Unfortunately COP_FLAG_* don't seem to be defined on BSD's cryptodev. I also haven't yet been able to find a way to copy the underlying session. I'll keep working on that.
Thanks for the response. On Mon, Oct 1, 2012 at 11:00 AM, Stephen Henson via RT <[email protected]>wrote: > > [[email protected] - Wed Sep 26 20:08:24 2012]: > > > > eng_cryptodev.c appears to be exhibit bad behavior when hashing large > files. > > The problem is that unless EVP_MD_CTX_FLAG_ONESHOT is set on the message > > digest context, the engine will continue to suck all the data into memory > > (the mac_data field) eventually exhausting > > the memory of the host machine. If that flag is set, then state doesn't > > carry over from operation to operation. > > > > I could be wrong, but it seems to be the correct way to call crypto dev > is > > to > > set the COP_FLAG_UPDATE flag during digest update, and set the > > COP_FLAG_FINAL > > flag when you're ready to read the digest. > > > > Are those flags universally supported? If not then OpenSSL would need to > detect if they were present and not attempt to use them otherwise. > > Is there a way to clone/copy a digest context? Various parts of OpenSSL > need to be able to copy a digest context so the copy is independent > after the call. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > >Unfortunately COP_FLAG_* don't seem to be defined on BSD's cryptodev.
I also haven't yet been able to find a way to copy the underlying session. I'll keep working on that.
Thanks for the response.
On Mon, Oct 1, 2012 at 11:00 AM, Stephen Henson via RT <[email protected]> wrote:
> [[email protected] - Wed Sep 26 20:08:24 2012]:
>Are those flags universally supported? If not then OpenSSL would need to
> eng_cryptodev.c appears to be exhibit bad behavior when hashing large
files.
> The problem is that unless EVP_MD_CTX_FLAG_ONESHOT is set on the message
> digest context, the engine will continue to suck all the data into memory
> (the mac_data field) eventually exhausting
> the memory of the host machine. If that flag is set, then state doesn't
> carry over from operation to operation.
>
> I could be wrong, but it seems to be the correct way to call crypto dev is
> to
> set the COP_FLAG_UPDATE flag during digest update, and set the
> COP_FLAG_FINAL
> flag when you're ready to read the digest.
>
detect if they were present and not attempt to use them otherwise.
Is there a way to clone/copy a digest context? Various parts of OpenSSL
need to be able to copy a digest context so the copy is independent
after the call.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
