On Sun, Jul 10, 2011 at 9:19 PM, Coda Highland <[email protected]> wrote:
>> <--snip-->
>
> Following up on this:
>
> I received a reply directing me to try
> http://carnivore.it/2011/04/23/openssl_-_af_alg, so I did. It was
> straightforward to install and test, but unfortunately the results
> are the same, except it doesn't segfault; I just get the error
> message:
>
> <--snip-->
> SSL_accept:SSLv3 read client key exchange A
> SSL3 alert write:fatal:bad record mac
> SSL_accept:error in SSLv3 read certificate verify A
> ERROR
> 1074403296:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption
> failed or bad record mac:s3_pkt.c:478:
> shutting down SSL
> CONNECTION CLOSED
>
> This at least narrows it down (it seems unlikely that both
> cryptodev-linux and af_alg have the same bug) but I'm still not sure
> where to start debugging. Perhaps I should be focusing on the kernel
> code for the hardware? Advice would be appreciated.
>
> /s/ Adam
>
Following up on THIS: Success!
Markus, the developer for af_alg, suggested that I remove SHA-1
offloading by removing this line from e_af_alg.c:
!ENGINE_set_digests (e, af_alg_digests))
I wasn't expecting this to work because building OpenSSL without
-DUSE_CRYPTODEV_HASHES didn't solve anything, but to my pleasant
surprise SSL is up and running now with hardware acceleration.
So many thanks to Markus and I hope my findings prove useful for
someone else in the future.
Thanks again!
/s/ Adam
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
