Comment 1 Bernard Spil 2015-09-14 08:20:07 UTC

Hi Dewayne,

Kan you throw this patch in security/ports/patch-configure and rebuild?

--- configure.orig      2015-08-29 04:28:57 UTC
+++ configure
@@ -13209,7 +13209,7 @@ fi


 # Conditionally enable assembly by default
- if test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"; then
+ if test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "amd64" -a "x$enable_asm" != "xno"; then
   HOST_ASM_ELF_X86_64_TRUE=
   HOST_ASM_ELF_X86_64_FALSE='#'
 else


This fixes it for me. FreeBSD uses amd64 as CPU not x86_64 like other platforms. Upstream will include a fix for this in next releases.

Comment 2 Bernard Spil 2015-09-14 08:27:11 UTC

After using the patch

build# /usr/local/bin/openssl version
LibreSSL 2.2.3
build# /usr/local/bin/openssl speed -evp AES128
Doing aes-128-cbc for 3s on 16 size blocks: 121606329 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 34361962 aes-128-cbc's in 3.02s
Doing aes-128-cbc for 3s on 256 size blocks: 8715281 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2200406 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 271890 aes-128-cbc's in 3.00s
LibreSSL 2.2.3
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: information not available
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc     648567.09k   729256.98k   743703.98k   751071.91k   742440.96k
build# /usr/local/bin/openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 15068733 aes-128 cbc's in 3.03s
Doing aes-128 cbc for 3s on 64 size blocks: 4228095 aes-128 cbc's in 3.01s
Doing aes-128 cbc for 3s on 256 size blocks: 1077888 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 269797 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 33828 aes-128 cbc's in 3.00s
LibreSSL 2.2.3
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: information not available
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      79538.05k    89965.08k    91979.78k    92090.71k    92372.99k

Comment 3 Bernard Spil 2015-09-14 10:55:38 UTC

Simpler patch...

Add this just above regression-test in the Makefile, no need for other patches.
```
.if ${ARCH} == "amd64"
CONFIGURE_TARGET=       x86_64-portbld-${OPSYS:tl}${OSREL}
.endif
```
Expect this to work after the next update of the port.

Comment 4 Vsevolod Stakhov 2015-09-14 12:18:45 UTC

Bernard, I would suggest you to add your patch before the next release (by just bumping PORTREVISION). This is pretty critical performance fix and I would be happy to see it in the port a.s.a.p. (this means that you have my approval for this patch).

Comment 5 commit-hook 2015-09-15 19:23:00 UTC

A commit references this bug:

Author: brnrd
Date: Tue Sep 15 19:22:47 UTC 2015
New revision: 397017
URL: https://svnweb.freebsd.org/changeset/ports/397017

Log:
  security/libressl: Fix AESNI support

  PR:		200894
  Approved by:	vsevolod (maintainer, mentor)

Changes:
  head/security/libressl/Makefile

Comment 6 Bernard Spil 2016-04-13 14:57:54 UTC

Closed, upstream fixed by now.

(In reply to Bernard Spil from comment #6)
Confirmed (a while back), thankyou for following-up.  As FYI, libressl is a little quicker on large encryption runs, which is how we store offsite backups, than openssl.  :)

Alas our 32bit customers that use padlock devices (yes as servers) remain on openssl.