So, I finally got back to this, sorry for the 2-month delay. I started completely fresh. I built openssl-1.0.1e after patchiing eng_cryptodev.c with the one provided in cryptodev-linux 1.6 in the extras folder. I made sure to have crypto/cryptodev.h in my include path and built with the addition of -DHAVE_CRYPTODEV and -DUSE_CRYPTODEV_DIGESTS. I insmod'ed cryptodev.ko and ran make test inside the openssl project. This time, all the tests passed.
So, I installed the new openssl library as my system openssl and restarted some server processes. Immediately, many of them started having a ton of SSL handshake errors. What is the best way to find out what's happening? I'm not totally sure the tests exercised cryptodev.ko, but I do know for certain the existence of cryptodev.ko in the kernel definitely kills a ton of SSL handshakes with the appropriately built openssl library. Help? -JT On Sat, May 25, 2013 at 12:40 PM, Nikos Mavrogiannopoulos <n...@gnutls.org> wrote: > > On 05/24/2013 06:19 AM, JT Olds wrote: > > >> Hello, > >> It seems that the /dev/crypto device in that system is from an older > >> cryptodev driver. You may want to unload the old module and load the new > >> one. > > This is release 1.6 that I built and deployed. Is there something newer? > > > No. However your loaded module may differ from the one you built. Are > you sure that the /dev/crypto device corresponds to the one you built? > > >>> DEB_CFLAGS_APPEND='-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS > >>> -DHASH_MAX_LEN=64' dpkg-buildpackage -us -uc > >>> cd .. > >>> Notably, the OpenSSL tests pass without /dev/crypto, but when /dev/crypto > >>> exists, the OpenSSL tests fail. Here's the failure: > >> Did you try replacing openssl's eng_cryptodev.c with the included in > >> cryptodev? Does it help with the check and the errors you see? > > No I didn't. I was under the impression from mailing lists and > > otherwise that you hoped to stop maintaining the openssl patch, since > > OpenSSL 1.0.1 and newer had it built in. Should I still be patching > > the latest OpenSSL? I can certainly try that. > > > I was under the impression the latest openssl included quite a decent > eng_cryptodev.c, but as I understand from your mail it doesn't. My > question is whether the included eng_cryptodev.c fixes the make test > issue? If yes I'd suggest that you report that to the openssl developers. > > regards, > Nikos _______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
