Re: Does haproxy utlize openssl with AES-NI if present?

Hi, On Thursday, 28 October 2021, Shawn Heisey wrote: > On 10/27/2021 2:54 PM, Lukas Tribus wrote: > >> I'd be surprised if the OpenSSL API calls we are using doesn't support >> AES-NI. >> > > Honestly that would surprise me too. But I have no idea how to find out > whether it's using the

Re: Does haproxy utlize openssl with AES-NI if present?

On Thu, 28 Oct 2021 at 08:31, Lukas Tribus wrote: > > Hi, > > On Thursday, 28 October 2021, Shawn Heisey wrote: >> >> On 10/27/2021 2:54 PM, Lukas Tribus wrote: >>> >>> I'd be surprised if the OpenSSL API calls we are using doesn't support >>> AES-NI. >> >> >> Honestly that would surprise me

Re: [PR] Typos fixed "it" should be "is"

Willy, On 10/14/21 7:23 PM, PR Bot wrote: This is an automated relay of the Github pull request: Typos fixed "it" should be "is" Patch title(s): Typos fixed "it" should be "is" Link: https://github.com/haproxy/haproxy/pull/1415 The patch contents were good. Please find a version

Re: [PATCH] BUILD/MINOR: atomics: mac arm64 build fix

Hi David, On Tue, Oct 26, 2021 at 10:27:40AM +0100, David CARLIER wrote: > Hi Willy, > > Ok with your changes suggestions even tough it seemed to work fine > with the raspberry/clang combination I have no doubt it works, given that this can rely on the fallback part. It's just that I don't want

Re: [PATCH] MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX

On Mon, Oct 18, 2021 at 12:16:11PM +0200, Tim Düsterhus, WoltLab GmbH wrote: > From 6095a454dee425487083674ec9d35be7a59f7ef6 Mon Sep 17 00:00:00 2001 > From: Tim Duesterhus > Date: Mon, 18 Oct 2021 12:12:02 +0200 > Subject: [PATCH] MINOR: halog: Add -qry parameter allowing to preserve the >

Re: [PATCH 1/2] CLEANUP: jwt: Remove the use of a trash buffer in jwt_jwsverify_hmac()

On Mon, Oct 18, 2021 at 06:40:28PM +0200, Tim Duesterhus wrote: > The OpenSSL documentation > (https://www.openssl.org/docs/man1.1.0/man3/HMAC.html) > specifies: > > > It places the result in md (which must have space for the output of the hash > > function, which is no more than EVP_MAX_MD_SIZE

Re: [PATCH] DEV: coccinelle: Add realloc_leak.cocci

On Sat, Oct 23, 2021 at 07:53:35PM +0200, Tim Duesterhus wrote: > This coccinelle patch finds locations where the return value of `realloc()` is > assigned to the pointer passed to `realloc()`. This calls will leak memory if > `realloc()` returns `NULL`. Thanks. This and the hlua_alloc() patch

Re: [PATCH] CLEANUP: http_fetch: Use ist helpers in smp_fetch_http_auth_bearer()

Willy, On 10/14/21 7:48 PM, Tim Duesterhus wrote: please find a suggested cleanup for your JWT patch series. I think that using the ist functions results in easier to understand code, because you don't need to manually calculate lengths and offsets. Here's another patch that did not receive

Re: Does haproxy utlize openssl with AES-NI if present?

On 10/28/21 7:34 AM, Shawn Heisey wrote: Does haproxy's use of openssl turn on the same option that the commandline does with the -evp argument?  If it does, then I think everything is probably OK. Running "grep -r EVP ." in the haproxy source tree turns up a lot of hits in the TLS/SSL

Re: Does haproxy utlize openssl with AES-NI if present?

On 10/28/21 12:31 AM, Lukas Tribus wrote: You want evidence. That would be preferred, yes. Then get a raspberry pi, and run haproxy manually, fake the cpu flag aes-ni and it should crash when using aes acceleration, because the cpu doesn't support it.

[PATCH] halog stuff

Willy, please find another halog series attached. 1. Some small changes to the new -qry/-query flag. 2. A new -hdr flag, resolving my own GitHub issue. Best regards Tim Düsterhus Developer WoltLab GmbH -- WoltLab GmbH Nedlitzer Str. 27B 14469 Potsdam Tel.: +49 331 96784338

Re: [PATCH] halog stuff

On Thu, Oct 28, 2021 at 07:19:39PM +0200, Tim Düsterhus, WoltLab GmbH wrote: > The check for the quote is to detect the start of the request method. (...) OK, got it! > I've attached an updated patch with an extensive explanation :-) perfect, thank you, now pushed. Willy

Re: Does haproxy utlize openssl with AES-NI if present?

On Thu, 28 Oct 2021 at 15:49, Shawn Heisey wrote: > > On 10/28/21 7:34 AM, Shawn Heisey wrote: > > Does haproxy's use of openssl turn on the same option that the > > commandline does with the -evp argument? If it does, then I think > > everything is probably OK. > > > Running "grep -r EVP ." in

Re: [PATCH] halog stuff

Hi Tim, On Thu, Oct 28, 2021 at 05:33:57PM +0200, Tim Düsterhus, WoltLab GmbH wrote: > Willy, > > please find another halog series attached. > > 1. Some small changes to the new -qry/-query flag. > 2. A new -hdr flag, resolving my own GitHub issue. OK, some points below. > From

Re: [PATCH] halog stuff

Willy, On 10/28/21 6:50 PM, Willy Tarreau wrote: Just one thing (but do not worry, I'll rearrange it later), I initially took great care of limiting the output to 80 columns for having suffered a few times from it, and I think it broke when time ranges were added. ack From

Re: Is it possible to capture the body of http responses?

On Wed, Sep 15, 2021 at 12:36 AM Christopher Faulet wrote: > Le 9/14/21 à 3:14 AM, Ryan Burn a écrit : > > > > > > On Thu, Sep 9, 2021 at 12:22 AM Christopher Faulet > > wrote: > > > > Le 8/11/21 à 2:53 AM, Ryan Burn a écrit : > > > I'm working on

Re: Does haproxy utlize openssl with AES-NI if present?

On 10/28/21 2:11 PM, Lukas Tribus wrote: You would have to run a single request causing a large download, and run haproxy through a cpu profiler, like perf, and compare outputs. I am learning all sorts of useful things. I see evidence of acceleration when pulling a large file with curl! 

Re: Does haproxy utlize openssl with AES-NI if present?

On 10/28/21 10:02 AM, Lukas Tribus wrote: You seem to be trying very hard to find a problem where there is none. Definitely do NOT overwrite CPU flags in production. This is to *test* AES acceleration, I put the link to the blog post in there for context, not because I think you need to force

Re: Does haproxy utlize openssl with AES-NI if present?

On Thu, 28 Oct 2021 at 21:20, Shawn Heisey wrote: > > On 10/28/21 10:02 AM, Lukas Tribus wrote: > > You seem to be trying very hard to find a problem where there is none. > > > > Definitely do NOT overwrite CPU flags in production. This is to *test* > > AES acceleration, I put the link to the