Hi,
I installed OpenSSL 1.0.2 having CRYPTODEV and AF_ALG compiled on an ARM
processor using kernel 3.10 that have a hardware crypto. I ran openssl speed
test using both cryptodev and af_alg successfully. in /proc/interrupts I can
see values increment for crypto driver. (However the speed using hardware
crypto is less than half comparing to not using it but this is another story).
Now I tried to use openvpn 2.3.14. I compiled it pointing to openssl 1.0.2 and
tried to check speed using command :
time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000
--cipher aes-256-cbc
The command above works fine (it does not use hardware crypto). But as soon as
I add engine cryptrodev or engine af_alg the command hang , in proc/interrupts
I can see increment only once, and from time to time in dmesg I received errors
: waiting to came back form encrypt function timed out.
Even kill -9 does not have any result. The only way to kill the process is to
restart the computer.
The driver implemented only asynchronous encrypt and decrypt, and maybe openvpn
use only synchronous call, and this is maybe why the command hang. But as I
understand openvpn does encryption and decryption through openssl. And openssl
works just fine,
I could not use openssl, 1.1 on 3.10 kernel. Openssl compiles fine, but openvpn
not. So maximum openssl that can be used was 1.0.2
I checked using ldd and openvpn use correct openssl.
So what could be the problem here? Are there any ways to force openvpn using
asynchronous calls?
Thank You
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
