By the way, even without USE_CRYPTODEV_DIGESTS and the cryptodev module
loaded, I see corruptions.
I am also seeing packet corruption 3 out of 6 times using an scp of
libssl.so (with cryptodev.ko loaded, without cryptodev no issues):
libcrypto.so.1.0.0
0%libcrypto.so.1.0.0
100% 1396KB 1.4MB/s 00:00
libssl.so.1.0.0
0%libssl.so.1.0.0
100% 301KB 301.5KB/s 00:00
root@joelboxx's password:
libcrypto.so.1.0.0
0% 0 0.0KB/s --:-- ETACorrupted MAC on input.
Disconnecting: Packet corrupt
lost connection
root@joelboxx's password:
libcrypto.so.1.0.0
0% 0 0.0KB/s --:-- ETACorrupted MAC on input.
Disconnecting: Packet corrupt
lost connection
root@joelboxx's password:
libcrypto.so.1.0.0
0%libcrypto.so.1.0.0
100% 1396KB 1.4MB/s 00:01
libssl.so.1.0.0
0%libssl.so.1.0.0
100% 301KB 301.5KB/s 00:00
Thanks,
-Joel
On 06/24/2014 08:29 AM, Joel Fernandes wrote:
> Hi Mircea,
>
> Thanks for your reply.
>
> That has the effect of disabling all MD though right?
>
> That's one way to fix it :) But I think we want to keep MD turned on for
> our purposes to reduce CPU usage.
>
> Any idea if you were seeing any other issues like me with MD offloading
> as well?
>
> Regards,
> Joel Fernandes
>
> On 06/24/2014 02:33 AM, [email protected] wrote:
>> Hi Joel,
>>
>> We had a performance issue when running openssl with cryptodev, and we found
>> that the root cause is how the openssl is using message digest offloading.
>> OpenSSL is build to use MD to generate random numbers when cryptodev eng is
>> present in the system.
>> The OpenSSL RAND function is creating a storm of MD request, that (in our
>> case) had impacted our performance.
>>
>> What we have done - we had compiled openssl with symmetric ciphering
>> offloading support, removing message digest offloading.
>> CFLAG += "-DHAVE_CRYPTODEV"
>> remove -DUSE_CRYPTODEV_DIGESTS
>>
>> Regards,
>> Mircea
>>
>>
>>
>> -----Original Message-----
>> From: Cryptodev-linux-devel [mailto:[email protected]]
>> On Behalf Of Joel Fernandes
>> Sent: Tuesday, June 24, 2014 6:14 AM
>> To: [email protected]
>> Cc: Prabhu, Rahul; Rao, Dipa
>> Subject: [Cryptodev-linux-devel] Break down of https with cryptodev loaded
>>
>> Hi,
>> I'm not able to even download a file from https with cryptodev loaded.
>>
>> I'm using OpenSSL 1.0.1g with cryptodev-linux v1.6 loaded, when I run the
>> following:
>> wget
>> https://dl.google.com/linux/direct/google-chrome-stable_current_i386.deb
>> --secure-protocol=TLSv1 --no-check-certificate
>>
>> I see something like this..
>> OpenSSL: error:0606C06E:digital envelope routines:EVP_VerifyFinal:wrong
>> public key type
>> OpenSSL: error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature
>> Unable to establish SSL connection.
>>
>> Without cryptodev loaded, everything works fine and the download completes.
>> Any idea what may be going on? It appears that there are a lot of
>> cryptodev_hash functions being called before the error.
>>
>> Appreciate it if someone with more experience on cryptodev can provide any
>> useful debug tips or try to reproduce the issue and provide any fixes. I am
>> trying to look into it too.
>>
>> Thanks,
>> Joel Fernandes
>>
>> _______________________________________________
>> Cryptodev-linux-devel mailing list
>> [email protected]
>> https://mail.gna.org/listinfo/cryptodev-linux-devel
>>
>
_______________________________________________
Cryptodev-linux-devel mailing list
[email protected]
https://mail.gna.org/listinfo/cryptodev-linux-devel
