Hello! We observed a failure when running speed with async jobs in the latest beta release.
> openssl speed -elapsed -async_jobs 1 dsa512 You have chosen to measure elapsed time instead of user CPU time. Doing 512 bit sign dsa's for 10s: 70486 512 bit DSA signs in 10.00s DSA verify failure. No DSA verify will be done. OpenSSL 1.1.0-pre6 (beta) 4 Aug 2016 built on: reproducible build, date unspecified options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wa,--noexecstack I believe that this is caused by the following commit: https://github.com/openssl/openssl/commit/0930e07d1eb522e663abe543ee865a508749946e The changes were not necessary and the allocation of siglen in a separate buffer is actually required for the async jobs to work correctly. After this commit the siglen is stored directly in tempargs. When we start the ASYNC_JOB the struct is copied into the new execution context and all the changes done to siglen are visible only inside the ASYNC_JOB. When the ASYNC_JOB finishes the async infrastructure does not copy the struct back in speed. This is a design decision and not a bug in the async code. In order to solve the error we need to pass siglen as a pointer so that the correct value is visible also from the caller (i.e. speed) and the verify operation can complete successfully. Reverting the commit solves the problem: git revert 0930e07d1eb522e663abe543ee865a508749946e > openssl speed -elapsed -async_jobs 1 dsa512 You have chosen to measure elapsed time instead of user CPU time. Doing 512 bit sign dsa's for 10s: 70485 512 bit DSA signs in 9.99s Doing 512 bit verify dsa's for 10s: 119001 512 bit DSA verify in 10.00s OpenSSL 1.1.0-pre6 (beta) 4 Aug 2016 built on: reproducible build, date unspecified options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib64/engines-1.1\"" -Wa,--noexecstack sign verify sign/s verify/s dsa 512 bits 0.000142s 0.000084s 7055.6 11900.1 Here is the link to the pull request: https://github.com/openssl/openssl/pull/1462 What do you think? Kind regards, Andrea -------------------------------------------------------------- Intel Research and Development Ireland Limited Registered in Ireland Registered Office: Collinstown Industrial Park, Leixlip, County Kildare Registered Number: 308263 This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
