Just for a bit more background, this is on a Marvell Kirkwood device. On Fri, Jul 26, 2013 at 6:18 PM, JT Olds <he...@jtolds.com> wrote: > So, I finally got back to this, sorry for the 2-month delay. > > I started completely fresh. I built openssl-1.0.1e after patchiing > eng_cryptodev.c with the one provided in cryptodev-linux 1.6 in the > extras folder. I made sure to have crypto/cryptodev.h in my include > path and built with the addition of -DHAVE_CRYPTODEV and > -DUSE_CRYPTODEV_DIGESTS. I insmod'ed cryptodev.ko and ran make test > inside the openssl project. This time, all the tests passed. > > So, I installed the new openssl library as my system openssl and > restarted some server processes. Immediately, many of them started > having a ton of SSL handshake errors. > > What is the best way to find out what's happening? I'm not totally > sure the tests exercised cryptodev.ko, but I do know for certain the > existence of cryptodev.ko in the kernel definitely kills a ton of SSL > handshakes with the appropriately built openssl library. > > Help? > -JT > > On Sat, May 25, 2013 at 12:40 PM, Nikos Mavrogiannopoulos > <n...@gnutls.org> wrote: >> >> On 05/24/2013 06:19 AM, JT Olds wrote: >> >> >> Hello, >> >> It seems that the /dev/crypto device in that system is from an older >> >> cryptodev driver. You may want to unload the old module and load the new >> >> one. >> > This is release 1.6 that I built and deployed. Is there something newer? >> >> >> No. However your loaded module may differ from the one you built. Are >> you sure that the /dev/crypto device corresponds to the one you built? >> >> >>> DEB_CFLAGS_APPEND='-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS >> >>> -DHASH_MAX_LEN=64' dpkg-buildpackage -us -uc >> >>> cd .. >> >>> Notably, the OpenSSL tests pass without /dev/crypto, but when /dev/crypto >> >>> exists, the OpenSSL tests fail. Here's the failure: >> >> Did you try replacing openssl's eng_cryptodev.c with the included in >> >> cryptodev? Does it help with the check and the errors you see? >> > No I didn't. I was under the impression from mailing lists and >> > otherwise that you hoped to stop maintaining the openssl patch, since >> > OpenSSL 1.0.1 and newer had it built in. Should I still be patching >> > the latest OpenSSL? I can certainly try that. >> >> >> I was under the impression the latest openssl included quite a decent >> eng_cryptodev.c, but as I understand from your mail it doesn't. My >> question is whether the included eng_cryptodev.c fixes the make test >> issue? If yes I'd suggest that you report that to the openssl developers. >> >> regards, >> Nikos
_______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
