4. f-stack nginx server 1.11.10 On Thu, Dec 13, 2018 at 9:00 AM ASHIQUE CK <ckashique...@gmail.com> wrote:
> Hi, > 1. The engine that we wrote is by the reference of qat, is just an > interface which receives the openssl parameters of AES and RSA and offload > them to an FPGA hardware accelerator. > 2. > 3. Openssl 1.1.0 h > 4. Uses f-stack nginx 1.10.1 > 5. We ran nginx server which have a 1 Gb file in its root directory. Then > connected 3 clients to this server. These clients waits after handshake is > done. After I run 3rd client, I gave a Get request through 1 st client to > download that 1 gb file. But it showed error message, "decryption failed or > bad record mac". When I debugged using gdb, I understood that Tag > verification is getting failed. But the matter is, I am storing the Key and > IV at the time of handshake itself, to a buffer in my engine. When an > SSLRead or SSLWrite occur, I will copy the saved Key and Iv to fill the > respective descriptors. > But, in this case what happens is, if there is 3rd client handshake > occurred, its key and iv stored in a buffer. And when I give a Sslwrite in > the 1st client, it used the last saved key and iv, but it is actually key > and iv of 3 rd client. But I can download the file if I give get request > through the last handshaked client. > So what I can do is, save the key and iv of different clients in > different buffers. If the SSLread/write from any client comes, then just > offload the key and iv from the respective buffer. But for that, i need a > unique id for each client, which must be the same for a client in the > entire connection. > How can i get the unique id. Beyond the parameters *in, *out, inl (in > the case of plaintext/ cipher text offloading) and *ptr, *type, *arg (in > the case of header/aad offload) only what I have is ctx. With this ctx, can > i get a unique id or is there any way to solve this problem. > 6. Didn't tried with Apache server. > > Thanks > > On Thu 13 Dec, 2018, 1:30 AM Michael Richardson <m...@sandelman.ca wrote: > >> >> ASHIQUE CK <ckashique...@gmail.com> wrote: >> > We are using a Crypto Accelerator Engine to offload AESGCM and RSA >> > parameters. Trying to connect multiple clients simultaneously with a >> > single Nginx server, which is using this accelerator. The Key and IV >> >> You probably need to tell us: >> >> 1) which engine? did you write this engine? >> 2) whose driver? >> 3) what version of openssl? >> 4) what version of nginx? >> 5) how did you observe the problem you described? >> 6) is it different for, for instance, apache? or some other server >> software? >> >> > is passing only at handshake, and after handshake this set of key and >> > IV is using for all encryption and decryption. So at Engine side, we >> > are storing this Key and IV to a buffer and while >> > encrypting/decrypting , this Key and IV is used from this buffer. But, >> > while multiple client connects, the last saved Key/IV is getting for >> > all clients. >> > So, is there any way to get a unique ID foer each client connection ? >> > >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
