Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Aug 2013 20:07:37 +0200
From:      Ollivier Robert <roberto@keltia.freenix.fr>
To:        dinoex@freebsd.org, freebsd-security@freebsd.org, freebsd-ports@freebsd.org
Subject:   Re: security/openssl speed issues
Message-ID:  <20130827180736.GC25401@lonrach.local>
In-Reply-To: <20130827161454.GL29777@funkthat.com>
References:  <20130827153205.GA48196@roberto02-aw.eurocontrol.fr> <20130827161454.GL29777@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
According to John-Mark Gurney:
> I discovered a similar issue on HEAD w/ 1.0.1e where openssl speed -engine
> aes-256-cbc when ktraced would not issue any ioctl's during the speed
> test... You can see that it opens the device, but then it gets a number
> of failures:
>  11466 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd590)
>  11466 openssl  RET   ioctl -1 errno 22 Invalid argument

That is not the main problem, openssl is asking which ciphers are supported and not everything is through cryptodev.  The issue is that it should issue other ioctl for the supported ciphers and my 1.0.1c does not do that.  I've obtained a "ktrace.out" of a working version:

------
23961 openssl  CALL  open(0x800c6874f,0x2<O_RDWR>,<unused>0)
23961 openssl  NAMI  "/dev/crypto"
23961 openssl  RET   open 3
23961 openssl  CALL  fcntl(0x3,F_SETFD,FD_CLOEXEC)
23961 openssl  RET   fcntl 0
23961 openssl  CALL  ioctl(0x3,CRIOGET,0x7fffffffd51c)
23961 openssl  RET   ioctl 0
23961 openssl  CALL  fcntl(0x4,F_SETFD,FD_CLOEXEC)
23961 openssl  RET   fcntl 0
23961 openssl  CALL  ioctl(0x4,CIOCASYMFEAT,0x800ec73e0)
23961 openssl  RET   ioctl 0
23961 openssl  CALL  close(0x4)
23961 openssl  RET   close 0
23961 openssl  CALL  ioctl(0x3,CRIOGET,0x7fffffffd47c)
23961 openssl  RET   ioctl 0
23961 openssl  CALL  fcntl(0x4,F_SETFD,FD_CLOEXEC)
23961 openssl  RET   fcntl 0
23961 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0)
23961 openssl  RET   ioctl -1 errno 22 Invalid argument
23961 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0)
23961 openssl  RET   ioctl -1 errno 22 Invalid argument
23961 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0)
23961 openssl  RET   ioctl -1 errno 22 Invalid argument
23961 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0)
23961 openssl  RET   ioctl 0
23961 openssl  CALL  ioctl(0x4,CDRIOCINITWRITER,0x7fffffffd4c8)
23961 openssl  RET   ioctl 0
23961 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0)
23961 openssl  RET   ioctl 0
23961 openssl  CALL  ioctl(0x4,CDRIOCINITWRITER,0x7fffffffd4c8)
23961 openssl  RET   ioctl 0
23961 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0)
23961 openssl  RET   ioctl 0
23961 openssl  CALL  ioctl(0x4,CDRIOCINITWRITER,0x7fffffffd4c8)
23961 openssl  RET   ioctl 0
23961 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0)
23961 openssl  RET   ioctl -1 errno 22 Invalid argument
23961 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0)
23961 openssl  RET   ioctl -1 errno 22 Invalid argument
23961 openssl  CALL  close(0x4)
23961 openssl  RET   close 0
------

Notice the CDRIOCINITWRITER?  My run does not show these: so after these lines, there are no "sessions" available and cryptodev is in fact not used.

-----
2709 openssl  CALL  open(0x800c56cef,0x2<O_RDWR>,<unused>0)
2709 openssl  NAMI  "/dev/crypto"
2709 openssl  RET   open 3
2709 openssl  CALL  fcntl(0x3,F_SETFD,FD_CLOEXEC)
2709 openssl  RET   fcntl 0
2709 openssl  CALL  ioctl(0x3,CRIOGET,0x7fffffffd56c)
2709 openssl  RET   ioctl 0
2709 openssl  CALL  fcntl(0x4,F_SETFD,FD_CLOEXEC)
2709 openssl  RET   fcntl 0
2709 openssl  CALL  ioctl(0x4,CIOCASYMFEAT,0x800eb3fe0)
2709 openssl  RET   ioctl 0
2709 openssl  CALL  close(0x4)
2709 openssl  RET   close 0
2709 openssl  CALL  ioctl(0x3,CRIOGET,0x7fffffffd4cc)
2709 openssl  RET   ioctl 0
2709 openssl  CALL  fcntl(0x4,F_SETFD,FD_CLOEXEC)
2709 openssl  RET   fcntl 0
2709 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0)
2709 openssl  RET   ioctl -1 errno 22 Invalid argument
2709 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0)
2709 openssl  RET   ioctl -1 errno 22 Invalid argument
2709 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0)
2709 openssl  RET   ioctl -1 errno 22 Invalid argument
2709 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0)
2709 openssl  RET   ioctl 0
2709 openssl  CALL  ioctl(0x4,CIOCFSESSION,0x7fffffffd518)
2709 openssl  RET   ioctl 0
2709 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0)
2709 openssl  RET   ioctl 0
2709 openssl  CALL  ioctl(0x4,CIOCFSESSION,0x7fffffffd518)
2709 openssl  RET   ioctl 0
2709 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0)
2709 openssl  RET   ioctl 0
2709 openssl  CALL  ioctl(0x4,CIOCFSESSION,0x7fffffffd518)
2709 openssl  RET   ioctl 0
2709 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0)
2709 openssl  RET   ioctl -1 errno 22 Invalid argument
2709 openssl  CALL  ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0)
2709 openssl  RET   ioctl -1 errno 22 Invalid argument
2709 openssl  CALL  close(0x4)
2709 openssl  RET   close 0
-----

Making progress...

-- 
Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr
In memoriam to Ondine : http://ondine.keltia.net/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130827180736.GC25401>