3bfa41f9430974bf28 5200
openssl_1.1.0f-1_source.buildinfo
Files:
d5d4351e78d035bfe07da6c5ca613e10 2583 utils optional openssl_1.1.0f-1.dsc
7b521dea79ab159e8ec879d2333369fa 5278176 utils optional
openssl_1.1.0f.orig.tar.gz
f2299a5b1d38b4113eb909feb0603566 455 utils optional
openssl_1.1.0f.orig.tar.gz.asc
fee7fa5ebc564b1ea7314e6cd5554bd5 53460 utils optional
openssl_1.1.0f-1.debian.tar.xz
07cd26a236e163063c1a3c452cb21859 5200 utils optional
openssl_1.1.0f-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlknSh0ACgkQ48TdzR5M
EkQFNBAAjwY6DRqFZ09Zp82pXoOq36cyd5mDKMxPyWtfRFG5ND9bZuRsJjN1c7AC
sLms9ioCzS3qKys30TIMTtfWxXZQAFj9NQe82e5XZKGq3HN/5Nuixopkpc8QHIBT
o1RrQ7WDEzDkq8WqZx5sslnBAbtnA/eRy5tgei46ToNM0nITakUql9Rnyi0DfN2t
F8WbpOZHUFHG9ZAtYUC7vc/Oce2P5HVqcnEc4fYZCyMNVhocB62a0TeFNdLJuIfI
BVRRvuGkDP+/6ObxEhwJaKA2fJNFfnNr52YTEvrBO03wgDCnHad9HC5DPRs/7zAH
s5+DADypYN5D8RZF17FQ/ZpI0gQfnwqvH9JP0iC4Q2xHvUccbG8FiZZdb52Js9g0
PErfGRzgSZII4oFm4k8/AOf6yse3Ri6xJyuzLbJGRKeqRcHRGLgAdORWWXMZzUlU
MIq/9LuzK7t17t91eP75pOEEl6kyD8xC6RSZd6+tgH4y7lavV3J+CW5GsKVn6HBM
5W6Ts9nHr8/fvDji6Z6X8SA7iZVuggayAFV3Wxrp0oYf68MjWusB3Cy5bdaCY14f
svbwuja0GfeDFiHO3r3N+arJZEyCvBGGvvAF1wV1Mw8aNN2jwp94Bo0YmPQDoQEd
V8uqptUo2allyD/JOqfMM358FPzrx13A6AaBzGQbwvjubNSrpG8=
=+YLU
-----END PGP SIGNATURE-----
--- End Message ---
