Hi Mircea, Thanks for your reply.
That has the effect of disabling all MD though right? That's one way to fix it :) But I think we want to keep MD turned on for our purposes to reduce CPU usage. Any idea if you were seeing any other issues like me with MD offloading as well? Regards, Joel Fernandes On 06/24/2014 02:33 AM, mircea....@freescale.com wrote: > Hi Joel, > > We had a performance issue when running openssl with cryptodev, and we found > that the root cause is how the openssl is using message digest offloading. > OpenSSL is build to use MD to generate random numbers when cryptodev eng is > present in the system. > The OpenSSL RAND function is creating a storm of MD request, that (in our > case) had impacted our performance. > > What we have done - we had compiled openssl with symmetric ciphering > offloading support, removing message digest offloading. > CFLAG += "-DHAVE_CRYPTODEV" > remove -DUSE_CRYPTODEV_DIGESTS > > Regards, > Mircea > > > > -----Original Message----- > From: Cryptodev-linux-devel [mailto:cryptodev-linux-devel-boun...@gna.org] On > Behalf Of Joel Fernandes > Sent: Tuesday, June 24, 2014 6:14 AM > To: cryptodev-linux-devel@gna.org > Cc: Prabhu, Rahul; Rao, Dipa > Subject: [Cryptodev-linux-devel] Break down of https with cryptodev loaded > > Hi, > I'm not able to even download a file from https with cryptodev loaded. > > I'm using OpenSSL 1.0.1g with cryptodev-linux v1.6 loaded, when I run the > following: > wget > https://dl.google.com/linux/direct/google-chrome-stable_current_i386.deb > --secure-protocol=TLSv1 --no-check-certificate > > I see something like this.. > OpenSSL: error:0606C06E:digital envelope routines:EVP_VerifyFinal:wrong > public key type > OpenSSL: error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature > Unable to establish SSL connection. > > Without cryptodev loaded, everything works fine and the download completes. > Any idea what may be going on? It appears that there are a lot of > cryptodev_hash functions being called before the error. > > Appreciate it if someone with more experience on cryptodev can provide any > useful debug tips or try to reproduce the issue and provide any fixes. I am > trying to look into it too. > > Thanks, > Joel Fernandes > > _______________________________________________ > Cryptodev-linux-devel mailing list > Cryptodev-linux-devel@gna.org > https://mail.gna.org/listinfo/cryptodev-linux-devel > _______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
