On Sun, Jul 10, 2011 at 9:19 PM, Coda Highland <chighl...@gmail.com> wrote: >> <--snip--> > > Following up on this: > > I received a reply directing me to try > http://carnivore.it/2011/04/23/openssl_-_af_alg, so I did. It was > straightforward to install and test, but unfortunately the results > are the same, except it doesn't segfault; I just get the error > message: > > <--snip--> > SSL_accept:SSLv3 read client key exchange A > SSL3 alert write:fatal:bad record mac > SSL_accept:error in SSLv3 read certificate verify A > ERROR > 1074403296:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption > failed or bad record mac:s3_pkt.c:478: > shutting down SSL > CONNECTION CLOSED > > This at least narrows it down (it seems unlikely that both > cryptodev-linux and af_alg have the same bug) but I'm still not sure > where to start debugging. Perhaps I should be focusing on the kernel > code for the hardware? Advice would be appreciated. > > /s/ Adam >
Following up on THIS: Success! Markus, the developer for af_alg, suggested that I remove SHA-1 offloading by removing this line from e_af_alg.c: !ENGINE_set_digests (e, af_alg_digests)) I wasn't expecting this to work because building OpenSSL without -DUSE_CRYPTODEV_HASHES didn't solve anything, but to my pleasant surprise SSL is up and running now with hardware acceleration. So many thanks to Markus and I hope my findings prove useful for someone else in the future. Thanks again! /s/ Adam ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org