When using OpenSSL SSL/TLS with cryptodev or OCF engines, it appears that some sessions are not closed. Since cryptodev (and I think OCF too) maintain a list of open sessions in the kernel, such lists keep growing to a point where the CPU usage goes up in the kernel finally making things unresponsive.
This patch fixes the issue, however I'm not sure if its the right approach or may be introducing another issue. It appears to fix the high CPU usage and everything works fine, however a customer is now reporting a error from the SSL library when used from a Java application. Please take a look at the patch and let me know if there's anything I'm doing wrong or if there's a better fix. This applies for OpenSSL version 1.0.1g. Here's the trace back from the Java application: 2014-06-18 13:43:24,147 ERROR [synchr] WebConnection - error in post attempt #1, dt=2080 javax.net.ssl.SSLProtocolException: Read error: ssl=0x429afa88: Failure in SSL library, usually a protocol error at com.apogee.openssl.jsse.NativeCrypto.SSL_read(Native Method) at com.apogee.openssl.jsse.OpenSSLSocketImpl$SSLInputStream. read(OpenSSLSocketImpl.java:923) at java.io.InputStream.read(InputStream.java:101) at com.att.dlc.xail.WebConnection.readResponse(WebConnection.java:3167) at com.att.dlc.xail.WebConnection.sendPost(WebConnection.java:3030) at com.att.dlc.xail.WebConnection.sendCommandsSync(WebConnection.java:2750) at com.att.dlc.xail.WebConnection.sendCommandsSync(WebConnection.java:2699) at com.att.dlc.xail.WebConnection.access$2200(WebConnection.java:117) at com.att.dlc.xail.WebConnection$ManagedObjectSynchronizer.update (WebConnection.java:4519) at com.att.dlc.xail.WebConnection$ManagedObjectSynchronizer.run (WebConnection.java:4496) at java.lang.Thread.run(Thread.java:857) Cc: Dr. Stephen Henson <st...@openssl.org> Cc: Ralf S. Engelschall <r...@openssl.org> Cc: Andy Polyakov <ap...@openssl.org> Signed-off-by: Joel Fernandes <jo...@ti.com> --- ssl/t1_enc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 809ad2e..2135f1b 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -195,6 +195,8 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, for (;;) { + EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_cleanup(&ctx_tmp); /* Reinit mac contexts */ if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key)) goto err; -- 1.7.9.5 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org