There's a known issue with the openssl speed test when running the OpenSSL
0.9.6 engine version with Cryptoswift on Solaris; it will be addressed in a
future release. The situation which is causing a routine in the speed test
to be interrupted does not occur in Apache, so you should still be able to
use Cryptoswift with Solaris, OpenSSL 0.9.6 engine version, and Apache
without difficulty.
Let me know if you have any further questions or issues.
Lynn Gazis
Rainbow Technologies
-----Original Message-----
From: De Taeye, Herman [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 6:30 AM
To: 'lgazis'; '[EMAIL PROTECTED]'; De Taeye, Herman; Gyutani
(E-mail)
Subject: RE: Apache_1.3.17, Openssl-engine-0.9.6, mod_ssl-2.8.0-1.3.17
Sol aris 2.7,CryptoSwift accelerator board
Thanks for the diagnostic program. With the delivery by Sun an other program
called cstest located in /opt/SUNWconn/sunsecure/vts/bin. This program has
other options, but finally returns similar output.
csdiag showed that when running openssl speed rsa1024 -engine cswift, the
card processed 1440 requests.
During the test it comes up with an error :
# openssl speed rsa1024 -engine cswift
engine "cswift" set.
Doing 1024 bit private rsa's for 10s: RSA sign failure
17338:error:26067072:engine routines:CSWIFT_MOD_EXP_CRT:request
failed:hw_cswift
.c:524:CryptoSwift error number is -10004
1 1024 bit private RSA's in 0.29s
Doing 1024 bit public rsa's for 10s: RSA verify failure
17338:error:26066072:engine routines:CSWIFT_MOD_EXP:request
failed:hw_cswift.c:4
13:CryptoSwift error number is -10004
1 1024 bit public RSA's in 0.67s
OpenSSL 0.9.6 [engine] 24 Sep 2000
built on: Wed Feb 21 15:15:24 MET 2001
options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int)
blowfis
h(ptr)
compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-mcpu=ultr
asparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC
-DMD5_A
SM
sign verify sign/s verify/s
rsa 1024 bits 0.2900s 0.6700s 3.4 1.5
For this problem I had opened an other contact.
When installing openssl and configuring Apache.1.3.17, all seems to be OK.
Thanks to you all for the prompt support in trying to solve my problem.
Best regards,
Herman De Taeye
Unisys Belgium.
-----Original Message-----
From: lgazis [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 21, 2001 4:30 PM
To: '[EMAIL PROTECTED]'; De Taeye, Herman
Subject: RE: Apache_1.3.17, Openssl-engine-0.9.6, mod_ssl-2.8.0-1.3.17 Sol
aris 2.7,CryptoSwift accelerator board
1) csdiag -a 0
2) Run your test.
3) csdiag -a 0
If the interrupts haven't gone up by more than a couple, then the card isn't
being accessed (in which case, I'd suggest following John Airey's advice
about SSL_EXPERIMENTAL and SSLCryptoDevice, or you can email
[EMAIL PROTECTED] for help).
Lynn Gazis
-----Original Message-----
From: adrien mistretta [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 21, 2001 5:29 AM
To: [EMAIL PROTECTED]; De Taeye, Herman
Subject: Re: Apache_1.3.17, Openssl-engine-0.9.6, mod_ssl-2.8.0-1.3.17
Solaris 2.7,CryptoSwift accelerator board
> 3. How can I really test that the board is used and not the internal
> engine?
you can use the csdiag command to see if request are made to the crypto
card,
but I don't remember the option.
Adrien
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
