Date: Thu, 08 Apr 2004 10:43:39 -0400 From: Mike Tancsa <mike@sentex.net> To: "Poul-Henning Kamp" <phk@phk.freebsd.dk> Cc: security@freebsd.org Subject: Re: recommended SSL-friendly crypto accelerator Message-ID: <6.0.3.0.0.20040408103201.0949ba98@209.112.4.2> In-Reply-To: <26215.1081434517@critter.freebsd.dk> References: <Your message of "Thu, 08 Apr 2004 10:25:59 EDT." <6.0.3.0.0.20040408102521.0948ea58@209.112.4.2> <26215.1081434517@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:28 AM 08/04/2004, Poul-Henning Kamp wrote: >It is not clear to me exactly what is broken. I have seen problems >reported but as far as I know they were all IPSEC related, and I >have not seen a trace of trouble in my use with GBDE. >I'm not saying that the driver is _not_ broken, but it is certainly >not known to me to be broken for the use Michael asked about. Actually, I have found it to wedge when using it in conjunction with openssl. Here again are the steps to reproduce the bug. The same can be done in OpenBSD BTW. I tried it with 3 different 1401 cards. * Login with an non accelerated ssh session (e.g. blowfish as the cipher) * Make a file called big. dd if=/dev/urandom of=big bs=1024k count=768 * In another session, login with using 3des (ie. one that will get offloaded to the Hifn card * In the blowfish session, start an encryption process, pipe it through ssh to dump to another machine e.g /usr/bin/openssl enc -des3 -in big -k passphrase | ssh -c 3des mdtancsa@192.168.43.26 "cat - > /home/mdtancsa/targetfile.enc" At random periods, the process will get "stuck" * In the 3des session, just hit the enter key. The ssl | ssh commands will become "unstuck." Basically, you just need to do something else that touches the crypto card. e.g. If you are on the console, head /dev/urandom | openssl 3des -out /dev/null -k pass will do the trick. When I had the releng5/CURRENT box up it would hang the same way as RELENG4 releng5-test# ps -p 647 -auxjwwww USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND PPID PGID JOBC mdtancsa 647 0.0 0.4 2668 2008 p1 I+ 2:27PM 0:05.17 /usr/bin/openssl 635 647 2 releng5-test# releng5-test# ps -p 648 -auwwww USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND mdtancsa 648 0.0 0.5 3328 2756 p1 D+ 2:27PM 0:12.03 ssh -c 3des mdtancsa@192.168.43.26 cat - > /home/mdtancsa/targetfile.enc releng5-test# PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 648 mdtancsa 8 0 3328K 2756K crydev 0:12 0.00% 0.00% ssh 647 mdtancsa -8 0 2668K 2008K pipdwt 0:05 0.00% 0.00% openssl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.3.0.0.20040408103201.0949ba98>