Bug 1622297 - openssl speed partially broken
Summary: openssl speed partially broken
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: rawhide
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-25 15:06 UTC by Hubert Kario
Modified: 2018-09-26 20:20 UTC (History)
2 users (show)

Fixed In Version: openssl-1.1.1-3.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-26 20:20:32 UTC
Type: Bug

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openssl openssl issues 6922 0 None None None 2018-08-25 15:06:17 UTC

Description Hubert Kario 2018-08-25 15:06:17 UTC 
Description of problem:
using `openssl speed`, `openssl speed ecdh` or `openssl speed ecdhx25519` does not work as expected

Version-Release number of selected component (if applicable):
openssl-1.1.1-0.pre9.1.fc30.x86_64

How reproducible:
always

Steps to Reproduce:
1. openssl speed 
2. openssl speed ecdh
3. openssl speed ecdhx25519

Actual results:
1. There are errors printed:
Doing 2048 bits sign dsa's for 10s: 1911 2048 bits DSA signs in 9.88s
Doing 2048 bits verify dsa's for 10s: 2084 2048 bits DSA verify in 9.88s
ECDSA failure.
140249090668352:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:403:
ECDSA failure.
140249090668352:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:403:
Doing 224 bits sign ecdsa's for 10s: 17458 224 bits ECDSA signs in 9.85s 
Doing 224 bits verify ecdsa's for 10s: 7862 224 bits ECDSA verify in 9.86s
Doing 256 bits sign ecdsa's for 10s: 30364 256 bits ECDSA signs in 9.81s 
Doing 256 bits verify ecdsa's for 10s: 9520 256 bits ECDSA verify in 9.84s
ECDH EC params init failure.
140249090668352:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:403:
140249090668352:error:100C508D:elliptic curve routines:pkey_ec_ctrl:invalid curve:crypto/ec/ec_pmeth.c:231:
OpenSSL 1.1.1-pre9 (beta) FIPS 21 Aug 2018

2. Errors printed:
ECDH EC params init failure.
140386377103168:error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group:crypto/ec/ec_curve.c:403:
140386377103168:error:100C508D:elliptic curve routines:pkey_ec_ctrl:invalid curve:crypto/ec/ec_pmeth.c:231:
OpenSSL 1.1.1-pre9 (beta) FIPS 21 Aug 2018

3. stats for wrong test printed:
Doing rmd160 for 3s on 16 size blocks: 1717778 rmd160's in 2.82s
Doing rmd160 for 3s on 64 size blocks: 1301281 rmd160's in 2.93s
Doing rmd160 for 3s on 256 size blocks: 721177 rmd160's in 2.96s
Doing rmd160 for 3s on 1024 size blocks: 257242 rmd160's in 2.96s
Doing rmd160 for 3s on 8192 size blocks: 36926 rmd160's in 2.97s
Doing rmd160 for 3s on 16384 size blocks: 18623 rmd160's in 2.96s
OpenSSL 1.1.1-pre9 (beta) FIPS 21 Aug 2018
built on: Wed Aug 22 10:44:36 2018 UTC
options:bn(64,64) md2(char) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -Wa,--noexecstack -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
rmd160            9746.26k    28423.89k    62372.06k    88991.83k   101851.11k   103080.82k

Expected results:
`speed` runs without errors, statistics for at least P-256, P-384, P-521 and X2559 shown

Additional info:
Upstream has issues also with ed25519 and ed448, see https://github.com/openssl/openssl/issues/6922
Comment 1 Fedora Update System 2018-09-14 16:56:34 UTC 
openssl-1.1.1-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c0108a088
Comment 2 Fedora Update System 2018-09-14 20:02:38 UTC 
openssl-1.1.1-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c0108a088
Comment 3 Fedora Update System 2018-09-17 11:47:28 UTC 
openssl-1.1.1-3.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c0108a088
Comment 4 Fedora Update System 2018-09-18 06:16:21 UTC 
openssl-1.1.1-3.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c0108a088
Comment 5 Fedora Update System 2018-09-26 20:20:32 UTC 
openssl-1.1.1-3.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.