I am encountering problems with a hardware crypto module and I need some advice in how to debug my problem.
I have a DreamPlug that incorporates a Marvell Kirkwood 88F6281 SoC, which includes hardware acceleration for AES-128 and SHA-1. I am using Linux 2.6.39.2 and I have built cryptodev-linux with support for this hardware, and I have built two different versions of OpenSSL (0.9.8n and 1.0.0d) with cryptodev support. (For 0.9.8n I used the patch found here: http://sourceforge.net/projects/ocf-linux/files/ocf-linux/20100325/ocf-linux-20100325.tar.gz; for 1.0.0d I used the unmodified source.) The functionality appears to work correctly when using "openssl sha1" and "openssl enc" with the supported ciphers, consistently producing the correct output for each test, and the visible performance differences in "openssl speed" demonstrates that the hardware is being used. Unfortunately, when I try to actually make an SSL connection, it fails. An example, using the 1.0.0d build: dreamplug-debian:~# openssl s_server -cert server.crt -key server.pem -state Using default temp DH parameters Using default temp ECDH parameters ACCEPT bad gethostbyaddr SSL_accept:before/accept initialization SSL_accept:SSLv3 read client hello A SSL_accept:SSLv3 write server hello A SSL_accept:SSLv3 write certificate A SSL_accept:SSLv3 write key exchange A SSL_accept:SSLv3 write server done A SSL_accept:SSLv3 flush data SSL_accept:SSLv3 read client key exchange A Segmentation fault Attaching a debugger shows that the segfault is in memcpy() and gives me no further information, and building with -d is apparently unsupported on ARM. Using OpenSSL 0.9.8n instead produces basically the same output but fails with "SSL3_GET_RECORD:decryption failed or bad record mac" instead of crashing. Testing with s_client likewise segfaults after "SSL_connect:SSLv3 write change cipher spec A". The same tests with the cryptodev module removed from the kernel (and the same OpenSSL binaries) succeed as expected, leading me to believe that the issue is localized to the OpenSSL cryptodev engine or (more likely, in my opinion) the cryptodev-linux kernel driver. Can someone advise me on how I might proceed in debugging this issue? Thanks, /s/ Adam ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
