[openssl-users] Multiple client connection to Nginx server

ASHIQUE CK ckashiquekvk at gmail.com
Thu Dec 13 05:16:18 UTC 2018

4. f-stack nginx server 1.11.10

On Thu, Dec 13, 2018 at 9:00 AM ASHIQUE CK <ckashiquekvk at gmail.com> wrote:

> Hi,
> 1. The engine that we wrote is by the reference of qat, is just an
> interface which receives the openssl parameters of AES and RSA and offload
> them to an FPGA hardware accelerator.
> 2.
> 3. Openssl 1.1.0 h
> 4. Uses f-stack nginx 1.10.1
> 5. We ran nginx server which have a 1 Gb file in its root directory. Then
> connected 3 clients to this server. These clients waits after handshake is
> done. After I run 3rd client, I gave a Get request through 1 st client to
> download that 1 gb file. But it showed error message, "decryption failed or
> bad record mac". When I debugged using gdb, I understood that Tag
> verification is getting failed. But the matter is, I am storing the Key and
> IV at the time of handshake itself, to a buffer in my engine. When an
> SSLRead or SSLWrite occur, I will copy the saved Key and Iv to fill the
> respective descriptors.
>       But, in this case what happens is, if there is 3rd client handshake
> occurred, its key and iv stored in a buffer. And when I give a Sslwrite in
> the 1st client, it used the last saved key and iv, but it is actually key
> and iv of 3 rd client. But I can download the file if I give get request
> through the last handshaked client.
>      So what I can do is, save the key and iv of different clients in
> different buffers. If the SSLread/write from any client comes, then just
> offload the key and iv from the respective buffer. But for that, i need a
> unique id for each client, which must be the same for a client in the
> entire connection.
>     How can i get the unique id. Beyond the parameters *in, *out, inl (in
> the case of plaintext/ cipher text offloading) and *ptr, *type, *arg (in
> the case of header/aad offload) only what I have is ctx. With this ctx, can
> i get a unique id or is there any way to solve this problem.
> 6. Didn't tried with Apache server.
> Thanks
> On Thu 13 Dec, 2018, 1:30 AM Michael Richardson <mcr at sandelman.ca wrote:
>> ASHIQUE CK <ckashiquekvk at gmail.com> wrote:
>> > We are using a Crypto Accelerator Engine to offload AESGCM and RSA
>> > parameters. Trying to connect multiple clients simultaneously with a
>> > single Nginx server, which is using this accelerator. The Key and IV
>> You probably need to tell us:
>> 1) which engine?  did you write this engine?
>> 2) whose driver?
>> 3) what version of openssl?
>> 4) what version of nginx?
>> 5) how did you observe the problem you described?
>> 6) is it different for, for instance, apache?  or some other server
>> software?
>> > is passing only at handshake, and after handshake this set of key and
>> > IV is using for all encryption and decryption. So at Engine side, we
>> > are storing this Key and IV to a buffer and while
>> > encrypting/decrypting , this Key and IV is used from this buffer. But,
>> > while multiple client connects, the last saved Key/IV is getting for
>> > all clients.
>> > So, is there any way to get a unique ID foer each client connection ?
>> >
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181213/07c52e3d/attachment.html>

More information about the openssl-users mailing list