[openssl-users] libsrtp-1.5.3 + openssl-1.0.1j + cryptodev engine

Ganesh Biradar grbesd1 at gmail.com
Mon Feb 15 04:42:46 UTC 2016


Hi Guys,

           I'm trying for hardware encryption for my streaming data for
that i'm using
openssl with libsrtp. Below are the things i have noted.

Our CAAM (Cryptographic Acceleration and Assurance Module) driver does not
support AES-GCM. We are using an iMX6 SOC and it has a hardware accelerator
called CAAM to do encryption/decryption. So, we are stuck with AES-CTR mode
to do hardware encryption with libsrtp. We are using a Gstreamer bad plugin
(srtpenc) which relies on libsrtp to do real time encryption of live RTP
video packets.

I modified the encrypt function in aes_icm_openssl.c(libsrtp-1.5.3) to give
a different buffer for input and output.

In the original code, the encryption was done in place. This change was
done because of a segmentation fault thrown from the EVP_EncryptUpdate()
call.

I debugged this and couldn't find anything strange in the cryptodev as well
as openssl code (buffer overflows, memory leaks or out of bound array
access) except for the in place computation.

So, I declared a global buffer for 1 KB (out_buf) and gave this as the
output argument to EVP_EncryptUpdate() and now, the encryption and
decryption succeeded, except that the input had to be padded to a multiple
of 16 so that the decryption could succeed, later. This was a
workaround/hack I did to get basic hardware encryption with AES-CTR,
working.

The 1 KB size was arbitrary and chosen to make the srtp driver tests work.
To encrypt video, I had to increase the buffer size and so, I chose a
maximum size of 1 MB (I didn't want to allocate dynamic memory to keep
things simple) to hold the video packets.

Please note that encryption/decryption works fine without crypto engine
support. i.e. if we pass NULL as the 3rd argument to EVP_EncryptInit_ex(),
there's no need for a separate input/output buffer, and encryption and
decryption work fine with large buffers too (video can be
encrypted/decrypted).

Coming to hardware encryption, i have increase the size of buffer to 1MB,
streaming works fine but for maximum of 10 seconds, i have decrease the
size of buffer at different size. After 10 seconds, the streaming
application closes and it throws segmentation fault.

Can anyone tell me how do i solve this problem and my encryption of
streaming video should be continuous.


Ganesh Biradar,
e-mail - id : grbesd1 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160215/d1baa3a5/attachment.html>


More information about the openssl-users mailing list