Creating MD context could be HEAVY when using crypto-devices.
And then you set a key to it, what is also could be heavy operation.
Thus, you'll get severe performance degradation in general case.
See [openssl.org #2937] for references.
For some reasons (other than performance) I give away from cleaning up
context every loop - had an impression there where a crash at some point.
On 19 June 2014 17:59, Joel Fernandes <jo...@ti.com> wrote:
> When using OpenSSL SSL/TLS with cryptodev or OCF engines, it appears
> that some sessions are not closed. Since cryptodev (and I think OCF too)
> maintain a list of open sessions in the kernel, such lists keep growing
> to a point where the CPU usage goes up in the kernel finally making things
> unresponsive.
>
> This patch fixes the issue, however I'm not sure if its the right
> approach or may be introducing another issue. It appears to fix the high
> CPU usage and everything works fine, however a customer is now reporting
> a error from the SSL library when used from a Java application. Please
> take a look at the patch and let me know if there's anything I'm doing
> wrong or if there's a better fix. This applies for OpenSSL version 1.0.1g.
>
> Here's the trace back from the Java application:
>
> 2014-06-18 13:43:24,147 ERROR [synchr] WebConnection - error in post
> attempt #1, dt=2080
> javax.net.ssl.SSLProtocolException: Read error: ssl=0x429afa88: Failure
> in
> SSL library, usually a protocol error
> at com.apogee.openssl.jsse.NativeCrypto.SSL_read(Native Method)
> at
> com.apogee.openssl.jsse.OpenSSLSocketImpl$SSLInputStream.
> read(OpenSSLSocketImpl.java:923)
> at java.io.InputStream.read(InputStream.java:101)
> at
> com.att.dlc.xail.WebConnection.readResponse(WebConnection.java:3167)
> at
> com.att.dlc.xail.WebConnection.sendPost(WebConnection.java:3030)
> at
> com.att.dlc.xail.WebConnection.sendCommandsSync(WebConnection.java:2750)
> at
> com.att.dlc.xail.WebConnection.sendCommandsSync(WebConnection.java:2699)
> at
> com.att.dlc.xail.WebConnection.access$2200(WebConnection.java:117)
> at
> com.att.dlc.xail.WebConnection$ManagedObjectSynchronizer.update
> (WebConnection.java:4519)
> at
> com.att.dlc.xail.WebConnection$ManagedObjectSynchronizer.run
> (WebConnection.java:4496)
> at java.lang.Thread.run(Thread.java:857)
>
> Cc: Dr. Stephen Henson <st...@openssl.org>
> Cc: Ralf S. Engelschall <r...@openssl.org>
> Cc: Andy Polyakov <ap...@openssl.org>
> Signed-off-by: Joel Fernandes <jo...@ti.com>
> ---
> ssl/t1_enc.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
> index 809ad2e..2135f1b 100644
> --- a/ssl/t1_enc.c
> +++ b/ssl/t1_enc.c
> @@ -195,6 +195,8 @@ static int tls1_P_hash(const EVP_MD *md, const
> unsigned char *sec,
>
> for (;;)
> {
> + EVP_MD_CTX_cleanup(&ctx);
> + EVP_MD_CTX_cleanup(&ctx_tmp);
> /* Reinit mac contexts */
> if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
> goto err;
> --
> 1.7.9.5
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager majord...@openssl.org
>
