cryptodev-linux / cryptodev-linux Goto Github PK

Cryptodev-linux is a Linux-kernel device that allows user-space access to hardware cryptographic accelerators.

License: GNU General Public License v2.0

Makefile 1.51% C 98.49%

cryptodev-linux's Introduction

cryptodev-linux

This is a /dev/crypto device driver, equivalent to those in OpenBSD or FreeBSD. The main idea is to access existing ciphers in kernel space from userspace, thus enabling the re-use of a hardware implementation of a cipher.

For questions and suggestions, please use the homepage at https://github.com. Cryptodev-linux is hosted at https://github.com/cryptodev-linux/cryptodev-linux.

Older releases are also available at http://cryptodev-linux.org.

How to combine with cryptographic libraries

GnuTLS

GnuTLS needs to be compiled with --enable-cryptodev in order to take advantage of /dev/crypto. GnuTLS 3.0.14 or later is recommended.

OpenSSL

OpenSSL needs -DHAVE_CRYPTODEV and -DUSE_CRYPTODEV_DIGESTS flags during compilation. Note that the latter flag (digests) may induce a performance penalty in some systems.

Modifying and viewing verbosity at runtime

The verbosity of the driver often needs to be adjusted for debugging. The sysctl tool can be used for that.

# sysctl ioctl.cryptodev_verbosity
ioctl.cryptodev_verbosity = 0

# sysctl ioctl.cryptodev_verbosity=3
ioctl.cryptodev_verbosity = 3

cryptodev-linux's People

Contributors

Stargazers

Watchers

cryptodev-linux's Issues

the async mode is not truely async

In current implementation, we have a kernel worker job handling crypto ops after calling CIOCASYNCCRYPT and submit some crypto jobs, but the worker will do it synchronously one by one. By this way, we can not make full use of those hardware accelerators who have the ability to process multiple encryption ops in parallel, unless we create multiple handles, which means we have to open /dev/crypto multiple times in one userspace program to do this, which is not a good way as I can see.
I think one better way to do this is: CIOCASYNCCRYPT only handle the mission of submit request to driver, then -EINPROGRESS be returned from that submit, after request completed by driver, the all finish job, including free of request struct, should be done in the callback function.

module install

Hi guys,
On ubuntu 22.04, when I install the driver, I get:

$ sudo make install
make -C /lib/modules/5.15.0-50-generic/build M=/mnt/DATA/Temp/cryptodev-linux-1.12 modules_install
make[1]: Entering directory '/usr/src/linux-headers-5.15.0-50-generic'
arch/x86/Makefile:142: CONFIG_X86_X32 enabled but no binutils support
INSTALL /lib/modules/5.15.0-50-generic/extra/cryptodev.ko
SIGN /lib/modules/5.15.0-50-generic/extra/cryptodev.ko
At main.c:160:

SSL error:FFFFFFFF80000002:system library::No such file or directory: ../crypto/bio/bss_file.c:67
SSL error:10000080:BIO routines::no such file: ../crypto/bio/bss_file.c:75
sign-file: certs/signing_key.pem: No such file or directory
DEPMOD /lib/modules/5.15.0-50-generic
Warning: modules_install: missing 'System.map' file. Skipping depmod.
make[1]: Leaving directory '/usr/src/linux-headers-5.15.0-50-generic'
install -m 644 -D crypto/cryptodev.h //usr/local/include/crypto/cryptodev.h

The driver does not installed. Help?!
LJB

hmac_comp fails on BeagleBone Black and other issues.

Hi,
The context isn't reset between calls on omap-sham.c and the test fails at the second iteration.
With the flags set to:
cryp.flags = COP_FLAG_WRITE_IV | COP_FLAG_UPDATE | COP_FLAG_FINAL | COP_FLAG_RESET;
all iterations pass.
Tested on kernel 4.14.13

I have found two other issues:
cipher_gcm fails if the destination buffer overlaps a page boundary, the cause is a bad test in omap-crypto.c, a test mask is wrong and the destination buffer is overwritten,
cipher_comp fails because omap-aes.c doesn't return the IV field, as requested.

I have patches for both issues, if someone is interested.
Francis

Cipher supports in cryptodev-linux

Hi,

which cipher modes are supported by cryptodev-linux ?
hope AES-ecb,cbc,ofb,cfb & ctr modes are supported. kindly confirm.

Thanks,
Ashoka A D

File occasionally closes unexpectedly using Mono and P/Invoke

Synopsis

In a C# Mono functional test app that makes ioctl calls via P/Invoke, I have a test that runs a MD5 hash 1000 consecutive times. Intermittently the /dev/crypto file descriptor will actually close. This happens usually in the middle of the test. It is nondeterministic what the failure rate is as it is sporadic, but it does not happen often.

Environment

NXP Colibri iMX6 (Toradex BSP)
cryptodev-1.09
Linux tsi 4.14.126-0+g397564a #1 SMP PREEMPT Wed Mar 11 19:39:16 UTC 2020 armv7l armv7l armv7l GNU/Linux
C# Mono application communicates with /dev/crypto via P/Invoke

Details

Once the fd closes, all following operations fail. Typically closing the failed fd and opening the file with a new fd for the next hash session is successful. After the fd is closed, the rest of the session can no longer access it (as would be expected).

An application log of what is happening can be seen below:

**open session 3515619450 fd 240135303
**end session 3515619450 fd 240135303
**open session 3201119842 fd 240135303
**end session 3201119842 fd 240135303
**close fd 240135303
**open fd 172288571
**open session 3262179618 fd 172288571
**end session 3262179618 fd 172288571
**open session 2893257947 fd 172288571
**end session 2893257947 fd 172288571
**close fd 172288571
**open fd 442451715
ERROR: received UnixIOException after sending CIOCGSESSION fd 442451715!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
ERROR: received UnixIOException after sending CIOCCRYPT fd 442451715!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
ERROR: received UnixIOException after sending CIOCCRYPT fd 442451715!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
ERROR: received UnixIOException after sending CIOCFSESSION fd 442451715!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
ERROR: received UnixIOException after sending CIOCGSESSION fd 442451715!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
ERROR: received UnixIOException when closing cryptodev fd 442451715!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
**open fd 1068122414
ERROR: received UnixIOException after sending CIOCGSESSION fd 1068122414!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
ERROR: received UnixIOException after sending CIOCCRYPT fd 1068122414!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
ERROR: received UnixIOException after sending CIOCCRYPT fd 1068122414!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
ERROR: received UnixIOException after sending CIOCFSESSION fd 1068122414!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
ERROR: received UnixIOException after sending CIOCGSESSION fd 1068122414!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
ERROR: received UnixIOException when closing cryptodev fd 1068122414!
Exception: SecurityServices.Platform.PlatformCryptoDev.Drivers.Ioctl.UnixIOException (0x80004005): errno 9
**open fd 518239958
**open session 2603267706 fd 518239958
**end session 2603267706 fd 518239958
**open session 4256969686 fd 518239958
**end session 4256969686 fd 518239958
**close fd 518239958
**open fd 851201225
**open session 29900735 fd 851201225
**end session 29900735 fd 851201225
**open session 324552913 fd 851201225
**end session 324552913 fd 851201225
**close fd 851201225

The exception can be triggered from any ioctl call in the sequence consisting of:

CIOCFSESSION
CIOCGSESSION
CIOCCRYPT (a few calls here for implementing HashCore and HashFinal for implementing the System.Security.CryptographyHashAlgorithm interface)

I verified that running lsof /dev/crypto proves that the file is actually closed:

"good" session - breakpoint set after successful operation:

root@tsi:~# lsof /dev/crypto
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
dhclient 633 root    4u   CHR  10,56      0t0 4611 /dev/crypto
mono    768 root    6u   CHR  10,56      0t0  4611 /dev/crypto

"bad" session - there is no active file descriptor for Mono with /dev/crypto in this case:

root@tsi:~# lsof /dev/crypto
dhclient  633                 root    4u      CHR      10,56      0t0       4611 /dev/crypto

I checked to see if dhclient was perhaps interfering with my process's file interaction, so I killed the process and re-ran the test but got the same failures.

Closed

kernel panic when kill user process

I am using cryptodev to access linux kernel cryptographic algorithm driver, if the data source address and destination address of encryption or decryption was different, and I killed the userspace testing process with a command just like "kill -s 9" or "kill -s 15", then kernel panic occured.

[12142.835846] Call trace:
[12142.835848] [] dump_backtrace+0x0/0x1a0
[12142.835849] [] show_stack+0x20/0x28
[12142.835850] [] dump_stack+0x98/0xb8
[12142.835852] [] bad_page+0x110/0x15c
[12142.835853] [] free_pages_prepare+0x1d4/0x2f8
[12142.835855] [] free_hot_cold_page+0x50/0x1e0
[12142.835856] [] put_page+0x58/0x74
[12142.835858] [] release_user_pages+0xa4/0xc4 [cryptodev]
[12142.835861] [] get_userbuf+0x1c4/0x318 [cryptodev]
[12142.835863] [] crypto_run+0x1cc/0x4c0 [cryptodev]
[12142.835866] [] cryptodev_ioctl+0x2fc/0x71c [cryptodev]
[12142.835867] [] do_vfs_ioctl+0x480/0x618
[12142.835868] [] SyS_ioctl+0x90/0xa4
[12142.835870] BUG: Bad page state in process aes_test pfn:411ac05f
[12142.835871] page:ffff7c1006b017c0 count:0 mapcount:1 mapping: (null)
index:0xffff75b97
[12142.835873] flags: 0x4ffff00000080018(uptodate|dirty|swapbacked)
[12142.835873] page dumped because: nonzero mapcount
......
......
......
[12142.836189] Call trace:
[12142.836192] [] release_user_pages+0x68/0xc4 [cryptodev]
[12142.836194] [] get_userbuf+0x1c4/0x318 [cryptodev]
[12142.836197] [] crypto_run+0x1cc/0x4c0 [cryptodev]
[12142.836199] [] cryptodev_ioctl+0x2fc/0x71c [cryptodev]
[12142.836200] [] do_vfs_ioctl+0x480/0x618
[12142.836202] [] SyS_ioctl+0x90/0xa4
[12142.836204] Code: f9408680 d37d7e75 f8735801 8b150000 (f9400022)
[12142.836212] ---[ end trace a7ba248242cb3b21 ]---
[12142.836213] Kernel panic - not syncing: Fatal exception
[12142.836215] SMP: stopping secondary CPUs
[12145.347299] ---[ end Kernel panic - not syncing: Fatal exception

If the source address and the destination address was the same, this problem wouldn't happen,

you can also test it, maybe you will see the same result, and the problem is easy to reproduce.

Cryptodev built-in instead of loadable module

I am working on a project that is not allowed to use loadable modules but we would still like to use cryptodev to offload to the sec engine. Is there a limitation that caused cryptodev to only be able to be used as a loadable module instead of built-in?

Unable to fetch URL from any source

When I used yocto to build my first linux system, I faced an error:

ERROR: cryptodev-linux-1.10-r0 do_fetch: Fetcher failure for URL: 'git://github.com/cryptodev-linux/cryptodev-linux;branch=master'. Unable to fetch URL from any source.
ERROR: Logfile of failure stored in: /home/admin/Linux/Yocto/fsl-release-yocto/build/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/cryptodev-linux/1.10-r0/temp/log.do_fetch.387118
ERROR: Task (/home/admin/Linux/Yocto/fsl-release-yocto/sources/poky/meta/recipes-kernel/cryptodev/cryptodev-linux_1.10.bb:do_fetch) failed with exit code '1'

It seems that the required file cannot be found in the warehouse pointed to by this link git://github.com/cryptodev-linux/cryptodev-linux，the contents of the file containing git://github.com/cryptodev-linux/cryptodev-linux are as follows:

HOMEPAGE = "http://cryptodev-linux.org/"

LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"

SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux;branch=master \
           file://0001-Fix-module-loading-with-Linux-v5.0-rc5.patch \
           "
SRCREV = "fd8b15ef1c8398a69a37932ee48c74ab40329a29"

S = "${WORKDIR}/git"

CLEANBROKEN = "1"

What changes should I make to “SRC_URI' to solve this error?

Openembedded out of tree patches

Just wondering if we are interested in the 2 patches that I see OE carry for years now:
http://git.openembedded.org/openembedded-core/tree/meta/recipes-kernel/cryptodev/files

encrypt-then-mac in aead is more secure

Generally, the encryption is done before hmac in aead algorithms. It's more secure.

So, it is suggested to do AES_cbc_encrypt before hmac in aes_sha_combo.

void aes_sha_combo(void* ctx, void* plaintext, void* ciphertext, int size, void* tag);

https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac

crypto-dev-linux not compatible anymore to linux mainline kernel

crypto_alloc_ablkcipher() was removed from linux kernel code inbetween Kernel 4.7-4.8

This seems for me the commit which removed this function:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/crypto/ablkcipher.c?id=3a01d0ee2b991c8c267620e63a4ab47cd8c30cc4

This is the Build Error I got if I try to use it with a recent Linux Kernel:

|   CC [M]  /home/graute/cryptodev-module/ioctl.o
|   CC [M]  /home/graute/cryptodev-module/main.o
|   CC [M]  /home/graute/cryptodev-module/cryptlib.o
| /home/graute/cryptodev-module/cryptlib.c: In function 'cryptodev_cipher_init':
| /home/graute/cryptodev-module/cryptlib.c:138:18: error: implicit declaration of function 'crypto_alloc_ablkcipher' [-Werror=implicit-function-declaration]
|    out->async.s = crypto_alloc_ablkcipher(alg_name, 0, 0);
|                   ^
| /home/graute/cryptodev-module/cryptlib.c:138:16: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
|    out->async.s = crypto_alloc_ablkcipher(alg_name, 0, 0);
|                 ^
| cc1: some warnings being treated as errors
| make[3]: *** [/home/graute/cryptodev-module/cryptlib.o] Error 1
| make[2]: *** [_module_/home/graute/cryptodev-module] Error 2
| make[2]: Leaving directory `/home/graute/5411_IBIS/yocto/build-imx6ulevk-nand/tmp/work-shared/imx6ulevk/kernel-build-artifacts'
| make[1]: *** [sub-make] Error 2
| make[1]: Leaving directory `/home/graute/5411_IBIS/yocto/build-imx6ulevk-nand/tmp/work-shared/imx6ulevk/kernel-source'
| make: *** [build] Error 2
| ERROR: oe_runmake failed

openssl_wrapper.c needs to be updated for openssl 3.0.0

There are new deprecations that become errors with -Werror:

openssl_wrapper.c: In function 'remove_mapping':
openssl_wrapper.c:77:17: error: 'HMAC_CTX_free' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
   77 |                 HMAC_CTX_free(mapping->ctx.hmac);
      |                 ^~~~~~~~~~~~~
In file included from openssl_wrapper.c:6:
/home/alex/development/poky/build-32/tmp/work/core2-32-poky-linux/cryptodev-tests/1.12-r0/recipe-sysroot/usr/include/openssl/hmac.h:35:28: note: declared here
   35 | OSSL_DEPRECATEDIN_3_0 void HMAC_CTX_free(HMAC_CTX *ctx);
      |                            ^~~~~~~~~~~~~
openssl_wrapper.c: In function 'openssl_hmac':
openssl_wrapper.c:153:17: error: 'HMAC_CTX_new' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  153 |                 ctx = HMAC_CTX_new();
      |                 ^~~
In file included from openssl_wrapper.c:6:
/home/alex/development/poky/build-32/tmp/work/core2-32-poky-linux/cryptodev-tests/1.12-r0/recipe-sysroot/usr/include/openssl/hmac.h:33:33: note: declared here
   33 | OSSL_DEPRECATEDIN_3_0 HMAC_CTX *HMAC_CTX_new(void);
      |                                 ^~~~~~~~~~~~
openssl_wrapper.c:161:17: error: 'HMAC_Init_ex' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  161 |                 if (!HMAC_Init_ex(ctx, sess->mackey, sess->mackeylen,
      |                 ^~
In file included from openssl_wrapper.c:6:
/home/alex/development/poky/build-32/tmp/work/core2-32-poky-linux/cryptodev-tests/1.12-r0/recipe-sysroot/usr/include/openssl/hmac.h:43:27: note: declared here
   43 | OSSL_DEPRECATEDIN_3_0 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
      |                           ^~~~~~~~~~~~
openssl_wrapper.c:170:17: error: 'HMAC_Update' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  170 |                 if (!HMAC_Update(ctx, cop->src, cop->len)) {
      |                 ^~
In file included from openssl_wrapper.c:6:
/home/alex/development/poky/build-32/tmp/work/core2-32-poky-linux/cryptodev-tests/1.12-r0/recipe-sysroot/usr/include/openssl/hmac.h:45:27: note: declared here
   45 | OSSL_DEPRECATEDIN_3_0 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
      |                           ^~~~~~~~~~~
openssl_wrapper.c:178:17: error: 'HMAC_Final' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  178 |                 if (!HMAC_Final(ctx, cop->mac, 0)) {
      |                 ^~
In file included from openssl_wrapper.c:6:
/home/alex/development/poky/build-32/tmp/work/core2-32-poky-linux/cryptodev-tests/1.12-r0/recipe-sysroot/usr/include/openssl/hmac.h:47:27: note: declared here
   47 | OSSL_DEPRECATEDIN_3_0 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
      |                           ^~~~~~~~~~
openssl_wrapper.c: In function 'openssl_aes':
openssl_wrapper.c:244:17: error: 'AES_set_encrypt_key' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  244 |                 AES_set_encrypt_key(sess->key, sess->keylen * 8, &key);
      |                 ^~~~~~~~~~~~~~~~~~~
In file included from openssl_wrapper.c:4:
/home/alex/development/poky/build-32/tmp/work/core2-32-poky-linux/cryptodev-tests/1.12-r0/recipe-sysroot/usr/include/openssl/aes.h:51:5: note: declared here
   51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
openssl_wrapper.c:248:17: error: 'AES_set_decrypt_key' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  248 |                 AES_set_decrypt_key(sess->key, sess->keylen * 8, &key);
      |                 ^~~~~~~~~~~~~~~~~~~
In file included from openssl_wrapper.c:4:
/home/alex/development/poky/build-32/tmp/work/core2-32-poky-linux/cryptodev-tests/1.12-r0/recipe-sysroot/usr/include/openssl/aes.h:54:5: note: declared here
   54 | int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
openssl_wrapper.c:259:17: error: 'AES_cbc_encrypt' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  259 |                 AES_cbc_encrypt(cop->src, cop->dst, cop->len, &key, ivec, enc);
      |                 ^~~~~~~~~~~~~~~
In file included from openssl_wrapper.c:4:
/home/alex/development/poky/build-32/tmp/work/core2-32-poky-linux/cryptodev-tests/1.12-r0/recipe-sysroot/usr/include/openssl/aes.h:66:6: note: declared here
   66 | void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
      |      ^~~~~~~~~~~~~~~
openssl_wrapper.c:271:25: error: 'AES_ecb_encrypt' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  271 |                         AES_ecb_encrypt(cop->src + i, cop->dst + i, &key, enc);
      |                         ^~~~~~~~~~~~~~~
In file included from openssl_wrapper.c:4:
/home/alex/development/poky/build-32/tmp/work/core2-32-poky-linux/cryptodev-tests/1.12-r0/recipe-sysroot/usr/include/openssl/aes.h:63:6: note: declared here
   63 | void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
      |      ^~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

alloc_fd is not defined/exported

# make make -C /lib/modules/3.4.112-sun8i/build M=/usr/work/cryptodev/cryptodev-linux modules make[1]: Entering directory '/usr/src/linux-headers-3.4.112-sun8i' Building modules, stage 2. MODPOST 1 modules WARNING: "alloc_fd" [/usr/work/cryptodev/cryptodev-linux/cryptodev.ko] undefined! make[1]: Leaving directory '/usr/src/linux-headers-3.4.112-sun8i' root@orangepipc:/usr/work/cryptodev/cryptodev-linux# uname -a Linux orangepipc 3.4.112-sun8i #10 SMP PREEMPT Sun Oct 23 16:06:55 CEST 2016 armv7l GNU/Linux

OpenSSL patch website cannot be opened, where to find the patch please?

I want to use cryptodev to accelerate my OpenSSL ciphers, but I can't open the website of the latest patch of OpenSSL in readme, where to find the patch please?
Thx for any help.

make check on 1.8 fails

make and make install and also loading the module did work, but

make check
CFLAGS= KERNEL_DIR=/lib/modules/4.4.6-ti-r15/build make -C tests check
make[1]: Entering directory '/home/debian/cryptodev-linux-1.8/tests'
cc  -I..     cipher.c   -o cipher
cc  -I..     cipher-aead.c   -o cipher-aead
cc  -I..     hmac.c   -o hmac
cc  -I..     speed.c   -o speed
cc  -I..     async_cipher.c   -o async_cipher
cc  -I..     async_hmac.c   -o async_hmac
cc  -I..     async_speed.c   -o async_speed
cc  -I..     sha_speed.c   -o sha_speed
cc  -I..     hashcrypt_speed.c   -o hashcrypt_speed
cc  -I..     fullspeed.c   -o fullspeed
cc  -I..     cipher-gcm.c   -o cipher-gcm
cc  -I..     cipher-aead-srtp.c   -o cipher-aead-srtp
cc  -I..    -c -o cipher_comp.o cipher_comp.c
cc  -I..    -c -o openssl_wrapper.o openssl_wrapper.c
cc   cipher_comp.o openssl_wrapper.o  -lssl -lcrypto -o cipher_comp
cc  -I..    -c -o hash_comp.o hash_comp.c
cc   hash_comp.o openssl_wrapper.o  -lssl -lcrypto -o hash_comp
cc  -I..    -c -o hmac_comp.o hmac_comp.c
cc   hmac_comp.o openssl_wrapper.o  -lssl -lcrypto -o hmac_comp
./cipher
./hmac
./async_cipher
./async_hmac
./cipher-aead-srtp
ioctl(CIOCCRYPT): Invalid argument
Makefile:23: recipe for target 'check' failed
make[1]: *** [check] Error 1
make[1]: Leaving directory '/home/debian/cryptodev-linux-1.8/tests'
Makefile:43: recipe for target 'check' failed
make: *** [check] Error 2

please let me know if you need further information.

[OpenBMC] Kernel panic while running "openssl engine" within cryptodev-linux kernel module inserted

Hi all,

I would like to report an issue about OpenBMC + OpenSSL + Cryptodev-linux combination running on Aspeed ast2600 platform.
Kernel panic occurs while running “openssl engine” command. Will put more detail logs below.

After digging in more, I figure out an workaround to avoid this issue.
I’m wondering whether this bug is related to gcc compiler or not?
Did anybody met this issue before?
Any suggestion is appreciated.

Workaround:

Force enable CONFIG_GCC_PLUGINS config in Linux-5.15

Here are the detail steps to reproduce the issue:

1. Get latest OpenBMC source

$ git clone [email protected]:openbmc/openbmc.git

2. Setup ast2600 target

$ . setup evb-ast2600

3. Apply below patches to support openssl and cryptodev-linux kernel modules

Linux defconfig

diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig
index 451afd81a..d4b0ba4d8 100644
--- a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig
+++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig
@@ -289,3 +289,4 @@ CONFIG_DEBUG_LIST=y
CONFIG_FUNCTION_TRACER=y
CONFIG_DEBUG_USER=y
####### CONFIG_RUNTIME_TESTING_MENU is not set
+CONFIG_MODULES=y

Use hw engine

diff --git a/meta-phosphor/recipes-connectivity/openssl/openssl_%.bbappend b/meta-phosphor/recipes-connectivity/openssl/openssl_%.bbappend
index 0581dcd63..c51b8ecde 100644
--- a/meta-phosphor/recipes-connectivity/openssl/openssl_%.bbappend
+++ b/meta-phosphor/recipes-connectivity/openssl/openssl_%.bbappend
@@ -1,5 +1,6 @@
####### General config settings.
-EXTRA_OECONF:append:class-target = " shared no-hw no-err no-psk no-srp "
+EXTRA_OECONF:append:class-target = " shared no-err no-psk no-srp no-dynamic-engine "

####### Disable SSL (keep TLS only).
EXTRA_OECONF:append:class-target = " no-ssl2 no-ssl3 "

Install libcrypto & libssl & openssl stuffs

diff --git a/meta-phosphor/recipes-phosphor/images/obmc-phosphor-image.bb b/meta-phosphor/recipes-phosphor/images/obmc-phosphor-image.bb
index 494b06c7c..4fa2efcad 100644
--- a/meta-phosphor/recipes-phosphor/images/obmc-phosphor-image.bb
+++ b/meta-phosphor/recipes-phosphor/images/obmc-phosphor-image.bb
@@ -52,3 +52,12 @@ ROOTFS_POSTPROCESS_COMMAND += "remove_etc_version ; "
####### The shadow recipe provides the binaries(like useradd, usermod) needed by the # phosphor-user-manager.
ROOTFS_RO_UNNEEDED:remove = "shadow"
+
+IMAGE_INSTALL:append = "libcrypto libssl openssl openssl-bin openssl-conf openssl-engines"

Enable cryptodev-linux

diff --git a/poky/meta/recipes-connectivity/openssl/openssl_3.0.1.bb b/poky/meta/recipes-connectivity/openssl/openssl_3.0.1.bb
index 7727ec43e..15fd68e8a 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_3.0.1.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_3.0.1.bb
@@ -27,6 +27,7 @@ MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
PACKAGECONFIG ?= ""
PACKAGECONFIG:class-native = ""
PACKAGECONFIG:class-nativesdk = ""
+PACKAGECONFIG:class-target = "cryptodev-linux"

PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
PACKAGECONFIG[no-tls1] = "no-tls1"

4. Build obmc-phosphor-image & running on ast2600

bitbake obmc-phosphor-image

5. Insert cryptodev kernel module

$ modprobe cryptodev
[ 136.485187] cryptodev: loading out-of-tree module taints kernel.
[ 136.494384] cryptodev: driver 1.12 loaded.

6. Running openssl engine to check hw engine is supported

$ openssl engine

7. Kernel panic

root@ast2600-default:~# openssl engine
[ 165.288203] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: cryptodev_ioctl+0xc60/0xd30 [cryptodev]
[ 165.300953] CPU: 0 PID: 501 Comm: openssl Tainted: G O 5.15.0-dirty-0e311ef17334 #1
[ 165.310961] Hardware name: Generic DT based system [ 165.316307] Backtrace:
[ 165.319038] [<80bc7708>] (dump_backtrace) from [<80bc7950>] (show_stack+0x20/0x24) [ 165.327507] r7:80d665f8 r6:8100e768 r5:60000093 r4:80d7a02c [ 165.333819] [<80bc7930>] (show_stack) from [<80bcc48c>] (dump_stack_lvl+0x48/0x54) [ 165.342279] [<80bcc444>] (dump_stack_lvl) from [<80bcc4b0>] (dump_stack+0x18/0x1c) [ 165.350738] r5:00000000 r4:811003a8 [ 165.354722] [<80bcc498>] (dump_stack) from [<80bc7d48>] (panic+0x108/0x330) [ 165.362504] [<80bc7c40>] (panic) from [<80bd516c>] (rcu_dynticks_inc+0x0/0x44) [ 165.370579] r3:81538d80 r2:861e7200 r1:7f0024c0 r0:80d665f8 [ 165.376893] r7:8486c000 [ 165.379714] [<80bd5150>] (__stack_chk_fail) from [<7f0024c0>] (cryptodev_ioctl+0xc60/0xd30 [cryptodev]) [ 165.390223] [<7f001860>] (cryptodev_ioctl [cryptodev]) from [<80309f44>] (sys_ioctl+0x570/0xc44) [ 165.400055] r10:00000036 r9:00000003 r8:84b19f00 r7:76f15c60 r6:7ed8f728 r5:84b19f00 [ 165.408792] r4:8004636a [ 165.411613] [<803099d4>] (sys_ioctl) from [<80100060>] (ret_fast_syscall+0x0/0x48) [ 165.420071] Exception stack(0x8486dfa8 to 0x8486dff0)
[ 165.425712] dfa0: 76f15b60 76f14824 00000003 8004636a 76f15c60 00a82808
[ 165.434842] dfc0: 76f15b60 76f14824 7ed8f728 00000036 00000003 76d30e5c 7ed8fde0 00000000 [ 165.443969] dfe0: 76f14944 7ed8f684 76e2d758 76cae67c [ 165.449609] r10:00000036 r9:8486c000 r8:80100244 r7:00000036 r6:7ed8f728 r5:76f14824 [ 165.458337] r4:76f15b60 [ 165.461168] CPU1: stopping
[ 165.464202] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G O 5.15.0-dirty-0e311ef17334 #1
[ 165.474205] Hardware name: Generic DT based system [ 165.479551] Backtrace:
[ 165.482283] [<80bc7708>] (dump_backtrace) from [<80bc7950>] (show_stack+0x20/0x24) [ 165.490749] r7:81418e40 r6:00000001 r5:600f0193 r4:80d7a02c [ 165.497061] [<80bc7930>] (show_stack) from [<80bcc48c>] (dump_stack_lvl+0x48/0x54) [ 165.505519] [<80bcc444>] (dump_stack_lvl) from [<80bcc4b0>] (dump_stack+0x18/0x1c) [ 165.513979] r5:81006654 r4:811002c8 [ 165.517963] [<80bcc498>] (dump_stack) from [<8010ff64>] (do_handle_IPI+0x2c8/0x2fc) [ 165.526511] [<8010fc9c>] (do_handle_IPI) from [<8010ffc0>] (ipi_handler+0x28/0x30) [ 165.534971] r9:81552000 r8:bc80200c r7:81418e40 r6:00000014 r5:81006654 r4:814da200 [ 165.543610] [<8010ff98>] (ipi_handler) from [<80187a6c>] (handle_percpu_devid_irq+0x8c/0x1e0)
[ 165.553135] [<801879e0>] (handle_percpu_devid_irq) from [<80180e80>] (handle_domain_irq+0x6c/0x88) [ 165.563150] r7:00000004 r6:00000000 r5:00000000 r4:80f85030 [ 165.569461] [<80180e14>] (handle_domain_irq) from [<80101230>] (gic_handle_irq+0x78/0x8c) [ 165.578600] r7:80f8503c r6:bc802000 r5:81553f38 r4:81006654 [ 165.584911] [<801011b8>] (gic_handle_irq) from [<80100afc>] (__irq_svc+0x5c/0x78) [ 165.593269] Exception stack(0x81553f38 to 0x81553f80)
[ 165.598904] 3f20: 000a49a8 00000000
[ 165.608035] 3f40: 00000001 8011c4e0 81552000 00000001 81005f50 81005f90 810ced6f 80d69660 [ 165.617165] 3f60: 00000000 81553f94 81553f98 81553f88 80108df0 80108df4 600f0013 ffffffff [ 165.626294] r9:81552000 r8:810ced6f r7:81553f6c r6:ffffffff r5:600f0013 r4:80108df4 [ 165.634932] [<80108dac>] (arch_cpu_idle) from [<80bdd378>] (default_idle_call+0x38/0xc8) [ 165.643972] [<80bdd340>] (default_idle_call) from [<8015df78>] (do_idle+0xd8/0x144) [ 165.652526] [<8015dea0>] (do_idle) from [<8015e314>] (cpu_startup_entry+0x28/0x2c) [ 165.660988] r9:410fc075 r8:8000406a r7:81553ff8 r6:10c0387d r5:00000001 r4:00000096 [ 165.669627] [<8015e2ec>] (cpu_startup_entry) from [<80110530>] (secondary_start_kernel+0x160/0x184)
[ 165.679732] [<801103d0>] (secondary_start_kernel) from [<801016f0>] (__enable_mmu+0x0/0x30) [ 165.689062] r5:00000051 r4:8156806a

Other information:

root@ast2600-default:~# openssl version
OpenSSL 1.1.1g 21 Apr 2020

root@ast2600-default:~# modinfo cryptodev
filename: /lib/modules/5.15.0-dirty-0e311ef17334/extra/cryptodev.ko
license: GPL
description: CryptoDev driver
author: Nikos Mavrogiannopoulos <[email protected]>
depends:
name: cryptodev
vermagic: 5.15.0-dirty-0e311ef17334 SMP mod_unload ARMv7 p2v8
parm: cryptodev_verbosity:0: normal, 1: verbose, 2: debug (int)

Thanks

Best Regards,
-Neal

3.17.6 throws a conflicting definition error on make

When attempting to build against 3.17.6, we're seeing redefinition errors on sg_copy calls - at first glance it looks like the API changed and call param order was swapped.

make -C /lib/modules/3.17.6-i7/build SUBDIRS=`pwd` modules
make[1]: Entering directory `/usr/src/linux-headers-3.17.6-i7'
  CC [M]  /opt/build/cryptodev-linux/authenc.o
In file included from /opt/build/cryptodev-linux/authenc.c:46:0:
/opt/build/cryptodev-linux/util.h:1:5: error: conflicting types for ‘sg_copy’
 int sg_copy(struct scatterlist *sg_from, struct scatterlist *sg_to, int len);
     ^
In file included from include/linux/dmaengine.h:28:0,
                 from include/linux/skbuff.h:31,
                 from include/crypto/algapi.h:18,
                 from include/crypto/scatterwalk.h:20,
                 from /opt/build/cryptodev-linux/authenc.c:42:
include/linux/scatterlist.h:253:5: note: previous declaration of ‘sg_copy’ was here
 int sg_copy(struct scatterlist *dst_sg, struct scatterlist *src_sg,
     ^
make[2]: *** [/opt/build/cryptodev-linux/authenc.o] Error 1
make[1]: *** [_module_/opt/build/cryptodev-linux] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-3.17.6-i7'
make: *** [build] Error 2

Which version is save?

Hi, not really an issue but rather a question:
I see in the NEWS version 1.7 is mentioned, though I cannot find it not under http://download.gna.org/cryptodev-linux/ nor under tags here on github. I suppose it is just the head in master branch here at github, but is it save to use? also do you have any plans releasing it to gna or at least adding a tag for an easy download @https://github.com/nmav/cryptodev-linux/releases

Thanks

"possible circular locking dependency" warning

I'm getting this warning on Linux Kernel 5.15.1 and libopenssl-1.1.1l. Older system with kernel 5.4.x shows the same behavior.

# modprobe cryptodev
cryptodev: loading out-of-tree module taints kernel.
cryptodev: driver 1.12 loaded.
# openssl engine

======================================================
WARNING: possible circular locking dependency detected
5.15.1 #1 Tainted: G           O
------------------------------------------------------
openssl/315 is trying to acquire lock:
c426b840 (&pcr->fcrypt.sem){+.+.}-{3:3}, at: cryptodev_ioctl+0x1cc/0xe1c [cryptodev]

but task is already holding lock:
c426be40 (&ses_new->sem){+.+.}-{3:3}, at: cryptodev_ioctl+0x1b0/0xe1c [cryptodev]

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&ses_new->sem){+.+.}-{3:3}:
       mutex_lock_nested+0x1c/0x24
       cryptodev_ioctl+0x1b0/0xe1c [cryptodev]
       sys_ioctl+0x140/0xea8
       ret_fast_syscall+0x0/0x1c
       0xbea4d75c

-> #0 (&pcr->fcrypt.sem){+.+.}-{3:3}:
       lock_acquire+0x12c/0x41c
       __mutex_lock+0x90/0xa34
       mutex_lock_nested+0x1c/0x24
       cryptodev_ioctl+0x1cc/0xe1c [cryptodev]
       sys_ioctl+0x140/0xea8
       ret_fast_syscall+0x0/0x1c
       0xbea4d75c

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ses_new->sem);
                               lock(&pcr->fcrypt.sem);
                               lock(&ses_new->sem);
  lock(&pcr->fcrypt.sem);

 *** DEADLOCK ***

1 lock held by openssl/315:
 #0: c426be40 (&ses_new->sem){+.+.}-{3:3}, at: cryptodev_ioctl+0x1b0/0xe1c [cryptodev]

stack backtrace:
CPU: 0 PID: 315 Comm: openssl Tainted: G           O      5.15.1 #1
Hardware name: Generic AM33XX (Flattened Device Tree)
[<c0110c90>] (unwind_backtrace) from [<c010bd00>] (show_stack+0x10/0x14)
[<c010bd00>] (show_stack) from [<c0c10978>] (dump_stack_lvl+0x58/0x70)
[<c0c10978>] (dump_stack_lvl) from [<c01ad748>] (check_noncircular+0xf4/0x168)
[<c01ad748>] (check_noncircular) from [<c01b0eec>] (__lock_acquire+0x1630/0x2e0c)
[<c01b0eec>] (__lock_acquire) from [<c01b3158>] (lock_acquire+0x12c/0x41c)
[<c01b3158>] (lock_acquire) from [<c0c1c704>] (__mutex_lock+0x90/0xa34)
[<c0c1c704>] (__mutex_lock) from [<c0c1d0c4>] (mutex_lock_nested+0x1c/0x24)
[<c0c1d0c4>] (mutex_lock_nested) from [<bf1da824>] (cryptodev_ioctl+0x1cc/0xe1c [cryptodev])
[<bf1da824>] (cryptodev_ioctl [cryptodev]) from [<c039c09c>] (sys_ioctl+0x140/0xea8)
[<c039c09c>] (sys_ioctl) from [<c0100080>] (ret_fast_syscall+0x0/0x1c)
Exception stack(0xc267bfa8 to 0xc267bff0)
bfa0:                   b6f16754 0009dd50 00000004 40086370 bea4d768 6c64d001
bfc0: b6f16754 0009dd50 b6ed1fc4 00000036 b6f166b0 c01c6366 40046367 00000000
bfe0: b6f15108 bea4d75c b6e1da64 b6c6dbf8
(devcrypto) /dev/crypto engine
(dynamic) Dynamic engine loading support

Cryptodev module fails to load with Unknown symbol errors

Board: AT91SAMA5D3xEK
System: Linux4Microchip-2022.04 v5.15.32 built by Buildroot 2022.02
Package: cryptodev-linux v1.12

# insmod /lib/modules/5.15.32-linux4microchip-2022.04/extra/cryptodev.ko
cryptodev: loading out-of-tree module taints kernel.
cryptodev: Unknown symbol __mmap_lock_do_trace_acquire_returned (err -2)
cryptodev: Unknown symbol __tracepoint_mmap_lock_acquire_returned (err -2)
cryptodev: Unknown symbol __tracepoint_mmap_lock_released (err -2)
cryptodev: Unknown symbol kmem_cache_alloc_trace (err -2)
cryptodev: Unknown symbol __mmap_lock_do_trace_start_locking (err -2)
cryptodev: Unknown symbol __tracepoint_mmap_lock_start_locking (err -2)
cryptodev: Unknown symbol __mmap_lock_do_trace_released (err -2)
cryptodev: Unknown symbol __mmap_lock_do_trace_acquire_returned (err -2)
cryptodev: Unknown symbol __tracepoint_mmap_lock_acquire_returned (err -2)
cryptodev: Unknown symbol __tracepoint_mmap_lock_released (err -2)
cryptodev: Unknown symbol kmem_cache_alloc_trace (err -2)
cryptodev: Unknown symbol __mmap_lock_do_trace_start_locking (err -2)
cryptodev: Unknown symbol __tracepoint_mmap_lock_start_locking (err -2)
cryptodev: Unknown symbol __mmap_lock_do_trace_released (err -2)
insmod: can't insert '/lib/modules/5.15.32-linux4microchip-2022.04/extra/cryptodev.ko': unknown symbol in module, or unknown parameter

Am I missing a memory manager configuration setting, or has Linux changed?
Thanks, Nick

error: positional initialization of field in ‘struct’ declared with ‘designated_init’ attribute [-Werror=designated-init]

Got the below message when trying to build with gentoo with linux kernel 4.12.9 through kernel 4.13.2 and gcc 6.4

Emerging (1 of 1) sys-kernel/cryptodev-1.9::gentoo

cryptodev-linux-1.9.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ... [ ok ]
Determining the location of the kernel source code
Found kernel source directory:
```
/usr/src/linux
```
Found kernel object directory:
```
/lib/modules/4.13.2-gentoo/build
```
Found sources for kernel version:
```
4.13.2-gentoo
```
Checking for suitable kernel configuration options... [ ok ]

Unpacking source...
Unpacking cryptodev-linux-1.9.tar.gz to /var/tmp/portage/sys-kernel/cryptodev-1.9/work
Source unpacked in /var/tmp/portage/sys-kernel/cryptodev-1.9/work
Preparing source in /var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9 ...
Source prepared.
Configuring source in /var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9 ...
Source configured.
Compiling source in /var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9 ...
ln: failed to create symbolic link 'Module.symvers': File exists

Preparing cryptodev module
make -j5 HOSTCC=x86_64-pc-linux-gnu-gcc CROSS_COMPILE=x86_64-pc-linux-gnu- 'LDFLAGS=-m elf_x86_64' build
make -C /usr/src/linux M=/var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9 ARCH=x86 CROSS_COMPILE=x86_64-pc-linux-gnu- modules
make[1]: Entering directory '/usr/src/linux-4.13.2-gentoo'
CC [M] /var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9/ioctl.o
CC [M] /var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9/main.o
CC [M] /var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9/cryptlib.o
CC [M] /var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9/authenc.o
CC [M] /var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9/zc.o
/var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9/ioctl.c:1127:3: error: positional initialization of field in ‘struct’ declared with ‘designated_init’ attribute [-Werror=designated-init]
{0, },
^
/var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9/ioctl.c:1127:3: note: (near initialization for ‘verbosity_ctl_dir[1]’)
/var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9/ioctl.c:1136:3: error: positional initialization of field in ‘struct’ declared with ‘designated_init’ attribute [-Werror=designated-init]
{0, },
^
/var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9/ioctl.c:1136:3: note: (near initialization for ‘verbosity_ctl_root[1]’)
CC [M] /var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9/util.o
cc1: some warnings being treated as errors
make[2]: *** [scripts/Makefile.build:302: /var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9/ioctl.o] Error 1
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [Makefile:1512: module/var/tmp/portage/sys-kernel/cryptodev-1.9/work/cryptodev-linux-1.9] Error 2
make[1]: Leaving directory '/usr/src/linux-4.13.2-gentoo'
make: *** [Makefile:27: build] Error 2
ERROR: sys-kernel/cryptodev-1.9::gentoo failed (compile phase):
emake failed

dev crypto failed module not found etc.

cryptodev-linux-1.9/tests
-> make test

error:

CFLAGS= KERNEL_DIR=/lib/modules/4.10.0-40-generic/build make -C tests check
make[1]: Entering directory '/home/???/cryptodev-linux-1.9/tests'
./cipher
open(/dev/crypto): No such file or directory <-- ?
Makefile:27: recipe for target 'check' failed
make[1]: *** [check] Error 1
make[1]: Leaving directory '/home/nwo/cryptodev-linux-1.9/tests'
Makefile:44: recipe for target 'check' failed
make: *** [check] Error 2

sudo systemctl status systemd-modules-load:

Nov 27 12:56:48 amd systemd-modules-load[465]: Module 'loop' is builtin
Nov 27 12:56:48 amd systemd-modules-load[465]: Failed to find module 'cryptodev'
Nov 27 12:56:48 amd systemd-modules-load[465]: Module 'lp' is blacklisted
Nov 27 12:56:48 amd systemd-modules-load[465]: Module 'ppdev' is blacklisted
Nov 27 12:56:48 amd systemd-modules-load[465]: Module 'parport_pc' is blacklisted
Nov 27 12:56:48 amd systemd[1]: systemd-modules-load.service: Main process exited, code=exited, status=1/FAI
Nov 27 12:56:48 amd systemd[1]: Failed to start Load Kernel Modules.

How can i fix "open(/dev/crypto): No such file or directory"

Phase 2

Precaution and reassessment

Kernel 3.19 ioctl.c:549:2: error: implicit declaration of function 'get_unused_fd'

There is patch proposed: http://permalink.gmane.org/gmane.comp.handhelds.openembedded.core/60348

From 7d71124991030f99965e6e6aaed421115f185adb Mon Sep 17 00:00:00 2001
From: Ricardo Ribalda Delgado <ricardo.ribalda@...>
Date: Mon, 9 Feb 2015 13:51:56 +0100
Subject: [PATCH] ioctl.c: Fix build on 3.19

get_unused_fd() MACRO has been removed on kernel 3.19. Replace by the
actual output of the macro.

Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@...>

---
 ioctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ioctl.c b/ioctl.c
index f26cf93..cf8cc17 100644
--- a/ioctl.c
+++ b/ioctl.c
 @@-529,7 +529,7@@ static int
 clonefd(struct file *filp)
 {
        int ret;
-       ret = get_unused_fd();
+       ret = get_unused_fd_flags(0);
        if (ret >= 0) {
                        get_file(filp);
                        fd_install(ret, filp);
--
2.1.4

performance issue

Hi,

We are working on the Hardware crypto accelerator and using the cryptodev-linux.

using the test application https://github.com/cryptodev-linux/cryptodev-linux/blob/master/tests/speed.c we are checking the performance of AES-modes. log as below

Testing AES-128-CBC cipher: 
	Encrypting in chunks of 512 bytes: done. 110.86 MB in 5.00 secs: 22.17 MB/sec
	Encrypting in chunks of 1024 bytes: done. 122.52 MB in 5.00 secs: 24.50 MB/sec
	Encrypting in chunks of 2048 bytes: done. 127.34 MB in 5.00 secs: 25.47 MB/sec
	Encrypting in chunks of 4096 bytes: done. 132.09 MB in 5.00 secs: 26.42 MB/sec
	Encrypting in chunks of 8192 bytes: done. 127.64 MB in 5.00 secs: 25.53 MB/sec
	Encrypting in chunks of 16384 bytes: done. 119.34 MB in 5.00 secs: 23.86 MB/sec
	Encrypting in chunks of 32768 bytes: done. 105.48 MB in 5.00 secs: 21.09 MB/sec
	Encrypting in chunks of 65536 bytes: done. 85.98 MB in 5.00 secs: 17.19 MB/sec

we are checking the performance with the OepnSSL as well and observing as below.

$./openssl speed -evp aes-128-cbc -engine devcrypto 
Engine "devcrypto" set.
Doing AES-128-CBC for 3s on 16 size blocks: 517398 AES-128-CBC's in 0.10s
Doing AES-128-CBC for 3s on 64 size blocks: 412163 AES-128-CBC's in 0.08s
Doing AES-128-CBC for 3s on 256 size blocks: 207881 AES-128-CBC's in 0.06s
Doing AES-128-CBC for 3s on 1024 size blocks: 70025 AES-128-CBC's in 0.02s
Doing AES-128-CBC for 3s on 8192 size blocks: 8751 AES-128-CBC's in 0.01s
Doing AES-128-CBC for 3s on 16384 size blocks: 4117 AES-128-CBC's in 0.00s
version: 3.1.3
built on: Tue Nov 28 09:14:20 2023 UTC
options: bn(64,64)
compiler: riscv64-unknown-linux-gnu-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG
CPUINFO: N/A
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
AES-128-CBC      82783.68k   329730.40k   886958.93k  3585280.00k  7168819.20k         infk

we are seeing the data processed in the OpenSSL is much higher then compared to the cryptodev-linux test application.
can you please let me know what could be the reason for this lower data processed.

Thanks,
Ashoka A D

https breaks with latest git + openssl >=1.0.1f

Any https connections break with versions of openssl greater than 1.0.1e. It works fine with 1.0.1e. This has already been reported https://mail.gna.org/public/cryptodev-linux-devel/2014-06/index.html with one detail missing that it works with 1.0.1e.
System tested on was armv5 kirkwood SoC.
For others reading this and there are patches available for 1.0.1e to get the worst bugs fixed: https://github.com/archlinuxarm/PKGBUILDs/tree/master/core/openssl-cryptodev

multiple definitions error

Hi,
I'm trying to build the package for kernel-3.12 and end up with issues as below, any ideas on this?

cryptodev-linux-1.9/main.o: In function nop_flush_icache_all':
main.c:(.text+0x3dc): multiple definition of nop_flush_icache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1400): first defined here cryptodev-linux-1.9/main.o: In function nop_flush_kern_cache_all':
main.c:(.text+0x3e0): multiple definition of nop_flush_kern_cache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1404): first defined here cryptodev-linux-1.9/main.o: In function nop_flush_kern_cache_louis':
main.c:(.text+0x3e4): multiple definition of nop_flush_kern_cache_louis' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1408): first defined here cryptodev-linux-1.9/main.o: In function nop_flush_user_cache_all':
main.c:(.text+0x3e8): multiple definition of nop_flush_user_cache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x140c): first defined here cryptodev-linux-1.9/main.o: In function nop_flush_user_cache_range':
main.c:(.text+0x3ec): multiple definition of nop_flush_user_cache_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1410): first defined here cryptodev-linux-1.9/main.o: In function nop_coherent_kern_range':
main.c:(.text+0x3f0): multiple definition of nop_coherent_kern_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1414): first defined here cryptodev-linux-1.9/main.o: In function nop_coherent_user_range':
main.c:(.text+0x3f4): multiple definition of nop_coherent_user_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1418): first defined here cryptodev-linux-1.9/main.o: In function nop_flush_kern_dcache_area':
main.c:(.text+0x3fc): multiple definition of nop_flush_kern_dcache_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1420): first defined here cryptodev-linux-1.9/main.o: In function nop_dma_flush_range':
main.c:(.text+0x400): multiple definition of nop_dma_flush_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1424): first defined here cryptodev-linux-1.9/main.o: In function nop_dma_map_area':
main.c:(.text+0x404): multiple definition of nop_dma_map_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1428): first defined here cryptodev-linux-1.9/main.o: In function nop_dma_unmap_area':
main.c:(.text+0x408): multiple definition of nop_dma_unmap_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x142c): first defined here cryptodev-linux-1.9/main.o: In function return_address':
main.c:(.text+0x40c): multiple definition of return_address' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1430): first defined here cryptodev-linux-1.9/cryptlib.o: In function nop_flush_icache_all':
cryptlib.c:(.text+0x14): multiple definition of nop_flush_icache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1400): first defined here cryptodev-linux-1.9/cryptlib.o: In function nop_flush_kern_cache_all':
cryptlib.c:(.text+0x18): multiple definition of nop_flush_kern_cache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1404): first defined here cryptodev-linux-1.9/cryptlib.o: In function nop_flush_kern_cache_louis':
cryptlib.c:(.text+0x1c): multiple definition of nop_flush_kern_cache_louis' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1408): first defined here cryptodev-linux-1.9/cryptlib.o: In function nop_flush_user_cache_all':
cryptlib.c:(.text+0x20): multiple definition of nop_flush_user_cache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x140c): first defined here cryptodev-linux-1.9/cryptlib.o: In function nop_flush_user_cache_range':
cryptlib.c:(.text+0x24): multiple definition of nop_flush_user_cache_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1410): first defined here cryptodev-linux-1.9/cryptlib.o: In function nop_coherent_kern_range':
cryptlib.c:(.text+0x28): multiple definition of nop_coherent_kern_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1414): first defined here cryptodev-linux-1.9/cryptlib.o: In function nop_coherent_user_range':
cryptlib.c:(.text+0x2c): multiple definition of nop_coherent_user_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1418): first defined here cryptodev-linux-1.9/cryptlib.o: In function nop_flush_kern_dcache_area':
cryptlib.c:(.text+0x34): multiple definition of nop_flush_kern_dcache_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1420): first defined here cryptodev-linux-1.9/cryptlib.o: In function nop_dma_flush_range':
cryptlib.c:(.text+0x38): multiple definition of nop_dma_flush_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1424): first defined here cryptodev-linux-1.9/cryptlib.o: In function nop_dma_map_area':
cryptlib.c:(.text+0x3c): multiple definition of nop_dma_map_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1428): first defined here cryptodev-linux-1.9/cryptlib.o: In function nop_dma_unmap_area':
cryptlib.c:(.text+0x40): multiple definition of nop_dma_unmap_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x142c): first defined here cryptodev-linux-1.9/authenc.o: In function nop_flush_icache_all':
authenc.c:(.text+0xa78): multiple definition of nop_flush_icache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1400): first defined here cryptodev-linux-1.9/authenc.o: In function nop_flush_kern_cache_all':
authenc.c:(.text+0xa7c): multiple definition of nop_flush_kern_cache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1404): first defined here cryptodev-linux-1.9/authenc.o: In function nop_flush_kern_cache_louis':
authenc.c:(.text+0xa80): multiple definition of nop_flush_kern_cache_louis' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1408): first defined here cryptodev-linux-1.9/authenc.o: In function nop_flush_user_cache_all':
authenc.c:(.text+0xa84): multiple definition of nop_flush_user_cache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x140c): first defined here cryptodev-linux-1.9/authenc.o: In function nop_flush_user_cache_range':
authenc.c:(.text+0xa88): multiple definition of nop_flush_user_cache_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1410): first defined here cryptodev-linux-1.9/authenc.o: In function nop_coherent_kern_range':
authenc.c:(.text+0xa8c): multiple definition of nop_coherent_kern_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1414): first defined here cryptodev-linux-1.9/authenc.o: In function nop_coherent_user_range':
authenc.c:(.text+0xa90): multiple definition of nop_coherent_user_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1418): first defined here cryptodev-linux-1.9/authenc.o: In function nop_flush_kern_dcache_area':
authenc.c:(.text+0xa98): multiple definition of nop_flush_kern_dcache_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1420): first defined here cryptodev-linux-1.9/authenc.o: In function nop_dma_flush_range':
authenc.c:(.text+0xa9c): multiple definition of nop_dma_flush_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1424): first defined here cryptodev-linux-1.9/authenc.o: In function nop_dma_map_area':
authenc.c:(.text+0xaa0): multiple definition of nop_dma_map_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1428): first defined here cryptodev-linux-1.9/authenc.o: In function nop_dma_unmap_area':
authenc.c:(.text+0xaa4): multiple definition of nop_dma_unmap_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x142c): first defined here cryptodev-linux-1.9/authenc.o: In function return_address':
authenc.c:(.text+0xaa8): multiple definition of return_address' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1430): first defined here cryptodev-linux-1.9/zc.o: In function nop_flush_icache_all':
zc.c:(.text+0x0): multiple definition of nop_flush_icache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1400): first defined here cryptodev-linux-1.9/zc.o: In function nop_flush_kern_cache_all':
zc.c:(.text+0x4): multiple definition of nop_flush_kern_cache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1404): first defined here cryptodev-linux-1.9/zc.o: In function nop_flush_kern_cache_louis':
zc.c:(.text+0x8): multiple definition of nop_flush_kern_cache_louis' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1408): first defined here cryptodev-linux-1.9/zc.o: In function nop_flush_user_cache_all':
zc.c:(.text+0xc): multiple definition of nop_flush_user_cache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x140c): first defined here cryptodev-linux-1.9/zc.o: In function nop_flush_user_cache_range':
zc.c:(.text+0x10): multiple definition of nop_flush_user_cache_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1410): first defined here cryptodev-linux-1.9/zc.o: In function nop_coherent_kern_range':
zc.c:(.text+0x14): multiple definition of nop_coherent_kern_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1414): first defined here cryptodev-linux-1.9/zc.o: In function nop_coherent_user_range':
zc.c:(.text+0x18): multiple definition of nop_coherent_user_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1418): first defined here cryptodev-linux-1.9/zc.o: In function nop_flush_kern_dcache_area':
zc.c:(.text+0x20): multiple definition of nop_flush_kern_dcache_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1420): first defined here cryptodev-linux-1.9/zc.o: In function nop_dma_flush_range':
zc.c:(.text+0x24): multiple definition of nop_dma_flush_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1424): first defined here cryptodev-linux-1.9/zc.o: In function nop_dma_map_area':
zc.c:(.text+0x28): multiple definition of nop_dma_map_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1428): first defined here cryptodev-linux-1.9/zc.o: In function nop_dma_unmap_area':
zc.c:(.text+0x2c): multiple definition of nop_dma_unmap_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x142c): first defined here cryptodev-linux-1.9/zc.o: In function return_address':
zc.c:(.text+0x30): multiple definition of return_address' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1430): first defined here cryptodev-linux-1.9/util.o: In function nop_flush_icache_all':
util.c:(.text+0x0): multiple definition of nop_flush_icache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1400): first defined here cryptodev-linux-1.9/util.o: In function nop_flush_kern_cache_all':
util.c:(.text+0x4): multiple definition of nop_flush_kern_cache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1404): first defined here cryptodev-linux-1.9/util.o: In function nop_flush_kern_cache_louis':
util.c:(.text+0x8): multiple definition of nop_flush_kern_cache_louis' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1408): first defined here cryptodev-linux-1.9/util.o: In function nop_flush_user_cache_all':
util.c:(.text+0xc): multiple definition of nop_flush_user_cache_all' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x140c): first defined here cryptodev-linux-1.9/util.o: In function nop_flush_user_cache_range':
util.c:(.text+0x10): multiple definition of nop_flush_user_cache_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1410): first defined here cryptodev-linux-1.9/util.o: In function nop_coherent_kern_range':
util.c:(.text+0x14): multiple definition of nop_coherent_kern_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1414): first defined here cryptodev-linux-1.9/util.o: In function nop_coherent_user_range':
util.c:(.text+0x18): multiple definition of nop_coherent_user_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1418): first defined here cryptodev-linux-1.9/util.o: In function nop_flush_kern_dcache_area':
util.c:(.text+0x20): multiple definition of nop_flush_kern_dcache_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1420): first defined here cryptodev-linux-1.9/util.o: In function nop_dma_flush_range':
util.c:(.text+0x24): multiple definition of nop_dma_flush_range' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1424): first defined here cryptodev-linux-1.9/util.o: In function nop_dma_map_area':
util.c:(.text+0x28): multiple definition of nop_dma_map_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x1428): first defined here cryptodev-linux-1.9/util.o: In function nop_dma_unmap_area':
util.c:(.text+0x2c): multiple definition of nop_dma_unmap_area' cryptodev-linux-1.9/ioctl.o:ioctl.c:(.text+0x142c): first defined here scripts/Makefile.build:444: recipe for target 'cryptodev-linux-1.9/cryptodev.o' failed make[3]: *** [cryptodev-linux-1.9/cryptodev.o] Error 1 Makefile:1228: recipe for target '_module_cryptodev-linux-1.9' failed make[2]: *** [_module_cryptodev-linux-1.9] Error 2 make[2]: Leaving directory 'linux-3.12' Makefile:27: recipe for target 'build' failed make[1]: *** [build] Error 2

Linux 4.3.y aead algorithm changed -> module doesn't compile

cryptodev module won't compile on linux kernel 4.3
quick history lookup on linux/include/linux/crypto.h shows that algorithm was replaced with a new one
https://github.com/torvalds/linux/commits/master/include/linux/crypto.h

ab7/cryptodev_int.h:118:0,
                 from /home/linux-kirkwood-dt/src/cryptodev-linux-da730106c2558c8e0c8e1b1b1812d32ef9574ab7/ioctl.c:53:
/home/linux-kirkwood-dt/src/cryptodev-linux-da730106c2558c8e0c8e1b1b1812d32ef9574ab7/cryptlib.h: In function 'cryptodev_cipher_auth':
/home/linux-kirkwood-dt/src/cryptodev-linux-da730106c2558c8e0c8e1b1b1812d32ef9574ab7/cryptlib.h:43:2: error: implicit declaration of function 'aead_request_set_assoc' [-Werror=implicit-function-declaration]
  aead_request_set_assoc(cdata->async.arequest, len ? sg1 : NULL, len);
  ^
cc1: some warnings being treated as errors

make error

DKMS make.log for cryptodev-1.10 for kernel 4.4.176-1-ARCH (armv5tel)
Fri Aug 16 07:40:52 UTC 2019
/var/lib/dkms/cryptodev/1.10/build/zc.c: In function '__get_userbuf':
/var/lib/dkms/cryptodev/1.10/build/zc.c:64:44: warning: passing argument 7 of 'get_user_pages' from incompatible pointer type [-Wincompatible-pointer-types]
(unsigned long)addr, pgcount, write, 0, pg, NULL);
^~
In file included from /var/lib/dkms/cryptodev/1.10/build/zc.c:28:
include/linux/mm.h:1225:31: note: expected 'struct vm_area_struct **' but argument is of type 'struct page **'
struct vm_area_struct **vmas);
~~~~~~~~~~~~~~~~~~~~~~~~^~~~
/var/lib/dkms/cryptodev/1.10/build/zc.c:63:8: error: too many arguments to function 'get_user_pages'
ret = get_user_pages(task, mm,
^~~~~~~~~~~~~~
In file included from /var/lib/dkms/cryptodev/1.10/build/zc.c:28:
include/linux/mm.h:1222:6: note: declared here
long get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
^~~~~~~~~~~~~~
make[2]: *** [scripts/Makefile.build:278: /var/lib/dkms/cryptodev/1.10/build/zc.o] Error 1
make[1]: *** [Makefile:1436: module/var/lib/dkms/cryptodev/1.10/build] Error 2
make: *** [Makefile:27: build] Error 2

Invalid argument when using plaintext larger than 38016 bytes

I use aes.c code in examples directory. And I have the following output when I use plaintext larger than 38016 bytes:

Got cbc(aes) with driver sahara-cbc-aes
Note: This is not an accelerated cipher
ioctl(CIOCCRYPT): Invalid argument
Got cbc(aes) with driver sahara-cbc-aes
Note: This is not an accelerated cipher
ioctl(CIOCCRYPT): Invalid argument

How can I fix it ?

Issues with CIOCCPHASH

A comment on the rather under-documented CIOCCPHASH, the code comment currently says:

 * The cphash_op parameter should contain the session id of
 * the source and destination sessions. Both sessions
 * must have been created with CIOGSESSION.

This doesn't quite capture the full requirements, which are that both sessions also have to be on the same fd, or a dup()'d fd. In other words if you're copying the state into a child process you can't open() a new handle to /dev/crypto in the child and CIOCCPHASH the session, but have to dup() the parent's handle and use that. So the code comment should more accurately say:

 * The cphash_op parameter should contain the session id of
 * the source and destination sessions. Both sessions
 * must have been created with CIOGSESSION and be associated
 * with the same fd to /dev/crypto, either by using the same
 * fd or making the fd for the destination session a dup() of
 * the one for the source session.

Also, could a CIOCCPCRYPT be added to match CIOCCPHASH? At the moment you can copy a hash session into a child process but not a crypto session, which limits the usefulness somewhat. Not sure how much work that would involve since there doesn't seem to be a crypto equivalent to crypto_ahash_export()/crypto_ahash_import() in the kernel.

linux kernel 4.6.0 error

Module won't compile with new kernel 4.6.0

DKMS make.log for cryptodev-1.8 for kernel 4.6.0-3-ARCH (armv7l)
Sat May 21 18:12:08 MDT 2016
/var/lib/dkms/cryptodev/1.8/build/zc.c: In function '__get_userbuf':
/var/lib/dkms/cryptodev/1.8/build/zc.c:62:23: warning: passing argument 1 of 'get_user_pages' makes integer from pointer without$
  ret = get_user_pages(task, mm,
                       ^~~~
In file included from /var/lib/dkms/cryptodev/1.8/build/zc.c:28:0:
include/linux/mm.h:1266:6: note: expected 'long unsigned int' but argument is of type 'struct task_struct *'
 long get_user_pages(unsigned long start, unsigned long nr_pages,
      ^~~~~~~~~~~~~~
/var/lib/dkms/cryptodev/1.8/build/zc.c:62:29: warning: passing argument 2 of 'get_user_pages' makes integer from pointer without$
  ret = get_user_pages(task, mm,
                             ^~
In file included from /var/lib/dkms/cryptodev/1.8/build/zc.c:28:0:
include/linux/mm.h:1266:6: note: expected 'long unsigned int' but argument is of type 'struct mm_struct *'
 long get_user_pages(unsigned long start, unsigned long nr_pages,
      ^~~~~~~~~~~~~~
/var/lib/dkms/cryptodev/1.8/build/zc.c:63:34: warning: passing argument 5 of 'get_user_pages' makes pointer from integer without$
    (unsigned long)addr, pgcount, write, 0, pg, NULL);
                                  ^~~~~
In file included from /var/lib/dkms/cryptodev/1.8/build/zc.c:28:0:
include/linux/mm.h:1266:6: note: expected 'struct page **' but argument is of type 'int'
 long get_user_pages(unsigned long start, unsigned long nr_pages,
      ^~~~~~~~~~~~~~
/var/lib/dkms/cryptodev/1.8/build/zc.c:62:8: error: too many arguments to function 'get_user_pages'
  ret = get_user_pages(task, mm,
        ^~~~~~~~~~~~~~
In file included from /var/lib/dkms/cryptodev/1.8/build/zc.c:28:0:
include/linux/mm.h:1266:6: note: declared here
 long get_user_pages(unsigned long start, unsigned long nr_pages,
      ^~~~~~~~~~~~~~
/var/lib/dkms/cryptodev/1.8/build/zc.c: In function 'release_user_pages':
/var/lib/dkms/cryptodev/1.8/build/zc.c:122:3: error: implicit declaration of function 'page_cache_release' [-Werror=implicit-fun$
   page_cache_release(ses->pages[i]);
   ^~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
scripts/Makefile.build:291: recipe for target '/var/lib/dkms/cryptodev/1.8/build/zc.o' failed
make[2]: *** [/var/lib/dkms/cryptodev/1.8/build/zc.o] Error 1
Makefile:1428: recipe for target '_module_/var/lib/dkms/cryptodev/1.8/build' failed
make[1]: *** [_module_/var/lib/dkms/cryptodev/1.8/build] Error 2
Makefile:27: recipe for target 'build' failed
make: *** [build] Error 2

Status of the mailing list

Hello,

The mailing list website is currently unreachable, so I could not add myself to the list, and email to the list cannot be delivered.

Regards
Christoph

compilation warning with openssl 1.1.0f

Hi,

I got below warnings in compilation with openssl 1.1.0f:

crypto/engine/eng_cryptodev.c: In function 'get_cryptodev_ciphers':
crypto/engine/eng_cryptodev.c:321:14: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
sess.key = (caddr_t) "123456789abcdefghijklmno";
^
crypto/engine/eng_cryptodev.c: In function 'get_cryptodev_digests':
crypto/engine/eng_cryptodev.c:360:17: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
sess.mackey = (caddr_t) "123456789abcdefghijklmno";
^
crypto/engine/eng_cryptodev.c: In function 'cryptodev_cipher':
crypto/engine/eng_cryptodev.c:451:14: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
cryp.src = (caddr_t) in;
^
crypto/engine/eng_cryptodev.c:452:14: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
cryp.dst = (caddr_t) out;
^
crypto/engine/eng_cryptodev.c:458:17: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
cryp.iv = (caddr_t) EVP_CIPHER_CTX_iv(ctx);
^
crypto/engine/eng_cryptodev.c: In function 'cryptodev_init_key':
crypto/engine/eng_cryptodev.c:511:15: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
sess->key = (caddr_t) key;
^
crypto/engine/eng_cryptodev.c: In function 'cryptodev_digest_init':
crypto/engine/eng_cryptodev.c:913:18: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
sess->mackey = state->dummy_mac_key;
^
crypto/engine/eng_cryptodev.c: In function 'cryptodev_digest_update':
crypto/engine/eng_cryptodev.c:966:14: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
cryp.src = (caddr_t) data;
^
crypto/engine/eng_cryptodev.c:968:14: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
cryp.mac = (caddr_t) state->digest_res;
^
crypto/engine/eng_cryptodev.c: In function 'cryptodev_digest_final':
crypto/engine/eng_cryptodev.c:995:18: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
cryp.src = state->mac_data;
^
crypto/engine/eng_cryptodev.c:997:18: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
cryp.mac = (caddr_t) md;
^
crypto/engine/eng_cryptodev.c: In function 'cryptodev_digest_copy':
crypto/engine/eng_cryptodev.c:1057:18: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
sess->mackey = dstate->dummy_mac_key;
^
crypto/engine/eng_cryptodev.c: In function 'bn2crparam':
crypto/engine/eng_cryptodev.c:1225:16: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
crp->crp_p = (caddr_t) b;
^
crypto/engine/eng_cryptodev.c: In function 'cryptodev_dsa_do_sign':
crypto/engine/eng_cryptodev.c:1493:28: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
kop.crk_param[0].crp_p = (caddr_t) dgst;
^
crypto/engine/eng_cryptodev.c: In function 'cryptodev_dsa_verify':
crypto/engine/eng_cryptodev.c:1540:28: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
kop.crk_param[0].crp_p = (caddr_t) dgst;
^
crypto/engine/eng_cryptodev.c: In function 'cryptodev_dh_compute_key':
crypto/engine/eng_cryptodev.c:1616:28: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
kop.crk_param[3].crp_p = (caddr_t) key;

They seems related to the patches in

http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest

However, those old patches can't work with openssl 1.1.0f. Any update? Do i still need new patch?

Thanks,

riggy2013

pgcrypto to use cryptodev

Hi,

Is there any reference on having pgcrypto to use cryptodev on an embedded system ?

kle

No file to patch. Skipping patch.

When I try to build a Linux distribution using the bitbake imx-image-multimedia command, the builder encounters an error in one part. The relevant parts in the error log are as follows:

NOTE: Applying patch '0001-Fix-module-loading-with-Linux-v5.0-rc5.patch' (../sources/poky/meta/recipes-kernel/cryptodev/files/0001-Fix-module-loading-with-Linux-v5.0-rc5.patch)
ERROR: Command Error: 'quilt --quiltrc /home/admin/Linux/Yocto/fsl-release-yocto/build/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/cryptodev-linux/1.10-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0  Output:
Applying patch 0001-Fix-module-loading-with-Linux-v5.0-rc5.patch
can't find file to patch at input line 33
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|Upstream-Status: Backport [https://github.com/cryptodev-linux/cryptodev-linux/commit/f971e0c]
|
|Backport patch from upstream to fix module cryptodev loading error.
|
|Signed-off-by: Kai Kang <[email protected]>
|
|From f971e0cd4a0ebe59fb2e8e17240399bf6901b09b Mon Sep 17 00:00:00 2001
|From: "Derald D. Woods" <[email protected]>
|Date: Sun, 10 Feb 2019 13:22:19 -0600
|Subject: [PATCH] Fix module loading with Linux v5.0-rc5
|
|This commit fixes this module load error:
|[...]
|[   29.112091] cryptodev: loading out-of-tree module taints kernel.
|[   29.128906] cryptodev: Unknown symbol crypto_givcipher_type (err -2)
|[   29.188842] cryptodev: Unknown symbol crypto_givcipher_type (err -2)
|modprobe: can't load module cryptodev (extra/cryptodev.ko): unknown symbol in module, or unknown parameter
|[...]
|
|Upstream Linux support for unused GIVCIPHER, and others, was dropped here:
|
|c79b411eaa72 (crypto: skcipher - remove remnants of internal IV generators)
|
|Signed-off-by: Derald D. Woods <[email protected]>
|---
| cryptlib.c | 9 +++++++--
| 1 file changed, 7 insertions(+), 2 deletions(-)
|
|diff --git a/cryptlib.c b/cryptlib.c
|index 6e66698..4a87037 100644
|--- a/cryptlib.c
|+++ b/cryptlib.c
--------------------------
No file to patch.  Skipping patch.
2 out of 2 hunks ignored
Patch 0001-Fix-module-loading-with-Linux-v5.0-rc5.patch does not apply (enforce with -f)
DEBUG: Python function patch_do_patch finished
DEBUG: Python function do_patch finished

A link is mentioned above: f971e0c
But I can't understand the changes.
The contents of relevant source files used by bitbake are as follows:

HOMEPAGE = "http://cryptodev-linux.org/"

LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"

SRC_URI = "https://github.com/cryptodev-linux/cryptodev-linux.git \
           file://0001-Fix-module-loading-with-Linux-v5.0-rc5.patch \
           "
BB_STRICT_CHECKSUM = "0"
SRCREV = "fd8b15ef1c8398a69a37932ee48c74ab40329a29"

S = "${WORKDIR}/git"

CLEANBROKEN = "1"

I am not very familiar with relevant knowledge, so what should I do? Thanks.

What's the supported kernel version list?

Which kernel versions are supported by cryptodev-linux?
Does it support all kernel versions with Kernel crypto API(since kernel version 2.5.45)?

make fail: zc.c:80:8: error: too many arguments to function ‘get_user_pages_remote’

uname -a

Linux % 5.10.11-gentoo-x86_64 #8 SMP PREEMPT Tue Feb 2 06:58:12 EET 2021 x86_64 AMD Ryzen 5 4600H with Radeon Graphics AuthenticAMD GNU/Linux

emerge --info cryptodev

Portage 3.0.13 (python 3.7.9-final-0, default/linux/amd64/17.1/no-multilib/hardened, gcc-10.2.0, glibc-2.32-r5, 5.10.11-gentoo-x86_64 x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-5.10.11-gentoo-x86_64-x86_64-AMD_Ryzen_5_4600H_with_Radeon_Graphics-with-gentoo-2.7
KiB Mem:     7436844 total,   1619088 free
KiB Swap:   11534328 total,  11132920 free
Timestamp of repository gentoo: Wed, 03 Feb 2021 00:45:01 +0000
Head commit of repository gentoo: b6ced79feffe6c2ca48b6fb735b8715c1d26ffe0
Timestamp of repository poly-c: Mon, 01 Feb 2021 11:55:55 +0000
sh bash 5.0_p18
ld GNU gold (Gentoo 2.35.1 p2 2.35.1) 1.16
ccache version 4.1 [disabled]
app-shells/bash:          5.0_p18::gentoo
dev-java/java-config:     2.3.1::gentoo
dev-lang/perl:            5.30.3::gentoo
dev-lang/python:          2.7.18-r6::gentoo, 3.7.9-r2::gentoo, 3.8.7-r1::gentoo, 3.9.1-r1::gentoo
dev-util/ccache:          4.1::gentoo
dev-util/cmake:           3.18.5::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.7::gentoo
sys-apps/openrc:          0.42.1-r1::gentoo
sys-apps/sandbox:         2.20::gentoo
sys-devel/autoconf:       2.13-r1::gentoo, 2.69-r5::gentoo
sys-devel/automake:       1.13.4-r2::gentoo, 1.15.1-r2::gentoo, 1.16.2-r1::gentoo
sys-devel/binutils:       2.35.1-r1::gentoo
sys-devel/gcc:            9.3.0-r2::gentoo, 10.2.0-r5::gentoo
sys-devel/gcc-config:     2.3.2-r1::gentoo
sys-devel/libtool:        2.4.6-r6::gentoo
sys-devel/make:           4.3::gentoo
sys-kernel/linux-headers: 5.10::gentoo (virtual/os-headers)
sys-libs/glibc:           2.32-r5::gentoo

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=znver2 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /var/lib/i2pd/certificates"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.4/ext-active/ /etc/php/cgi-php7.4/ext-active/ /etc/php/cli-php7.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=znver2 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS=" --quiet=y --quiet-build=y --quiet-fail=y --quiet-repo-display --verbose-conflict --keep-going --with-bdeps=y --jobs=3 --load-average=11"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs candy cgroup compress-build-logs compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync metadata-transfer multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms split-elog split-log splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="ru_RU.UTF-8"
LC_ALL="ru_RU.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en ru uk ua"
MAKEOPTS="-j12 --load-average=11"
PKGDIR="/usr/portage/packages"
PORTAGE_BUNZIP2_COMMAND="lbzip2 -d -n10"
PORTAGE_BZIP2_COMMAND="lbzip2 -n10"
PORTAGE_COMPRESS="pbzip2"
PORTAGE_COMPRESS_FLAGS="-19"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS=" --quiet"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/tmp"
USE="256-color X aac acl acpi afp aio alsa amd64 amr amrenc apparmor archive argon2 aspell audit bash-completion bazaar bcrypt berkdb bluetooth bluray box brotli btrfs bzip2 cairo caja caps ccache cdda cdr cec chm chromaprint chromium clang color-management connection-sharing conntrack corefonts cover cpudetection crypt cuda cue cups curl cvs dav1d dbus designer dga dia djvu dnssec dnstap dropbox dvi eds egl elogind empathy enca enchant epub espeak; exfat exif faac faad fbcon fdk ffmpeg firewire flac flite fluidsynth fontconfig fontforge; freeimage ftp fuse gdbm geo geoip geoip2 geolocation gga ggi gif gimp git glamor gles2 gmp gnome gnome-keyring gnome-online-accounts googledrive gpg gphoto2 gpm gps grammar graphite gsm gstreamer gtkspell hardened highlight http2 hunspell iconv icu id3tag idn iec61883 ieee1394 imagemagick infinality inotify introspection ipc ipod iproute2 ipv6 jemalloc jpeg jpeg2k keyring ladspa lcms ldap ldap-sasl lensfun libaom libass libcaca libevent libglvnd libnotify libproxy librtmp libssh libssh2 libtirpc libxml2 lm-sensors lm_sensors lto lv2 lz4 lzip lzma lzo mad magic map markdown mbox memcached mercurial metalink midi mikmod mms mobi mod modemmanager modplug mp2 mp3 mp4 mpeg mpg mplayer mta mtp multimedia musepack ncurses netlink networkmanager nfs nftables nls nntp nptl nsplugin ntfs ocr office ofono ogg opencl openexr opengl openh264 openldap openmp opus pam pax_kernel pcap pcre pcre16 pdf pdfimport pgo pic pidgin pie pkcs11 png policykit postgres postscript profile profiling protobuf pulseaudio pwquality qt5 qtmedia quota rav1e raw rdp readline resolvconf rtmp rubberband samba sane sanitize sctp sdl seafile seccomp sensors sftp share skydrive slang smartcard smi smime snappy socks5 speech speex spell split-usr sqlite squashfs srt ssh ssl ssp subversion svg syslog system-av1 system-binutils system-boost system-bootstrap system-cairo system-clang system-crontab system-digest system-ffmpeg system-harfbuzz system-heimdal system-icu system-jpeg system-jsoncpp system-libevent system-libmspack system-libs system-libvpx system-libyaml system-llvm system-lua system-mitkrb5 system-openh264 system-openjpeg system-qemu system-qt system-snappy system-sqlite system-tbb system-uulib system-wine system-zlib t1lib tbb tcl tcmalloc telephaty tftp theora thesaurus threads tiff timidity tk tpm tremor truetype udev udisks unicode unwind upnp upower usb uuid v4l vaapi vala valgrind vdpau virgl vlc vnc vorbis vpx vtk vulkan vulkan-overlay wavpack wayland webdav webengine webkit webp wifi wireguard x264 x265 x509 xa xattr xcb xdg xinerama xkb xmp xps xscreensaver xtpax xv xvid xvmc zeroconf zeromq zink zlib zstd zvbi" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="hda-intel snd-hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias access_compat" CALLIGRA_FEATURES="karbon sheets words" CAMERAS="*" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="*" GRUB_PLATFORMS="pc" INPUT_DEVICES="libinput evdev libinput synaptics mtouch" KERNEL="linux" L10N="en ru uk ua" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LLVM_TARGETS="AMDGPU NVPTX BPF" LUA_SINGLE_TARGET="lua5-1 lua51" LUA_TARGETS="lua5-1 lua51" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_7" PYTHON_TARGETS="python3_7" QEMU_SOFTMMU_TARGETS="arm aarch64 x86_64 sparc" QEMU_USER_TARGETS="x86_64" RUBY_TARGETS="ruby26" USERLAND="GNU" VIDEO_CARDS="fbdev amdgpu radeon radeonsi v4l virgl nvidia nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, PORTAGE_BINHOST

LC_ALL=en_US.UTF-8 emerge cryptodev

 * Package:    sys-kernel/cryptodev-1.11
 * Repository: gentoo
 * Maintainer: [email protected]
 * USE:        abi_x86_64 amd64 elibc_glibc kernel_linux userland_GNU
 * FEATURES:   compressdebug network-sandbox preserve-libs sandbox splitdebug userpriv usersandbox
 * Determining the location of the kernel source code
 * Found kernel source directory:
 *     /usr/src/linux
 * Found sources for kernel version:
 *     5.10.11-gentoo-x86_64
 * Checking for suitable kernel configuration options...
 [ ok ]
ln: failed to create symbolic link 'Module.symvers': File exists
 * Preparing cryptodev module
make -C /usr/src/linux M=/tmp/portage/sys-kernel/cryptodev-1.11/work/cryptodev-linux-cryptodev-linux-1.11 ARCH=x86 CROSS_COMPILE=x86_64-pc-linux-gnu- modules
make[1]: Entering directory '/usr/src/linux-5.10.11-gentoo'

  ERROR: Kernel configuration is invalid.
         include/generated/autoconf.h or include/config/auto.conf are missing.
         Run 'make oldconfig && make prepare' on kernel src to fix it.

make[1]: *** [Makefile:718: include/config/auto.conf] Error 1
make[1]: Leaving directory '/usr/src/linux-5.10.11-gentoo'
make: *** [Makefile:27: build] Error 2
 * ERROR: sys-kernel/cryptodev-1.11::gentoo failed (compile phase):
 *   emake failed
 * 
 * If you need support, post the output of `emerge --info '=sys-kernel/cryptodev-1.11::gentoo'`,
 * the complete build log and the output of `emerge -pqv '=sys-kernel/cryptodev-1.11::gentoo'`.
 * The complete build log is located at '/var/log/portage/build/sys-kernel/cryptodev-1.11:20210203-082716.log.gz'.
 * For convenience, a symlink to the build log is located at '/tmp/portage/sys-kernel/cryptodev-1.11/temp/build.log.gz'.
 * The ebuild environment file is located at '/tmp/portage/sys-kernel/cryptodev-1.11/temp/environment'.
 * Working directory: '/tmp/portage/sys-kernel/cryptodev-1.11/work/cryptodev-linux-cryptodev-linux-1.11'
 * S: '/tmp/portage/sys-kernel/cryptodev-1.11/work/cryptodev-linux-cryptodev-linux-1.11'

cd /root/del/cryptodev-linux-cryptodev-linux-1.11 && make

/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c: In function ‘__get_userbuf’:
/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:80:30: error: passing argument 1 of ‘get_user_pages_remote’ from incompatible pointer type [-Werror=incompatible-pointer-types]
   80 |  ret = get_user_pages_remote(task, mm,
      |                              ^~~~
      |                              |
      |                              struct task_struct *
In file included from /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:28:
./include/linux/mm.h:1722:46: note: expected ‘struct mm_struct *’ but argument is of type ‘struct task_struct *’
 1722 | long get_user_pages_remote(struct mm_struct *mm,
      |                            ~~~~~~~~~~~~~~~~~~^~
/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:80:36: warning: passing argument 2 of ‘get_user_pages_remote’ makes integer from pointer without a cast [-Wint-conversion]
   80 |  ret = get_user_pages_remote(task, mm,
      |                                    ^~
      |                                    |
      |                                    struct mm_struct *
In file included from /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:28:
./include/linux/mm.h:1723:22: note: expected ‘long unsigned int’ but argument is of type ‘struct mm_struct *’
 1723 |        unsigned long start, unsigned long nr_pages,
      |        ~~~~~~~~~~~~~~^~~~~
/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:81:53: warning: passing argument 5 of ‘get_user_pages_remote’ makes pointer from integer without a cast [-Wint-conversion]
   81 |    (unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
      |                                  ~~~~~~~~~~~~~~~~~~~^~~
      |                                                     |
      |                                                     int
In file included from /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:28:
./include/linux/mm.h:1724:46: note: expected ‘struct page **’ but argument is of type ‘int’
 1724 |        unsigned int gup_flags, struct page **pages,
      |                                ~~~~~~~~~~~~~~^~~~~
/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:82:4: error: passing argument 6 of ‘get_user_pages_remote’ from incompatible pointer type [-Werror=incompatible-pointer-types]
   82 |    pg, NULL, NULL);
      |    ^~
      |    |
      |    struct page **
In file included from /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:28:
./include/linux/mm.h:1725:32: note: expected ‘struct vm_area_struct **’ but argument is of type ‘struct page **’
 1725 |        struct vm_area_struct **vmas, int *locked);
      |        ~~~~~~~~~~~~~~~~~~~~~~~~^~~~
/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:80:8: error: too many arguments to function ‘get_user_pages_remote’
   80 |  ret = get_user_pages_remote(task, mm,
      |        ^~~~~~~~~~~~~~~~~~~~~
In file included from /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:28:
./include/linux/mm.h:1722:6: note: declared here
 1722 | long get_user_pages_remote(struct mm_struct *mm,
      |      ^~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c: In function ‘__get_userbuf’:
/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:80:30: error: passing argument 1 of ‘get_user_pages_remote’ from incompatible pointer type [-Werror=incompatible-pointer-types]
   80 |  ret = get_user_pages_remote(task, mm,
      |                              ^~~~
      |                              |
      |                              struct task_struct *
In file included from /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:28:
./include/linux/mm.h:1722:46: note: expected ‘struct mm_struct *’ but argument is of type ‘struct task_struct *’
 1722 | long get_user_pages_remote(struct mm_struct *mm,
      |                            ~~~~~~~~~~~~~~~~~~^~
/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:80:36: warning: passing argument 2 of ‘get_user_pages_remote’ makes integer from pointer without a cast [-Wint-conversion]
   80 |  ret = get_user_pages_remote(task, mm,
      |                                    ^~
      |                                    |
      |                                    struct mm_struct *
In file included from /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:28:
./include/linux/mm.h:1723:22: note: expected ‘long unsigned int’ but argument is of type ‘struct mm_struct *’
 1723 |        unsigned long start, unsigned long nr_pages,
      |        ~~~~~~~~~~~~~~^~~~~
/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:81:53: warning: passing argument 5 of ‘get_user_pages_remote’ makes pointer from integer without a cast [-Wint-conversion]
   81 |    (unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
      |                                  ~~~~~~~~~~~~~~~~~~~^~~
      |                                                     |
      |                                                     int
In file included from /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:28:
./include/linux/mm.h:1724:46: note: expected ‘struct page **’ but argument is of type ‘int’
 1724 |        unsigned int gup_flags, struct page **pages,
      |                                ~~~~~~~~~~~~~~^~~~~
/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:82:4: error: passing argument 6 of ‘get_user_pages_remote’ from incompatible pointer type [-Werror=incompatible-pointer-types]
   82 |    pg, NULL, NULL);
      |    ^~
      |    |
      |    struct page **
In file included from /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:28:
./include/linux/mm.h:1725:32: note: expected ‘struct vm_area_struct **’ but argument is of type ‘struct page **’
 1725 |        struct vm_area_struct **vmas, int *locked);
      |        ~~~~~~~~~~~~~~~~~~~~~~~~^~~~
/root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:80:8: error: too many arguments to function ‘get_user_pages_remote’
   80 |  ret = get_user_pages_remote(task, mm,
      |        ^~~~~~~~~~~~~~~~~~~~~
In file included from /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.c:28:
./include/linux/mm.h:1722:6: note: declared here
 1722 | long get_user_pages_remote(struct mm_struct *mm,
      |      ^~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
make[2]: *** [scripts/Makefile.build:279: /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.o] Ошибка 1
make[2]: *** [scripts/Makefile.build:279: /root/del/cryptodev-linux-cryptodev-linux-1.11/zc.o] Ошибка 1
make[1]: *** [Makefile:1805: /root/del/cryptodev-linux-cryptodev-linux-1.11] Error 2
make[1]: *** [Makefile:1805: /root/del/cryptodev-linux-cryptodev-linux-1.11] Error 2
make: *** [Makefile:27: build] Ошибка 2
make: *** [Makefile:27: build] Ошибка 2

Request for a new release

Any chance we could get 1.9 released any time soon? It's been over a year since 1.8 and it doesn't work with recent kernels.

cipher-gcm test_crypto failed.

Downloaded cryptodev-linux and compiled cipher-gcm, run it on my machine, but it failed with 'Invalid argument'.

./cipher-gcm

test_crypto: 120
ioctl(CIOCGSESSION): Invalid argument

but for other algorithm such as AES, HASH and HMAC, there is no such problem.

What's the possible reason for this issue? Thanks.

Encrypting large buffers with AES-CTR

Hi everyone,

I'm currently trying to incorporate cryptodev into an application I'm writing. The application does a lot of AES-CTR encryption and decryption as well as SHA256 checksumming and I was aiming to utilize the hardware capabilities of the ARM-board I'm using. I'm using the Wandboard which is using an i.MX6 SoC that has hardware crypto acceleration called CAAM and does support both AES-CTR and SHA256.

Integrating cryptodev was pretty easy by following the examples, it was also much easier than AF_ALG and I had some quick success with both AES and SHA. However, I noticed that there are loads of messages like this on dmesg:

[93503.170342] cryptodev: aes.test[11535] (adjust_sg_array:93): reallocating from 32 to 256 pages

This seems to pop up, as soon as the length of the operation I'm passing via the CIOCCRYPT ioctl is larger than 128KiB. My application mostly uses data chunks of 4MiB with different keys and IVs.
I was able to avoid this message for SHA by splitting my data in 128KiB chunks and 'streaming' it by setting the operation flags to COP_FLAG_UPDATE and COP_FLAG_FINAL accordingly.

However, with AES no such thing exists. I cannot avoid the message by reusing an existing session because I can't change the key, I also cannot split my data and 'stream' it in multiple operations or I'll get invalid ciphertext. I assume this is because the counter used for AES-CTR is starting from the same startpoint (probably zero) for each new operation I'm sending. Contrary to CBC, where you could just use the last block as the IV for the next chunk of data, you can't do something like that with CTR as the IV stays the same for the whole operation and only the counter changes.

Is there any way to 'stream' the data like you can with the hash algorithms?

I've no idea if this kernel message should be avoided or if I should just try to silence it by setting the log level of that message or increasing DEFAULT_PREALLOC_PAGES.

The OpenSSL engine does not seem to be working for CTR mode. The test vectors in make checkseem to fail.

Any input would be greatly appreciated.

CruX

The AES CTR cipher doesn't get any engine acceleration, due to an enum expected as a define

Hello,

I've noticed that in https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/engine/eng_cryptodev.c the CRYPTO_AES_CTR is used for a preprocessor check.

In BSD https://github.com/openbsd/src/blob/master/sys/crypto/cryptodev.h is indeed declared with a #define.

In cryptdev-linux in instead declared in an enum, which makes it not defined for the preprocessor.

To make the AES CTR cipher engine acceleration works, I had to patch my OpenSSL. I would like to propose a patch here, but I don't see any other option rather than changing back that enum to a set of #define.

What do you think?

AES-GCM tag issue

I'm using the test-cryptodev.c as a library in my project and using it like this:

int Encryption::aes_encrypt_hw_cryptodev(uint8_t* message, size_t size)
{
    int status = aes_gcm_encrypt(&_ctx, _iv.data(), message + size, GCM_TAG_SIZE, message, message, size);
    memcpy(message + size + GCM_TAG_SIZE, _iv.data(), IV_SIZE);
   
    return status;
}

However testing it with:

std::vector<uint8_t> test_data(60);
std::iota(test_data.begin(), test_data.end(), 0);
test_data.resize(test_data.size() + 28, 0);
for (int i = 0; i < test_data.size(); ++i)
    std::cout << std::hex << (int)test_data[i] << ",";
std::cout << std::endl;
storage._enc.aes_encrypt_hw_cryptodev(test_data.data(), 60);
for (int i = 0; i < test_data.size(); ++i)
    std::cout << std::hex << (int)test_data[i] << ",";
std::cout << std::endl;

//std::vector<uint8_t> tag = {0x5e,0xe3,0x02,0x88,0x05,0xe7,0x16,0x12,0x02,0xcb,0x6d,0xcd,0xac,0x77,0xa1,0x55};
//memcpy(test_data.data() + 60, tag.data(), tag.size());

std::vector<uint8_t> output;

storage._enc.aes_decrypt_hw_cryptodev(test_data, output);
for (int i = 0; i < output.size(); ++i)
    std::cout << std::hex << "0x" << (int)output[i] << ",";
std::cout << std::endl;

Results in the wrong tag being calculated (commented is a tag that was calculated with 2 different apis, pytcryptodom and pyka, in python). The tag I obtain with cryptodev is: 5f,db,87,1f,63,c4,a4,b1,c9,58,93,a5,ad,16,d5,29

However copying the correct tag at the end of the message does not result in correct authentication of the message.
In this state although able to encrypt/decrypt correctly, the tag is useless.

SSH with openssl "mux digest failed"

When using SSH -> OpenSSL -> Cryptodev, any ssh connection fails with "main: mux digest failed". Unloading the cryptodev module fixes this.
It didn't work whithout using this patch, because (strangely enough) it needs the CAST and ARC4 algorithms, which I supplied to module using the following patch:

--- a/ioctl.c        2020-07-28 10:03:59.000000000 +0200
+++ b/ioctl.c       2020-11-30 15:21:42.254425766 +0100
@@ -141,6 +141,9 @@
        case CRYPTO_BLF_CBC:
                alg_name = "cbc(blowfish)";
                break;
+       case CRYPTO_CAST_CBC:
+               alg_name = "cbc(cast5)";
+               break;
        case CRYPTO_AES_CBC:
                alg_name = "cbc(aes)";
                break;
@@ -154,6 +157,10 @@
                alg_name = "ctr(aes)";
                stream = 1;
                break;
+       case CRYPTO_ARC4:
+               alg_name = "ecb(arc4)";
+               stream = 1;
+               break;
        case CRYPTO_AES_GCM:
                alg_name = "gcm(aes)";
                stream = 1;

the output then becomes:
ssh -v:

ssh -vvv janpieter@localhost
OpenSSH_8.1p1-hpn14v20, OpenSSL 1.1.1h  22 Sep 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
main: mux digest failed

and dmesg with modprobe cryptodev cryptodev_verbosity=2

[71235.694106] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000423bf98f
[71235.694109] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000f2369511
[71235.694110] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000bec985b5
[71235.694111] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000d9a9db5b
[71235.694112] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000e871bc12
[71235.694113] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000db1e27b5
[71235.694114] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000bda86a0a
[71235.694115] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000fdd0f066
[71235.694116] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000204927c8
[71235.694117] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000eb9cd034
[71235.694118] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000dc6d84ab
[71235.694119] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000cd166932
[71235.694120] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000379487d6
[71235.694121] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 00000000c375c39e
[71235.694122] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 0000000078ffd676
[71235.694123] cryptodev: ssh[10219] (cryptodev_open:532): allocated new item at 0000000022b19d65
[71235.694124] cryptodev: ssh[10219] (cryptodev_open:536): Cryptodev handle initialised, 16 elements in queue
[71235.694146] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694146] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694150] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x190F00EB
[71235.694151] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694156] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694156] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694159] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x43D60BCD
[71235.694160] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694210] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694211] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694213] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x5490F79C
[71235.694215] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694222] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694223] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694225] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xBA693E10
[71235.694227] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694232] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694233] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694235] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x15CFEDF9
[71235.694236] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694240] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694241] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694243] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x6E125EE8
[71235.694244] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694248] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694249] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694251] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xED81DAF4
[71235.694252] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694256] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694257] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694259] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x4762DD9A
[71235.694260] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694265] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694265] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694268] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xF47E94D5
[71235.694269] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694272] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694273] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694275] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x2D355A2A
[71235.694276] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694280] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694281] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694283] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xBD8516F0
[71235.694284] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694288] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694289] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694291] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x92EB0AB2
[71235.694292] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694295] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694296] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694298] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x4FBC29AE
[71235.694299] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694306] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694306] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694309] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xB2C268D9
[71235.694310] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694316] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694317] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694319] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x8261276E
[71235.694320] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694324] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694325] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694327] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x4907B040
[71235.694328] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694332] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694333] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694335] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x005A1552
[71235.694336] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694340] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694341] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694345] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694345] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694348] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x7F105186
[71235.694349] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694350] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x6580499E
[71235.694351] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694355] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694356] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694360] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694361] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694364] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x725406C1
[71235.694365] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694366] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xE7C091B8
[71235.694367] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694370] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694371] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694374] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694375] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694378] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xB05D986F
[71235.694379] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694380] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x38429409
[71235.694380] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694384] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694385] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694389] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694390] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694392] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x63A1A138
[71235.694393] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694394] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x950BD53D
[71235.694395] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694399] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694399] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694403] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694404] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694406] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xCA45C941
[71235.694407] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694408] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x2E989CC4
[71235.694409] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694412] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694413] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694417] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694417] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694420] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x7D1FBF55
[71235.694421] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694422] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x0FF1205D
[71235.694423] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694426] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694426] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694430] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.694431] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.694433] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x75D7C036
[71235.694434] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.694435] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x7E34A22C
[71235.694436] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695328] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695329] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695343] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695344] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695361] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x476C4CB4
[71235.695362] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695366] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695366] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695372] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xAF1438CC
[71235.695373] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695377] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695377] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695383] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695384] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695394] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695395] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695402] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x92E82E5D
[71235.695403] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695407] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695408] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695413] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x2C0D787B
[71235.695414] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695417] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695418] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695421] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x4199D908
[71235.695422] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695426] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695426] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695432] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xBC7CB7E6
[71235.695433] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695437] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695437] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695440] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xF5E85CED
[71235.695441] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695445] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695445] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695451] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695452] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695463] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xBC1E8FA3
[71235.695464] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695467] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695468] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695474] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x58ABDF47
[71235.695475] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695478] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695479] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695484] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695485] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695494] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x5D19B009
[71235.695495] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695498] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695499] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695504] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x60E8C001
[71235.695505] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695508] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695509] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695512] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0xED1FEEB9
[71235.695513] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695516] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695517] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695523] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x1C242588
[71235.695524] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695527] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695528] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695530] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x17FF9D9E
[71235.695531] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695535] cryptodev: ssh[10219] (crypto_create_session:307): got alignmask 0
[71235.695536] cryptodev: ssh[10219] (crypto_create_session:310): preallocating for 32 user pages
[71235.695571] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 0000000022b19d65
[71235.695572] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 0000000078ffd676
[71235.695573] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000c375c39e
[71235.695574] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000379487d6
[71235.695575] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000cd166932
[71235.695576] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000dc6d84ab
[71235.695576] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000eb9cd034
[71235.695577] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000204927c8
[71235.695578] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000fdd0f066
[71235.695579] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000bda86a0a
[71235.695580] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000db1e27b5
[71235.695580] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000e871bc12
[71235.695581] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000d9a9db5b
[71235.695582] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000bec985b5
[71235.695583] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000f2369511
[71235.695584] cryptodev: ssh[10219] (cryptodev_release:571): freeing item at 00000000423bf98f
[71235.695584] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x019AC9D0
[71235.695586] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695587] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x96D48220
[71235.695588] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695589] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x57588DA1
[71235.695590] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695591] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x4FA46201
[71235.695592] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695592] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x15AA45B1
[71235.695593] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695594] cryptodev: ssh[10219] (crypto_destroy_session:365): Removed session 0x0A1CE729
[71235.695595] cryptodev: ssh[10219] (crypto_destroy_session:368): freeing space for 32 user pages
[71235.695596] cryptodev: ssh[10219] (cryptodev_release:592): Cryptodev handle deinitialised, 16 elements freed

unloading cryptodev module from kernel fixes the "mux digest failed" issue.
But the question here is: is this an openssl bug or a cryptodev bug? I do not know what it might be, so if it's not yours, please let me know.

Possible error due to use of cryptodev

Hi. Terrible title I know.
First off, thank you for cryptodev. I have been using it for a few years on my arm device, currently on Funtoo. In fact, I have an ebuild on github to ease installation of cryptodev for Funtoo/Gentoo users: https://github.com/yuyuyak/cryptodev-funtoo-gentoo-ebuild
I spent the better part of the day today creating self-signed certificates for my asterisk installation. I used the suggested script they have to generate, or rather try to generate the certs. You can find their script here: https://github.com/rillian/asterisk-opus/blob/master/contrib/scripts/ast_tls_cert
Repeatedly I got the following error, apparently at line 46 of that script:
Signature verification error
3069519056:error:0D0C50C7:asn1 encoding routines:ASN1_item_verify:unknown signature algorithm:a_verify.c:154:

With the result being failure to generate all the certs needed.
After spending many hours searching the web I saw some posts referring to that error and attributing it to problems with cryptodev, on the archlinuxarm forum for example. The light bulb came on and I copied the script to my 64 bit laptop, also running Funtoo and of course, openssl is installed there as well. Voila! Works first try using exactly the same command line arguments.
I don't pretend to understand what's going on but I wanted to make you aware of it. AFAIK cryptodev seems ok for the most part on my arm device, as you can see at my github reference the tests you suggest seem to show a great increase in speed, etc.
My problem seems solved, but I will certainly be happy to assist any way I can to help chase down this error, unless you think it is a local glitch or something.
Thanks.
Oh, my latest install of cryptodev, pulled directly from here, is about a month old, not much more than that. When kernel 3.14.0 came down the pipe.

cryptodev-linux tests Incompatible with openssl 1.1

| openssl_wrapper.c:27:11: error: field 'hmac' has incomplete type
| HMAC_CTX hmac;
| ^~~~
| openssl_wrapper.c:28:13: error: field 'md' has incomplete type
| EVP_MD_CTX md;
| ^~
| openssl_wrapper.c: In function 'remove_mapping':
| openssl_wrapper.c:68:3: warning: implicit declaration of function 'HMAC_CTX_cleanup' [-Wimplicit-function-declaration]
| HMAC_CTX_cleanup(&mapping->ctx.hmac);
| ^~~~~~~~~~~~~~~~
| openssl_wrapper.c:72:3: warning: implicit declaration of function 'EVP_MD_CTX_cleanup' [-Wimplicit-function-declaration]
| EVP_MD_CTX_cleanup(&mapping->ctx.md);
| ^~~~~~~~~~~~~~~~~~
| openssl_wrapper.c: In function 'openssl_hmac':
| openssl_wrapper.c:133:3: warning: implicit declaration of function 'HMAC_CTX_init' [-Wimplicit-function-declaration]
| HMAC_CTX_init(ctx);
| ^~~~~~~~~~~~~