[openssl-users] Multiple client connection to Nginx server

Filipe Fernandes filipe.mfgfernandes at gmail.com
Thu Dec 13 08:41:15 UTC 2018


Hi,

Socket file descriptor is unique during the entire connection time. You
could save the data using the fd as key to a hashtable entry.

Regards

Na(o) quinta, 13 de dez de 2018, 05:16, ASHIQUE CK <ckashiquekvk at gmail.com>
escreveu:

> 4. f-stack nginx server 1.11.10
>
> On Thu, Dec 13, 2018 at 9:00 AM ASHIQUE CK <ckashiquekvk at gmail.com> wrote:
>
>> Hi,
>> 1. The engine that we wrote is by the reference of qat, is just an
>> interface which receives the openssl parameters of AES and RSA and offload
>> them to an FPGA hardware accelerator.
>> 2.
>> 3. Openssl 1.1.0 h
>> 4. Uses f-stack nginx 1.10.1
>> 5. We ran nginx server which have a 1 Gb file in its root directory. Then
>> connected 3 clients to this server. These clients waits after handshake is
>> done. After I run 3rd client, I gave a Get request through 1 st client to
>> download that 1 gb file. But it showed error message, "decryption failed or
>> bad record mac". When I debugged using gdb, I understood that Tag
>> verification is getting failed. But the matter is, I am storing the Key and
>> IV at the time of handshake itself, to a buffer in my engine. When an
>> SSLRead or SSLWrite occur, I will copy the saved Key and Iv to fill the
>> respective descriptors.
>>       But, in this case what happens is, if there is 3rd client handshake
>> occurred, its key and iv stored in a buffer. And when I give a Sslwrite in
>> the 1st client, it used the last saved key and iv, but it is actually key
>> and iv of 3 rd client. But I can download the file if I give get request
>> through the last handshaked client.
>>      So what I can do is, save the key and iv of different clients in
>> different buffers. If the SSLread/write from any client comes, then just
>> offload the key and iv from the respective buffer. But for that, i need a
>> unique id for each client, which must be the same for a client in the
>> entire connection.
>>     How can i get the unique id. Beyond the parameters *in, *out, inl (in
>> the case of plaintext/ cipher text offloading) and *ptr, *type, *arg (in
>> the case of header/aad offload) only what I have is ctx. With this ctx, can
>> i get a unique id or is there any way to solve this problem.
>> 6. Didn't tried with Apache server.
>>
>> Thanks
>>
>> On Thu 13 Dec, 2018, 1:30 AM Michael Richardson <mcr at sandelman.ca wrote:
>>
>>>
>>> ASHIQUE CK <ckashiquekvk at gmail.com> wrote:
>>> > We are using a Crypto Accelerator Engine to offload AESGCM and RSA
>>> > parameters. Trying to connect multiple clients simultaneously with a
>>> > single Nginx server, which is using this accelerator. The Key and IV
>>>
>>> You probably need to tell us:
>>>
>>> 1) which engine?  did you write this engine?
>>> 2) whose driver?
>>> 3) what version of openssl?
>>> 4) what version of nginx?
>>> 5) how did you observe the problem you described?
>>> 6) is it different for, for instance, apache?  or some other server
>>> software?
>>>
>>> > is passing only at handshake, and after handshake this set of key and
>>> > IV is using for all encryption and decryption. So at Engine side, we
>>> > are storing this Key and IV to a buffer and while
>>> > encrypting/decrypting , this Key and IV is used from this buffer. But,
>>> > while multiple client connects, the last saved Key/IV is getting for
>>> > all clients.
>>> > So, is there any way to get a unique ID foer each client connection ?
>>> >
>>> --
>>> openssl-users mailing list
>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>>
>> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181213/6fceeaf3/attachment.html>


More information about the openssl-users mailing list