Query regarding openssl initialisation of aes-ni.

Tue, 25 Nov 2014 07:18:19 -0800 

Hi All,

I am using the below openssl version:

# openssl version
OpenSSL 1.0.0 29 Mar 2010

I am facing one problem with IPSec Strongswan daemon with openssl.
Strongswan uses openssl
APIs for packet encryption. In my hardwas aes-ni is enabled, this I have
confirmed through /proc/cpuinfo.

IPSec daemon is crashing for accessing NULL pointer. On further debugging
the ctx->cipher is becoming NULL after openssl initializing the ctx. Please
see the below call trace:

#4  0x00007fab0ecf61b7 in EVP_CIPHER_CTX_set_key_length (c=0x7fab05xxxxxx0,
keylen=16) at evp_enc.c:520
No locals.
#5  0x00007fab0f24a4ab in crypt (this=0x2626640, data=..., iv=...,
dst=<value optimized out>, enc=1)
    at /strongswan/src/libstrongswan/plugins/openssl/openssl_crypter.c:137
        len = <value optimized out>
        out = 0x2626a70 "\210\360{\017\253\177"
        ctx = {cipher = 0x0, engine = 0x0, encrypt = 1, buf_len = 0, oiv =
'\000' <repeats 15 times>, iv = '\000' <repeats 15 times>, buf = '\000'
<repeats 31 times>, num = 0, app_data = 0x0,
          key_len = 0, flags = 256, cipher_data = 0x0, final_used = 0,
block_mask = 0, final = '\000' <repeats 31 times>}
#6  0x00007fab0f24a5e4 in encrypt (this=0x7fab05fa38b0, data=..., iv=...,
dst=0x40b2)
    at /strongswan/src/libstrongswan/plugins/openssl/openssl_crypter.c:160
No locals.
#7  0x000000000043dfec in encrypt (this=0x2626740)
    at /strongswan/src/charon/encoding/payloads/encryption_payload.c:366
        iv = {ptr = 0x2626620
"\272\262]*\212\306=\313W\347r\031\234D<\034", len = 16}
        padding = {ptr = 0x2625310 "A\255Z`\037JbK\f\272\226", len = 11}
        to_crypt = {ptr = 0x26268d0 "'", len = 192}
        result = {ptr = 0x2626a70 "\210\360{\017\253\177", len = 192}
        rng = <value optimized out>
        block_size = 16


>From the the below link:

http://rt.openssl.org/Ticket/Display.html?id=2305&user=guest&pass=guest

came to know that problem is with openssl multiple initialisations of
aes-ni.

If I do the change as mentioned in the link, everything works fine.

How can I make sure that my crash is related to the same issue?

Can someone tell me, is there any way to  find which applications are using
openssl and causing the multiple initialisations?

As I am very new to openssl, please do reply to my query and it will be
really helpfull to me if someone clarifies when the loading of ENGINES
happens?

Please let me know the correct group to post this question if in case if I
mailed to wrong group.

Thanks,
Bhargav

Reply via email to