Hi all,
I'm using openssl 1.0.1e and OpenVPN 2.3.2
I'm using the cryptodev-linux/extras/eng_cryptodev.c with openssl
The cryptodev with "openssl speed" works, i see the crypto HW
interrupts in /proc/interrupts increasing while running it, and there
is a huge difference in speed with/without the cryptodev module.
I startup a client openvpn --cipher AES-256-CBC, and it connects fine,
i can ping fine. I can change the ping data size, and all is OK. But
doing a large transfer with iperf openvpn will fail, and the server side
will start generating errors like:
Mon Dec 2 14:56:26 2013 us=282785 test1/10.64.1.3:64764 PID_ERR large
diff [1693821396] [SSL-0]
[EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE]
0:1693821542 0:146 t=1385996186[0] r=[-2,64,15,1693821517,1]
sl=[0,64,64,272]
Mon Dec 2 14:56:26 2013 us=282785 test1/10.64.1.3:64764
Authenticate/Decrypt packet error: bad packet ID (may be a replay): [
#146 ] -- see the man page entry for --no-replay and --replay-window for
more info or silence this warning with --mute-replay-warnings
I bump the --replay-window to 640 ( 10x bigger than default) and it
still fails.
The issue looks similar to:
https://mail.gna.org/public/cryptodev-linux-devel/2010-07/msg00003.html
so on openvpn I started it up with " --auth none " to disable HMAC
and the issues still appears.
Is it possible a large amount of packets are being discarded somewhere
or lost?
If i remove the cryptodev kernel modules openvpn works fine, but quite
slow doing SW only crypto.
Openssl speed output also showing compiler flags.
# openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 78786 aes-256-cbc's in 0.11s
Doing aes-256-cbc for 3s on 64 size blocks: 41087 aes-256-cbc's in 0.12s
Doing aes-256-cbc for 3s on 256 size blocks: 37191 aes-256-cbc's in 0.10s
Doing aes-256-cbc for 3s on 1024 size blocks: 26853 aes-256-cbc's in 0.06s
Doing aes-256-cbc for 3s on 8192 size blocks: 7119 aes-256-cbc's in 0.03s
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Dec 2 11:58:00 CET 2013
options:bn(64,32) rc4(ptr,int) des(idx,risc1,2,long) aes(partial)
idea(int) blowfish(idx)
compiler: arm-poky-linux-gnueabi-gcc -march=armv7-a -marm
-mthumb-interwork -mfloat-abi=hard -mtune=cortex-a9
--sysroot=/home/karl/Work/yocto/poky-dylan-9.0.2/build_ek/tmp/sysroots/ek -fPIC
-DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types
-Wall -Wa,--noexecstack -DHAVE_CRYPTODEV
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 11459.78k 21913.07k 95208.96k 458291.20k
1943961.60k
The crypto HW driver I'm using is:
https://github.com/linux4sam/linux-at91/blob/linux-3.6.9-at91/drivers/crypto/atmel-aes.c
output of examples/aes.
Got cbc(aes) with driver atmel-cbc-aes
Note: This is not an accelerated cipher
Got cbc(aes) with driver atmel-cbc-aes
Note: This is not an accelerated cipher
AES Test passed
output of examples/sha
Got sha1 with driver atmel-sha1
Note: This is not an accelerated cipher
digest: 2f:d4:e1:c6:7a:2d:28:fc:ed:84:9e:e1:bb:76:e7:39:1b:93:eb:12:
Does anyone know if any workarounds, things i should check, or debug
suggestions?
Thanks
Karl.
_______________________________________________
Cryptodev-linux-devel mailing list
Cryptodev-linux-devel@gna.org
https://mail.gna.org/listinfo/cryptodev-linux-devel
