[openssl-users] af_alg engine: digests work but ciphers do not?
Barbe, Charles
Charles.Barbe at allworx.com
Tue Apr 21 13:00:19 UTC 2015
I've spent the last few days configuring the cryptodev engine on my platform and I am also seeing the same behavior with that engine as I did with af_alg. It seems like OpenSSL does not even attempt to use the engine for ciphers. My next step is to start plowing through the openssl code to figure out how control is supposed to get passed to an engine - I believe this happens in evp_enc.c.
Something tells me I'm just missing something fundamental here... like a configuration option on build or maybe something I missed in openssl.conf.
Does anybody have any expertise in this?
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY | 14604
Charles.Barbe at allworx.com | 585.421.5565
________________________________________
From: openssl-users [openssl-users-bounces at openssl.org] on behalf of Barbe, Charles [Charles.Barbe at allworx.com]
Sent: Wednesday, April 15, 2015 5:43 PM
To: openssl-users at openssl.org
Subject: [openssl-users] af_alg engine: digests work but ciphers do not?
I'm wondering if anybody has any experience with the af_alg engine located here:
http://src.carnivore.it/users/common/af_alg/about/
I am able to compile the engine and can run commands such as:
openssl speed md5 -engine af_alg
and I see that openssl has loaded the engine as indicated by this line in the output:
engine "af_alg" set
and can enable dmesg logging on the linux driver for my particular hardware and see that the driver is being used as expected.
However, if I try to do a cipher instead of a digest, my driver is not used. For example, when I run:
openssl speed aes-256-cbc -engine af_alg
I see the engine get loaded but my dmesg logging indicates that the kernel driver was not used. And i get the same results for any of my supported ciphers.
I have followed all the instructions in the URL located above including modifying my openssl.conf to include the proper configuration of the supported ciphers for my hardware but to no avail. Here is what the top of my openssl.conf looks like:
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
openssl_conf = openssl_def
[openssl_def]
engines = openssl_engines
[openssl_engines]
af_alg = af_alg_engine
[af_alg_engine]
default_algorithms = ALL
CIPHERS=aes-128-cbc aes-192-cbc aes-256-cbc des-cbc des-ede3-cbc
DIGESTS=md4 md5 sha1 sha224 sha256 sha512
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
For reference, I am running the following:
linux kernel v 3.19
openssl v 1.0.1m
running on a TI am3352
Any help on why digests seem to be working with the af_alg engine but ciphers do not would be much appreciated.
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY | 14604
Charles.Barbe at allworx.com | 585.421.5565
----------------------------------------------------------------------
This email message and any attachments are for the sole use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list