Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
On 2015-08-01 15:20:19 [+0200], Kurt Roeckx wrote: > Can you try the package from: > https://people.debian.org/~kroeckx/openssl/? > > Could you also run this after isntalling it: > openssl speed sha256 > openssl speed -evp aes-128-cbc > openssl speed -evp aes-128-cbc-hmac-sha256 What is the status on this? The package seems to have the intel bit masked out while looking for the AES-NI bit. This seems to be part of 1.0.2f-2. I have here an AMD-A8 (and A10) but I don't think I can get my hands on A6 :/. Anyway. With 1.0.2f-2 I see a difference in performance between OPENSSL_ia32cap="~0x200" openssl speed -evp aes-128-cbc type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 82125.33k89565.82k88865.96k90472.45k 90947.58k and openssl speed -evp aes-128-cbc type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 243645.05k 294776.58k 297669.21k 309102.45k 311200.43k Which suggests that AES-NI is use. According to [0] the CPU in question has AES-NI available. btw: I can start clamtk on my A8 without any troubleā¦ [0] http://www.cpu-world.com/Compare/770/AMD_A6-Series_for_Notebooks_A6-6310_vs_Intel_Core_i3_Mobile_i3-330M_(PGA988).html > > Kurt Sebastian
Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
Yes, but which one: openssl_1.0.2d-1.1_amd64.deb? Thank you, *Carlos Kosloff* Office: (954) 283-8828 Cell: (954) 464-8822 Fax: (888) 854-5440 On 08/01/2015 09:20 AM, Kurt Roeckx wrote: Can you try the package from: https://people.debian.org/~kroeckx/openssl/? Could you also run this after isntalling it: openssl speed sha256 openssl speed -evp aes-128-cbc openssl speed -evp aes-128-cbc-hmac-sha256 Kurt
Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
On Sun, Aug 02, 2015 at 09:00:32AM -0400, Carlos Kosloff wrote: Yes, but which one: openssl_1.0.2d-1.1_amd64.deb? You need at least libssl1.0.0_1.0.2d-1.1_amd64.deb from there. I think you also installed the libssl1.0.0-dbg package before so you either need to remove that or also install libssl1.0.0-dbg_1.0.2d-1.1_amd64.deb. You can also install openssl_1.0.2d-1.1_amd64.deb but that will not change much. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
ckosloff@notosh:~$ openssl speed sha256 Doing sha256 for 3s on 16 size blocks: 4561580 sha256's in 3.00s Doing sha256 for 3s on 64 size blocks: 2535590 sha256's in 3.00s Doing sha256 for 3s on 256 size blocks: 1095672 sha256's in 3.00s Doing sha256 for 3s on 1024 size blocks: 335048 sha256's in 3.00s Doing sha256 for 3s on 8192 size blocks: 44819 sha256's in 3.00s OpenSSL 1.0.2d 9 Jul 2015 built on: reproducible build, date unspecified options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes sha256 24328.43k54092.59k93497.34k 114363.05k 122385.75k ckosloff@notosh:~$ ckosloff@notosh:~$ openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 65502209 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 23271187 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 7135284 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 1890618 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 240167 aes-128-cbc's in 3.00s OpenSSL 1.0.2d 9 Jul 2015 built on: reproducible build, date unspecified options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 349345.11k 496451.99k 608877.57k 645330.94k 655816.02k ckosloff@notosh:~$ ckosloff@notosh:~$ openssl speed -evp aes-128-cbc-hmac-sha256 Doing aes-128-cbc-hmac-sha256 for 3s on 16 size blocks: 13185868 aes-128-cbc-hmac-sha256's in 3.00s Doing aes-128-cbc-hmac-sha256 for 3s on 64 size blocks: 4387141 aes-128-cbc-hmac-sha256's in 3.00s Doing aes-128-cbc-hmac-sha256 for 3s on 256 size blocks: 758588 aes-128-cbc-hmac-sha256's in 3.00s Doing aes-128-cbc-hmac-sha256 for 3s on 1024 size blocks: 180522 aes-128-cbc-hmac-sha256's in 3.00s Doing aes-128-cbc-hmac-sha256 for 3s on 8192 size blocks: 22307 aes-128-cbc-hmac-sha256's in 3.00s OpenSSL 1.0.2d 9 Jul 2015 built on: reproducible build, date unspecified options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc-hmac-sha25670324.63k93592.34k64732.84k 61618.18k60912.98k ckosloff@notosh:~$ *Carlos Kosloff* Office: (954) 283-8828 Cell: (954) 464-8822 Fax: (888) 854-5440 On 08/01/2015 09:20 AM, Kurt Roeckx wrote: Can you try the package from: https://people.debian.org/~kroeckx/openssl/? Could you also run this after isntalling it: openssl speed sha256 openssl speed -evp aes-128-cbc openssl speed -evp aes-128-cbc-hmac-sha256 Kurt
Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
Can you try the package from: https://people.debian.org/~kroeckx/openssl/? Could you also run this after isntalling it: openssl speed sha256 openssl speed -evp aes-128-cbc openssl speed -evp aes-128-cbc-hmac-sha256 Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
Thank you. Just wanted to let you know that KDE is completely broken in stretch, not sure if that is causing problems. *Carlos Kosloff* Office: (954) 283-8828 Cell: (954) 464-8822 Fax: (888) 854-5440 On 07/30/2015 11:02 PM, Kurt Roeckx wrote: On Thu, Jul 30, 2015 at 10:24:09PM -0400, Carlos Kosloff wrote: AES instruction = true So at leat this tool seems to think it's supported too. We'll have to look into it. Kurt
Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
On Thu, Jul 30, 2015 at 02:42:33PM -0400, Carlos Kosloff wrote: That worked! Thank you. That's just a workaround that disables the cpu detection code. Can you try installing cpuid and running: cpuid cpuid -r And send me the output of both those? Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
On Thu, Jul 30, 2015 at 10:24:09PM -0400, Carlos Kosloff wrote: AES instruction = true So at leat this tool seems to think it's supported too. We'll have to look into it. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
Sorry, spoke too soon, I launched it in the computer that does work. In the computer that is the subject of the bug it did NOT work :/ *Carlos Kosloff* Office: (954) 283-8828 Cell: (954) 464-8822 Fax: (888) 854-5440 On 07/30/2015 01:57 PM, Kurt Roeckx wrote: On Thu, Jul 30, 2015 at 10:31:02AM -0400, Carlos Kosloff wrote: Of course, but I need instructions on how to do this. By starting clamtk as: OPENSSL_ia32cap=0 clamtk Or using: export OPENSSL_ia32cap=0 And then starting clamtk Kurt
Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
On Thu, Jul 30, 2015 at 10:31:02AM -0400, Carlos Kosloff wrote: Of course, but I need instructions on how to do this. By starting clamtk as: OPENSSL_ia32cap=0 clamtk Or using: export OPENSSL_ia32cap=0 And then starting clamtk Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
That worked! Thank you. *Carlos Kosloff* Office: (954) 283-8828 Cell: (954) 464-8822 Fax: (888) 854-5440 On 07/30/2015 01:57 PM, Kurt Roeckx wrote: On Thu, Jul 30, 2015 at 10:31:02AM -0400, Carlos Kosloff wrote: Of course, but I need instructions on how to do this. By starting clamtk as: OPENSSL_ia32cap=0 clamtk Or using: export OPENSSL_ia32cap=0 And then starting clamtk Kurt
Bug#793557: [Pkg-openssl-devel] Bug#793557: Bug#793557: clamtk in testing
On Mon, Jul 27, 2015 at 09:31:32PM +0200, Kurt Roeckx wrote: On Mon, Jul 27, 2015 at 01:48:53PM -0400, Carlos Kosloff wrote: Dear maintainer, Program received signal SIGILL, Illegal instruction. aesni_cbc_sha256_enc () at aesni-sha256-x86_64.s:29 29 aesni-sha256-x86_64.s: No such file or directory. #0 aesni_cbc_sha256_enc () at aesni-sha256-x86_64.s:29 I'm not sure why you come in aesni code since your processor doesn't seem to support that. I'll try to look in to it. Can you try setting the environment variable OPENSSL_ia32cap to 0 and see if the problem then goes away? Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org