On Fri December 12 2008, Madhusudan Bhat wrote: > Hi Geoff, > > I appreciate your reply. Currently, I dont have any engine supported at the > openssl side. I have crypto driver at the kernel side, which registered with > the kernel for the hashing and encryption algos. > > >From the openssl, when I issue "enc" or "dgst" commands, I dont give > "engine" parameter. Basically, I dont set any engine. With my > understanding, openssl will pass the command to kernel, kernel will search > the first available registered crypto driver which is capable of handling > requested operation and submit the request to that crypto driver. > > Above things working fine for all encryption and decryption commands. But > for hashing (dgst command) kernel is not getting the proper request from the > openssl with mac operation set. > > Any reason, why openssl dont pass the only hashing commands to kernel when > no engines are mentioned/set? is there any way I can configure openssl to > pass any request to kernel with out looking for any engines and also with > out passing it to hadle it in software? > Depends on the hardware - if you are running VIA processors, the hash "engine" is just a pair of instructions in the "repeat string op" family. No kernel involvement required.
Mike > thanks, > MB. > > > On Fri, Dec 12, 2008 at 2:09 AM, Geoff Thorpe <ge...@geoffthorpe.net> wrote: > > > On Thursday 11 December 2008 12:44:24 Madhusudan Bhat wrote: > > > Hi All, > > > > > > I am having a issue when using digest command from openssl. When I > > > issue digest command md5 from openssl, kernel side it will never > > > receive IOCTL - CIOCGSESSION with sop->mac getting set, also it wont > > > receive IOCTL - CIOCCRYPT with mac operation set. Tho, crypto driver > > > which I have written registered new session, free session, process > > > functions for CRYPTO_MD5, CRYPTO_MD5_HMAC. > > > > > > But when I issue des/3des/aes enc commands from openssl, open crypto > > > device at the kernel side receives proper IOCTL and calls my crypto > > > driver with new session and process functions with sop->cipher and > > > other fields related to cipher get set. > > > > > > Is there anything I might be missing in my driver or is there anything > > > which I have to enable to receive any digest commands? > > > BTW, I dont have any engine supported, so I dont use engine params > > > while issueing command from openssl. > > > > My guess is that you're initialising your engine too late - your engine > > will only become the default for crypto algorithms/modes that it > > supports and that *haven't been used yet*. When something tries to use > > md5 for the first time, a default md5 implementation will be chosen and > > cached. You probably loaded your engine early enough to be there before > > anyone needed des/3des/aes, but after someone had already started using > > md5. > > > > Specifically, I'm guessing that randomness gathering is your problem. The > > random code uses hashes extensively, and if that kicks in before you > > register your engine's md5 implementation, then the default s/w > > implementation has already become the live default. Try building your > > openssl libraries with -DENGINE_TABLE_DEBUG and add a big printf() just > > before you load your engine. If there is engine logging related to md5 > > that occurs before you load your engine, that's the problem. Another > > thing to try is to call ENGINE_set_default() on your engine once it's > > loaded - your MD5 code after that should use your engine, even if the > > randomness stuff won't. > > > > Cheers, > > Geoff > > > > -- > > Un terrien, c'est un singe avec des clefs de char... > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
