Additionally,
I just noticed that LP: #1696863 is about a "ubuntu4.6" failure on
Precise :
InstallationMedia: Ubuntu 12.04.2 LTS "Precise Pangolin" - Release i386
(20130213)
RelatedPackageVersions:
dpkg 1.18.4ubuntu1.2
apt 1.2.20
SourcePackage: openssl
Title: package libssl1.0.0:i386 1.0.2g-1u
Seth,
I don't think it is related ... 3 of them are related to package(s)
prior this SRU on version "1.0.2g-1ubuntu4.6" release on "Mon, 30 Jan
2017" and only 1 on "1.0.2g-1ubuntu4.8" for Xenial & another on on
"libssl1.0.0" for Zesty.
Title: package openssl 1.0.2g-1ubuntu4.6 failed to install/u
Some of the bug reports in my previous comment are actually filed
against previous versions of openssl (despite all being filed recently).
Eric noted that only 1692981 (zesty) and 1696799 (xenial) are for this
SRU, and 1696863 1697099 1696930 are for previous updates.
I don't think there's an issu
William, Eric, I'm curious if this OpenSSL update may have introduced
issues:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1697099
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1696930
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1696863
https://bugs.launchpad.net/ubun
This bug was fixed in the package openssl - 1.0.2g-1ubuntu11.2
---
openssl (1.0.2g-1ubuntu11.2) zesty; urgency=medium
* aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
(LP: #1674399)
-- William Grant Fri, 19 May 2017 18:29:44 +1000
--
You received this bug n
This bug was fixed in the package openssl - 1.0.2g-1ubuntu9.3
---
openssl (1.0.2g-1ubuntu9.3) yakkety; urgency=medium
* aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
(LP: #1674399)
-- William Grant Fri, 19 May 2017 18:25:11 +1000
** Changed in: openssl (Ubu
This bug was fixed in the package openssl - 1.0.2g-1ubuntu4.8
---
openssl (1.0.2g-1ubuntu4.8) xenial; urgency=medium
* aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
(LP: #1674399)
-- William Grant Fri, 19 May 2017 18:27:58 +1000
** Changed in: openssl (Ubun
@Brian Murray,
@sil2100
To summarize :
- wgrant did his verifications which are all successful
- I did mine that are all still successful
- I also reviewed all the regression failures reported on the pending sru page
and have provided an explanation for all of them above in the SRU justification
@Brian Murray (brian-murray)
> Eric - Have you tested the new version of openssl which William uploaded?
I did and my test cases results are still the same as the one pre-wgrant SRU.
All good on my side.
IMHO, the only things left to check are the 2-3 regressions in X and Y
for postgresql (X,Y)
I've been running the fixed OpenSSL on my artful Ryzen desktop, zesty
Haswell-U laptop and xenial Sandy Bridge server and its VMs for two
weeks without incident. These hosts include a variety of VPN clients,
HTTPS clients, HTTPS servers, SSH clients and servers, etc. The SRUs for
all series build s
William - could you add some information about the verification you did
since you tagged this verification-done?
** Tags removed: verification-done
** Tags added: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
htt
Eric - Have you tested the new version of openssl which William
uploaded?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1674399
Title:
OpenSSL CPU detection for AMD Ryzen CPUs
To manage notificatio
** Description changed:
[Impact]
* Context:
AMD added support in their processors for SHA Extensions[1] (CPU flag:
sha_ni[2]) starting with Ryzen[3] CPU. Note that Ryzen CPU come in 64bit
only (Confirmed with AMD representative). Current OpenSSL version in
Ryzens still calls SHA
** Description changed:
[Impact]
* Context:
AMD added support in their processors for SHA Extensions[1] (CPU flag:
sha_ni[2]) starting with Ryzen[3] CPU. Note that Ryzen CPU come in 64bit
only (Confirmed with AMD representative). Current OpenSSL version in
Ryzens still calls SHA
** Tags removed: verification-failed verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1674399
Title:
OpenSSL CPU detection for AMD Ryzen CPUs
To ma
** Tags removed: verification-failed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1674399
Title:
OpenSSL CPU detection for AMD Ryzen CPUs
To manage notifications about this bug go to:
https://bugs
** Tags removed: verification-failed
** Tags removed: patch
** Tags removed: ua
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1674399
Title:
OpenSSL CPU detection for AMD Ryzen CPUs
To manage not
Removing the "regression-proposed" & "verification-failed" tags now that
the regression fix ins now available to testing in -proposed.
** Tags removed: regression-proposed verification-failed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
Hello Eric, or anyone else affected,
Accepted openssl into zesty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/openssl/1.0.2g-
1ubuntu11.2 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https:/
William, as per our IRC conversation, we have decided that you will do
the upload for this specific fix for the 4 releases.
Thanks for your collaboration.
- Eric
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.
Thanks William, I'll set the proposed pkg as verification-failed, and
will work on backporting the patch[1] you are suggesting and that has
been proven to fix the issue.
[1] -
https://github.com/openssl/openssl/commit/08d09628d2c9f3ef599399d8cad021a07ab98347
Eric
** Tags removed: verificatio
Fortunately the OpenSSL test suite also fails when run during the build
on Ryzen. It turns out that the AES-NI+SHA-NI AES-CBC+SHA{1,256}
implementations are both broken, so
https://github.com/openssl/openssl/commit/08d09628d2c9f3ef599399d8cad021a07ab98347
needs to be backported too. I guess nobody'
libssl1.0.0 1.0.2g-1ubuntu9.2 breaks OpenVPN (2.4.0-5ubuntu1 or
2.3.11-1ubuntu2) connections to Canonical's VPN on my Ryzen 7 1700X
desktop running Linux 4.10.0-21-generic. In UDP mode the server stops
responding during TLS negotiation, and in TCP mode the server closes the
connection at the same s
The same precision verification testing has been tested for zesty-
proposed with the same result as X and Y :
[Verificaton zesty]
# i386
- Significant performance increase using the zesty-proposed/i386 package inside
a 32-bit LXD container build using a Ryzen CPU with Intel SHA Extension
capabi
[Verificaton XENIAL]
# i386
- Significant performance increase using the xenial-proposed/i386 package
inside a 32-bit LXD container build using a Ryzen CPU with Intel SHA Extension
capability.
- Same performance (as expected) using the xenial-proposed/i386 package on a
non SHA Extension Intel C
We have tested these packages in zesty-proposed (openssl-1.0.2g-
1ubuntu11.1) and can confirm that the SHA extension codepath is executed
correctly and we see the accompanying expected performance improvements.
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs
Hello Eric, or anyone else affected,
Accepted openssl into zesty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/openssl/1.0.2g-
1ubuntu11.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https:/
[Verificaton YAKKETY]
# i386
- Significant performance increase using the yakkety-proposed/i386 package
inside a 32-bit LXD container build using a Ryzen CPU with Intel SHA Extension
capability.
- Same performance (as expected) using the yakkety-proposed/i386 package on a
non SHA Extension Inte
Hello Eric, or anyone else affected,
Accepted openssl into yakkety-proposed. The package will build now and
be available at https://launchpad.net/ubuntu/+source/openssl/1.0.2g-
1ubuntu9.2 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https:
yakkety_openssl_lp1674399.debdiff
** Patch added: "yakkety_openssl_lp1674399.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1674399/+attachment/4868959/+files/yakkety_openssl_lp1674399.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, whi
zesty_openssl_lp1674399.debdiff
** Description changed:
[Impact]
* Context:
AMD added support in their processors for SHA Extensions[1] (CPU flag:
sha_ni[2]) starting with Ryzen[3] CPU. Note that Ryzen CPU come in 64bit
only (Confirmed with AMD representative). Current OpenSSL ver
** Description changed:
[Impact]
* Context:
AMD added support in their processors for SHA Extensions[1] (CPU flag:
sha_ni[2]) starting with Ryzen[3] CPU. Note that Ryzen CPU come in 64bit
only (Confirmed with AMD representative). Current OpenSSL version in
Ryzens still calls SHA
** Also affects: openssl (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: openssl (Ubuntu Yakkety)
Status: New => In Progress
** Changed in: openssl (Ubuntu Yakkety)
Importance: Undecided => Medium
** Changed in: openssl (Ubuntu Yakkety)
Assignee: (unass
** Patch removed: "zesty_openssl_lp1674399.debdiff"
https://bugs.launchpad.net/ubuntu/zesty/+source/openssl/+bug/1674399/+attachment/4868385/+files/zesty_openssl_lp1674399.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
htt
This bug was fixed in the package openssl - 1.0.2g-1ubuntu12
---
openssl (1.0.2g-1ubuntu12) artful; urgency=medium
* crypto/x86*cpuid.pl: move extended feature detection. (LP: #1674399)
This fix moves extended feature detection past basic feature
detection where it belongs.
** Changed in: openssl (Ubuntu Artful)
Status: In Progress => Triaged
** Changed in: openssl (Ubuntu Artful)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bug
zesty_openssl_lp1674399.debdiff
** Patch added: "zesty_openssl_lp1674399.debdiff"
https://bugs.launchpad.net/ubuntu/xenial/+source/openssl/+bug/1674399/+attachment/4868385/+files/zesty_openssl_lp1674399.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, wh
xenial_openssl_lp1674399.debdiff
** Patch added: "xenial_openssl_lp1674399.debdiff"
https://bugs.launchpad.net/ubuntu/xenial/+source/openssl/+bug/1674399/+attachment/4868386/+files/xenial_openssl_lp1674399.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Here's the highligh of the discussion I had in #ubuntu-release with
infinity about my proposal in comment #6.
For SRU, I had a talk with apw and rbasak about this bug a
couples weeks ago LP: #1674399, could you please look at this bug and
based on the Descriptions and comment #6 if this looks elig
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1674399
Title:
OpenSSL CPU detection for AMD Ryzen CPUs
To manage notifications about this bug go to:
https://bugs.launchpad.net/u
Attaching Artful debdiff
** Patch added: "artful_openssl_lp1674399.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1674399/+attachment/4868343/+files/artful_openssl_lp1674399.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
[For SRU Verification team]
Context :
Previous IRC discussion with apw/rbasak about this case :
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1674399/comments/2
AMD released a new CPU called "Ryzen" that now support "Intel SHA
extensions" technology.
In current Ubuntu openssl package sh
** Description changed:
[Impact]
* Context:
AMD added support in their processors for SHA Extensions[1] (CPU flag:
sha_ni[2]) starting with Ryzen[3] CPU. Note that Ryzen CPU come in 64bit
only (Confirmed with AMD representative). Current OpenSSL version in
Ryzens still calls SHA
** Description changed:
[Impact]
* Context:
AMD added support in their processors for SHA Extensions[1] (CPU flag:
sha_ni[2]) starting with Ryzen[3] CPU. Note that Ryzen CPU come in 64bit
only (Confirmed with AMD representative). Current OpenSSL version in
Ryzens still calls SHA
Another test "Openssl speed"
[Without patch]
$ openssl speed sha1
Doing sha1 for 3s on 16 size blocks: 9969152 sha1's in 3.00s
Doing sha1 for 3s on 64 size blocks: 8019164 sha1's in 3.00s
Doing sha1 for 3s on 256 size blocks: 5254219 sha1's in 2.99s
Doing sha1 for 3s on 1024 size blocks: 2217067
So far my test reveal the following :
# Note that the below test has been made on a Ryzen system #
[Without patch]
* Generated a checksum of a big file (e.g. 5GB file) with openssl
$ time /usr/bin/openssl dgst -sha256 /var/tmp/5Gfile
SHA256(/var/tmp/5Gfile)=
8d448d81521cbc1bfdc04dd199d448bd3c
Debian bug :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861145
** Bug watch added: Debian Bug tracker #861145
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861145
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
** Changed in: openssl (Ubuntu Xenial)
Assignee: (unassigned) => Eric Desrochers (slashd)
** Changed in: openssl (Ubuntu Zesty)
Assignee: (unassigned) => Eric Desrochers (slashd)
** Changed in: openssl (Ubuntu Artful)
Assignee: (unassigned) => Eric Desrochers (slashd)
** Changed i
** Description changed:
* Context
AMD added support in their processors for SHA Extensions[1] (CPU flag:
sha_ni[2]) starting with Ryzen[3] CPU. Note that Ryzen CPU come in 64bit
only (Confirmed with AMD representative). Current OpenSSL version in
Ryzens still calls SHA for SSSE3 routi
** Description changed:
* Context
- AMD added support in their processors for SHA Extensions[1] / CPU flag:
- sha_ni[2] starting with Ryzen CPU. Current OpenSSL version in Ryzens
- still calls SHA for SSSE3 routine as result a number of extensions were
- effectively masked on Ryzen and shows
** Description changed:
- AMD added support in their processors for SHA Extensions starting with
- Ryzen CPU. Current OpenSSL version in Ryzens still calls SHA for SSSE3
- routine as result a number of extensions were effectively masked on
- Ryzen and shows no improvement.
+ * Context
- It has
** Also affects: openssl (Ubuntu Zesty)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: openssl (Ubuntu Xenial)
Status: New => Triaged
** Changed in: openssl (Ubuntu Zesty)
Status: New =
** Description changed:
+ AMD added support in their processors for SHA Extensions starting with
+ Ryzen CPU. Current OpenSSL version in Ryzens still calls SHA for SSSE3
+ routine and shows no improvement.
+
It has been brought to my attention that :
"CPUID detection in OpenSSL does not prope
** Changed in: openssl (Ubuntu)
Assignee: Eric Desrochers (slashd) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1674399
Title:
OpenSSL CPU detection for AMD Ryzen CPUs
To mana
Here's some context after a conversation about this bug on channel :
#ubuntu-release
...
[10:01:50] hi SRU, I'm currently working on a case (no LP bug yet)
about an OpenSSL bug on new AMD CPU (Ryzen) released last Feb ... where the SHA
Extension routine is not called on AMD Ryzen cores. My
** Changed in: openssl (Ubuntu)
Importance: Low => Medium
** Changed in: openssl (Ubuntu)
Status: New => Triaged
** Changed in: openssl (Ubuntu)
Milestone: None => ubuntu-16.04.2
** Changed in: openssl (Ubuntu)
Assignee: (unassigned) => Eric Desrochers (slashd)
--
You receiv
* Repository : https://github.com/openssl/openssl.git
* Commits :
1aed5e1 crypto/x86*cpuid.pl: move extended feature detection.
f8418d8 crypto/x86_64cpuid.pl: move extended feature detection upwards.
- Eric
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
57 matches
Mail list logo
