The AES-CBC implementation is broken on T-4 machines. I reported this upstream:
https://github.com/openssl/openssl/issues/20523 >From grep I suspect that this also affects other AES modes, and also DES and Camellia. Until someone fixes this, I think we should disable the assembly optimizations. This makes regress on a T4-2 LDOM stable where with assembly optimizations it explodes about 2 out of 3 runs. It looks like this bug has been around for at least a decade. So maybe this is overkill, but when the choice is between reliability and speed (if that's the right word for anything related to sparc64), it seems clear that reliability should trump, especially when it comes to a dependency of a mailserver and a backup utility. Index: 1.1/Makefile =================================================================== RCS file: /cvs/ports/security/openssl/1.1/Makefile,v retrieving revision 1.59 diff -u -p -r1.59 Makefile --- 1.1/Makefile 22 Feb 2023 09:21:34 -0000 1.59 +++ 1.1/Makefile 16 Mar 2023 14:10:33 -0000 @@ -8,7 +8,7 @@ PORTROACH= limit:^1\.1\.[0-9][a-z] skipb V= 1.1.1t PKGSPEC= openssl->=1.1.0v0,<1.2v0 EPOCH= 0 -REVISION= 3 +REVISION= 4 SHLIBVER= 11.6 SHARED_LIBS= crypto ${SHLIBVER} \ @@ -30,6 +30,11 @@ CONFIGURE_ARGS+= --prefix=${PREFIX} \ no-threads no-rc5 no-ssl3 \ no-devcryptoeng \ shared + +# Avoid T4 assembly issues https://github.com/openssl/openssl/issues/20523 +.if ${MACHINE_ARCH} == sparc64 +CONFIGURE_ARGS+= no-asm +.endif INSTALL_TARGET= install_sw install_ssldirs SUBST_VARS+= MAN_PREFIX Index: 3.0/Makefile =================================================================== RCS file: /cvs/ports/security/openssl/3.0/Makefile,v retrieving revision 1.29 diff -u -p -r1.29 Makefile --- 3.0/Makefile 15 Mar 2023 12:04:57 -0000 1.29 +++ 3.0/Makefile 16 Mar 2023 14:11:00 -0000 @@ -10,7 +10,7 @@ V= 3.0.8 PKGNAME= openssl-${V} PKGSPEC= openssl->=3v0,<3.1v0 EPOCH= 0 -REVISION= 2 +REVISION= 3 SHLIBVER= 12.3 SHARED_LIBS= crypto ${SHLIBVER} \ @@ -31,6 +31,11 @@ CONFIGURE_ARGS+= --prefix=${PREFIX} \ no-threads no-rc5 no-ssl3 \ no-devcryptoeng \ shared + +# Avoid T4 assembly issues https://github.com/openssl/openssl/issues/20523 +.if ${MACHINE_ARCH} == sparc64 +CONFIGURE_ARGS+= no-asm +.endif INSTALL_TARGET= install_sw install_ssldirs Index: 3.1/Makefile =================================================================== RCS file: /cvs/ports/security/openssl/3.1/Makefile,v retrieving revision 1.3 diff -u -p -r1.3 Makefile --- 3.1/Makefile 15 Mar 2023 12:06:23 -0000 1.3 +++ 3.1/Makefile 16 Mar 2023 14:11:15 -0000 @@ -7,7 +7,7 @@ USE_NOEXECONLY = Yes V= 3.1.0 PKGNAME= openssl-${V} PKGSPEC= openssl->=3.1v0,<3.2v0 -REVISION= 0 +REVISION= 1 SHLIBVER= 15.0 SHARED_LIBS= crypto ${SHLIBVER} \ @@ -28,6 +28,11 @@ CONFIGURE_ARGS+= --prefix=${PREFIX} \ no-threads no-rc5 no-ssl3 \ no-devcryptoeng \ shared + +# Avoid T4 assembly issues https://github.com/openssl/openssl/issues/20523 +.if ${MACHINE_ARCH} == sparc64 +CONFIGURE_ARGS+= no-asm +.endif INSTALL_TARGET= install_sw install_ssldirs
