Date: Thu, 08 Apr 2004 10:43:39 -0400 From: Mike Tancsa <mike@sentex.net> To: "Poul-Henning Kamp" <phk@phk.freebsd.dk> Cc: security@freebsd.org Subject: Re: recommended SSL-friendly crypto accelerator Message-ID: <6.0.3.0.0.20040408103201.0949ba98@209.112.4.2> In-Reply-To: <26215.1081434517@critter.freebsd.dk> References: <Your message of "Thu, 08 Apr 2004 10:25:59 EDT." <6.0.3.0.0.20040408102521.0948ea58@209.112.4.2> <26215.1081434517@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:28 AM 08/04/2004, Poul-Henning Kamp wrote:
>It is not clear to me exactly what is broken. I have seen problems
>reported but as far as I know they were all IPSEC related, and I
>have not seen a trace of trouble in my use with GBDE.
>I'm not saying that the driver is _not_ broken, but it is certainly
>not known to me to be broken for the use Michael asked about.
Actually, I have found it to wedge when using it in conjunction with
openssl. Here again are the steps to reproduce the bug. The same can be
done in OpenBSD BTW. I tried it with 3 different 1401 cards.
* Login with an non accelerated ssh session (e.g. blowfish as the
cipher)
* Make a file called big. dd if=/dev/urandom of=big bs=1024k
count=768
* In another session, login with using 3des (ie. one that will
get offloaded to the Hifn card
* In the blowfish session, start an encryption process, pipe it
through ssh to dump
to another machine e.g
/usr/bin/openssl enc -des3 -in big -k passphrase | ssh -c 3des
mdtancsa@192.168.43.26 "cat - > /home/mdtancsa/targetfile.enc"
At random periods, the process will get "stuck"
* In the 3des session, just hit the enter key. The ssl | ssh
commands will become
"unstuck." Basically, you just need to do something else that
touches the crypto card. e.g.
If you are on the console,
head /dev/urandom | openssl 3des -out /dev/null -k pass
will do the trick.
When I had the releng5/CURRENT box up it would hang the same way as RELENG4
releng5-test# ps -p 647 -auxjwwww
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME
COMMAND PPID PGID JOBC
mdtancsa 647 0.0 0.4 2668 2008 p1 I+ 2:27PM 0:05.17
/usr/bin/openssl 635 647 2
releng5-test#
releng5-test# ps -p 648 -auwwww
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
mdtancsa 648 0.0 0.5 3328 2756 p1 D+ 2:27PM 0:12.03 ssh -c 3des
mdtancsa@192.168.43.26 cat - > /home/mdtancsa/targetfile.enc
releng5-test#
PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND
648 mdtancsa 8 0 3328K 2756K crydev 0:12 0.00% 0.00% ssh
647 mdtancsa -8 0 2668K 2008K pipdwt 0:05 0.00% 0.00% openssl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.3.0.0.20040408103201.0949ba98>