<div dir="auto">Hi,<div dir="auto"><br></div><div dir="auto">Socket file descriptor is unique during the entire connection time. You could save the data using the fd as key to a hashtable entry.</div><div dir="auto"><br></div><div dir="auto">Regards </div></div><br><div class="gmail_quote"><div dir="ltr">Na(o) quinta, 13 de dez de 2018, 05:16, ASHIQUE CK <<a href="mailto:ckashiquekvk@gmail.com">ckashiquekvk@gmail.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">4. f-stack nginx server 1.11.10</div><br><div class="gmail_quote"><div dir="ltr">On Thu, Dec 13, 2018 at 9:00 AM ASHIQUE CK <<a href="mailto:ckashiquekvk@gmail.com" target="_blank" rel="noreferrer">ckashiquekvk@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Hi,<div dir="auto">1. The engine that we wrote is by the reference of qat, is just an interface which receives the openssl parameters of AES and RSA and offload them to an FPGA hardware accelerator. </div><div dir="auto">2. </div><div dir="auto">3. Openssl 1.1.0 h</div><div dir="auto">4. Uses f-stack nginx 1.10.1</div><div dir="auto">5. We ran nginx server which have a 1 Gb file in its root directory. Then connected 3 clients to this server. These clients waits after handshake is done. After I run 3rd client, I gave a Get request through 1 st client to download that 1 gb file. But it showed error message, "decryption failed or bad record mac". When I debugged using gdb, I understood that Tag verification is getting failed. But the matter is, I am storing the Key and IV at the time of handshake itself, to a buffer in my engine. When an SSLRead or SSLWrite occur, I will copy the saved Key and Iv to fill the respective descriptors. </div><div dir="auto"> But, in this case what happens is, if there is 3rd client handshake occurred, its key and iv stored in a buffer. And when I give a Sslwrite in the 1st client, it used the last saved key and iv, but it is actually key and iv of 3 rd client. But I can download the file if I give get request through the last handshaked client. </div><div dir="auto"> So what I can do is, save the key and iv of different clients in different buffers. If the SSLread/write from any client comes, then just offload the key and iv from the respective buffer. But for that, i need a unique id for each client, which must be the same for a client in the entire connection. </div><div dir="auto"> How can i get the unique id. Beyond the parameters *in, *out, inl (in the case of plaintext/ cipher text offloading) and *ptr, *type, *arg (in the case of header/aad offload) only what I have is ctx. With this ctx, can i get a unique id or is there any way to solve this problem. </div><div dir="auto">6. Didn't tried with Apache server.</div><div dir="auto"><br></div><div dir="auto">Thanks</div></div><br><div class="gmail_quote"><div dir="ltr">On Thu 13 Dec, 2018, 1:30 AM Michael Richardson <<a href="mailto:mcr@sandelman.ca" target="_blank" rel="noreferrer">mcr@sandelman.ca</a> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
ASHIQUE CK <<a href="mailto:ckashiquekvk@gmail.com" rel="noreferrer noreferrer" target="_blank">ckashiquekvk@gmail.com</a>> wrote:<br>
> We are using a Crypto Accelerator Engine to offload AESGCM and RSA<br>
> parameters. Trying to connect multiple clients simultaneously with a<br>
> single Nginx server, which is using this accelerator. The Key and IV<br>
<br>
You probably need to tell us:<br>
<br>
1) which engine? did you write this engine?<br>
2) whose driver?<br>
3) what version of openssl?<br>
4) what version of nginx?<br>
5) how did you observe the problem you described?<br>
6) is it different for, for instance, apache? or some other server software?<br>
<br>
> is passing only at handshake, and after handshake this set of key and<br>
> IV is using for all encryption and decryption. So at Engine side, we<br>
> are storing this Key and IV to a buffer and while<br>
> encrypting/decrypting , this Key and IV is used from this buffer. But,<br>
> while multiple client connects, the last saved Key/IV is getting for<br>
> all clients.<br>
> So, is there any way to get a unique ID foer each client connection ?<br>
><br>
-- <br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer noreferrer noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
</blockquote></div>
</blockquote></div>
-- <br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
</blockquote></div>