Hello bugproxy, or anyone else affected, Accepted openssl into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.0.2g- 1ubuntu4.2 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: openssl (Ubuntu Xenial) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1601836 Title: Openssl libcrypto performance issue Status in Ubuntu on IBM z Systems: In Progress Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Xenial: Fix Committed Bug description: == Comment: #0 - Bastian Pfeifer <bastian.pfei...@de.ibm.com> - 2016-04-22 03:37:03 == ---Problem Description--- Performance problem with s390x assembly code in the openssl libcrypto library: CPACF functions such as SHA, AES ... queries the CPACF facility bits too often. Problematic code can be found here: https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha1-s390x.pl What happens is that for every e.g SHA1 call the code first tests if the HW function is available. That's the case for all the CPACF functions. However what the lib should do is to query only once, safe the value and then use the function. The problem is that the Hipervisor in certain scenarios is required to intercept the query instructions, which makes this really expensive. Contact Information = bastian.pfei...@de.ibm.com ---uname output--- 4.4.0-18-generic #34-Ubuntu SMP Machine Type = 2964, 701 NC9 ---Debugger--- A debugger is not configured ---Steps to Reproduce--- n/a Userspace tool common name: OpenSSL The userspace tool has the following bit modes: 64-bit Userspace rpm: OpenSSL 1.0.2g 1 Mar 2016 Userspace tool obtained from project website: na *Additional Instructions for bastian.pfei...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #8 - Bastian Pfeifer <bastian.pfei...@de.ibm.com> - 2016-06-02 07:05:00 == We performed tests on the new SHA,AES and GHASH code and report performance improvements especially for SHA (up to 20%). Here are the links to the new s390x assembly code which should be used to create patches for the UBUNTU specific openssl versions. 1) https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.S 2) https://github.com/openssl/openssl/blob/master/crypto/s390xcap.c 3) https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha1-s390x.pl 4) https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha512-s390x.pl 5) https://github.com/openssl/openssl/blob/master/crypto/aes/asm/aes-s390x.pl 6) https://github.com/openssl/openssl/blob/master/crypto/modes/asm/ghash-s390x.pl In case of AES I was forced to change the following code in aes- s390x.pl .globl AES_set_decrypt_key .type AES_set_decrypt_key,\@function goes to .globl private_AES_set_decrypt_key .type private_AES_set_decrypt_key,\@function This was done for 'AES_set_encrypt_key as well; to be consistent with the openssl code which comes with UBUNTU. For my performance tests this worked properly and I checked the CPACF counter with the tool 'cpacfstats'. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1601836/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
