Bug 1622297

Summary: openssl speed partially broken
Product: [Fedora] Fedora Reporter: Alicja Kario <hkario>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jorton, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openssl-1.1.1-3.fc29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-26 20:20:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alicja Kario 2018-08-25 15:06:17 UTC 
Description of problem:
using `openssl speed`, `openssl speed ecdh` or `openssl speed ecdhx25519` does not work as expected

Version-Release number of selected component (if applicable):
openssl-1.1.1-0.pre9.1.fc30.x86_64

How reproducible:
always

Steps to Reproduce:
1. openssl speed 
2. openssl speed ecdh
3. openssl speed ecdhx25519

Actual results:
1. There are errors printed:
Doing 2048 bits sign dsa's for 10s: 1911 2048 bits DSA signs in 9.88s
Doing 2048 bits verify dsa's for 10s: 2084 2048 bits DSA verify in 9.88s
ECDSA failure.
140249090668352:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:403:
ECDSA failure.
140249090668352:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:403:
Doing 224 bits sign ecdsa's for 10s: 17458 224 bits ECDSA signs in 9.85s 
Doing 224 bits verify ecdsa's for 10s: 7862 224 bits ECDSA verify in 9.86s
Doing 256 bits sign ecdsa's for 10s: 30364 256 bits ECDSA signs in 9.81s 
Doing 256 bits verify ecdsa's for 10s: 9520 256 bits ECDSA verify in 9.84s
ECDH EC params init failure.
140249090668352:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:403:
140249090668352:error:100C508D:elliptic curve routines:pkey_ec_ctrl:invalid curve:crypto/ec/ec_pmeth.c:231:
OpenSSL 1.1.1-pre9 (beta) FIPS 21 Aug 2018

2. Errors printed:
ECDH EC params init failure.
140386377103168:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:403:
140386377103168:error:100C508D:elliptic curve routines:pkey_ec_ctrl:invalid curve:crypto/ec/ec_pmeth.c:231:
OpenSSL 1.1.1-pre9 (beta) FIPS 21 Aug 2018

3. stats for wrong test printed:
Doing rmd160 for 3s on 16 size blocks: 1717778 rmd160's in 2.82s
Doing rmd160 for 3s on 64 size blocks: 1301281 rmd160's in 2.93s
Doing rmd160 for 3s on 256 size blocks: 721177 rmd160's in 2.96s
Doing rmd160 for 3s on 1024 size blocks: 257242 rmd160's in 2.96s
Doing rmd160 for 3s on 8192 size blocks: 36926 rmd160's in 2.97s
Doing rmd160 for 3s on 16384 size blocks: 18623 rmd160's in 2.96s
OpenSSL 1.1.1-pre9 (beta) FIPS 21 Aug 2018
built on: Wed Aug 22 10:44:36 2018 UTC
options:bn(64,64) md2(char) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -Wa,--noexecstack -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
rmd160            9746.26k    28423.89k    62372.06k    88991.83k   101851.11k   103080.82k

Expected results:
`speed` runs without errors, statistics for at least P-256, P-384, P-521 and X2559 shown

Additional info:
Upstream has issues also with ed25519 and ed448, see https://github.com/openssl/openssl/issues/6922
Comment 1 Fedora Update System 2018-09-14 16:56:34 UTC 
openssl-1.1.1-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c0108a088
Comment 2 Fedora Update System 2018-09-14 20:02:38 UTC 
openssl-1.1.1-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c0108a088
Comment 3 Fedora Update System 2018-09-17 11:47:28 UTC 
openssl-1.1.1-3.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c0108a088
Comment 4 Fedora Update System 2018-09-18 06:16:21 UTC 
openssl-1.1.1-3.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c0108a088
Comment 5 Fedora Update System 2018-09-26 20:20:32 UTC 
openssl-1.1.1-3.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.