On 25/09/2019 18:02, Mark Hack wrote: > This was on 1.0.2 and I just checked 1.1.1, and for libssl I still only > see the call for libcrypto. I can recompile and confirm later in the > day to be 100% certain. The call to OPENSSL_cpuid_setup() in 1.1.1 is inside ossl_init_base in libcrypto. That gets called as soon as OPENSSL_init_crypto() gets called the first time. This should happen automatically as soon as you do almost anything with the libraries (either libssl or libcrypto). If it doesn't get called then nothing would work at all. Looking at the code for 1.0.2 it seems to happen in various different ways: 1) In the "ini" section on various platforms - so it should get invoked automatically when OpenSSL is loaded 2) When OpenSSL_add_all_algorithms() is called. This is part of the usual OpenSSL initialisation that applications are required to do before they use libcrypto. Strictly speaking its not required to use libssl, but I think many applications do this anyway. 3) On Windows as part of the DllMain DLL_PROCESS_ATTACH message. This gets called automatically as soon as OpenSSL is loaded if using dynamic linking 4) As part of a call to ENGINE_load_builtin_engines(). This is called automatically if you call OPENSSL_config() So it looks like, from code examination, you could end up not calling it on some platforms. Since 1.0.2 is nearing EOL and is currently only receiving security fixes this is unlikely to get fixed. My suggested workaround would be to call OpenSSL_add_all_algorithms() in 1.0.2 based applications even if you're only planning to use libssl. Matt > > > > On Wed, 2019-09-25 at 16:26 +0100, Matt Caswell wrote: >> >> On 25/09/2019 15:26, Mark Hack wrote: >>> ssl_algs.c is missing the required call to OPENSSL_cpuid_setup() >>> which >>> means that all the platforms which rely on the CPU ID to be set >>> (everything except Intel/AMD) never use any of the EVP calls and do >>> not >>> hardware accelerate TLS. Yes, the performance tests work but these >>> do >>> not use libssl. >>> >>> Patching ssl_algs.c corrects this and the performance improvement >>> is >>> immediatly noticable. This is the patch applied and tested on PPC. >>> >>> int SSL_library_init(void) >>> { >>> OPENSSL_cpuid_init_setup(); /* Identify the HW platform */ >>> >>> ... >> >> Which version of OpenSSL do you see this in? In 1.1.1 at least I see >> the call to >> OPENSSL_cpuid_setup() in the default initialisation code: >> >> > https://github.com/openssl/openssl/blob/19bd1fa1ef17ff0ac071402cb6b002f1c29e37b9/crypto/init.c#L45-L70 >> >> Matt >> >