I am working with LS1046ARDB Evaluation Board to develop a network based application. I have started my project with Flex-builder(flexbuild_lsdk2108), Flex-installer(version: 1.13.2108) and Codewarrior IDE.
user@localhost:~$ openssl version -a
openssl: symbol lookup error: openssl: undefined symbol: EVP_mdc2, version OPENSSL_1_1_0
user@localhost:~$
Then i refer below URL to resolve the openssl version 1.1.1 and openssl working well
#https://community.nxp.com/t5/Layerscape/Hardware-Offloading-of-NXP-CAAM-using-OpenSSL-in-LS1046A/m-p...
user@localhost:~$ openssl version -a
OpenSSL 1.1.1d 10 Sep 2019
built on: Fri May 27 07:03:31 2022 UTC
platform: linux-aarch64
options: bn(64,64) rc4(char) des(int) idea(int) blowfish(ptr)
compiler: aarch64-linux-gnu-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_e
OPENSSLDIR: "/usr/local/lib/ssl"
ENGINESDIR: "/usr/local/lib/engines-1.1"
Seeding source: os-specific
user@localhost:~$
Now CAAM hardware will offloaded into OpenSSL:
user@localhost:~$ sudo modprobe cryptodev
[sudo] password for user:
user@localhost:~$ ls /dev/crypto
/dev/crypto
user@localhost:~$ openssl engine
(devcrypto) /dev/crypto engine
(dynamic) Dynamic engine loading support
Successfully CAAM hardware was offloanded into Openssl-1.1.1d.
But our project requirement Key-Based key derivation function "SP 800-108 compliant" to achive the function we are using openssl version 3.0
So i refered "9.1.1.2 Manual Build of OpenSSL with Cryptodev Engine Support" from below URL :#https://www.nxp.com/docs/en/user-guide/LSDKUG_Rev21.08.pdf
In that manual we taken git repo of openssl version 3.0.2 by below command with tag option:
$ git clone -b openssl-3.0.2 --single-branch https://source.codeaurora.org/external/qoriq/qoriq-components/openssl
after sudo make command we additional tested "sudo make test" end up with error "30-test_afalg.t (Wstat: 256 Tests: 1 Failed: 1)" and i attach the error log also "openssl_make_test_log.txt".after that "$ sudo make install" done and Openssl-3.0.2 installed successfully
user@localhost:~$ openssl version -a
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
built on: Fri Jul 29 06:49:57 2022 UTC
platform: linux-aarch64
options: bn(64,64)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -I./include
OPENSSLDIR: "/usr/local/lib/ssl"
ENGINESDIR: "/usr/local/lib/engines-3"
MODULESDIR: "/usr/local/lib/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_armcap=0xbf
Now CAAM hardware will offloaded into OpenSSL:
user@localhost:$ sudo modprobe caam
user@localhost:$ sudo modprobe cryptodev
user@localhost:$ ls /dev/crypto
/dev/crypto
user@localhost:$ openssl engine
(dynamic) Dynamic engine loading support
user@localhost:$
"(devcrypto) /dev/crypto engine" log message not display in console .
OpenSSL Hardware offloading issue is due to following factors,
1. Configuration or linker path is not did correctly
2. OpenSSL 3.0.2 is not supporting the NXP CAAM to get offload
Provide us a neccessary solution to overcome the offloading issue in OpenSSL 3.0.2.
@sheikfaaruk For us upgrading to 3.0.8 resolved the issue (https://github.com/openssl/openssl/issues/17995).
Since OpenSSL is upgraded to 3.0, the command line for "openssl -xxx xxx -x -engine devcrypto" ; must include the string -engine devcrypto.
Please refer to the following.
root@localhost:~/git# cat /proc/interrupts | grep jr
78: 75 0 0 0 GICv2 103 Level 1710000.jr
79: 48 0 0 0 GICv2 104 Level 1720000.jr
80: 0 0 0 0 GICv2 105 Level fsl-jr0
root@localhost:~/git# openssl enc -aes-256-cfb -pbkdf2 -engine devcrypto
Engine "devcrypto" set.
enter AES-256-CFB encryption password:
Verifying - enter AES-256-CFB encryption password:
Error setting cipher AES-256-CFB
C0A6CE97FFFF0000:error:13000092:engine routines:ENGINE_get_cipher:unimplemented cipher:crypto/engine/tb_cipher.c:78:
C0A6CE97FFFF0000:error:03000086:digital envelope routines:evp_cipher_init_internal:initialization error:crypto/evp/evp_enc.c:277:
Segmentation fault
root@localhost:~/git# cat /proc/interrupts | grep jr
78: 101 0 0 0 GICv2 103 Level 1710000.jr
79: 72 0 0 0 GICv2 104 Level 1720000.jr
80: 0 0 0 0 GICv2 105 Level fsl-jr0
root@localhost:~/git#
Thank you for your reply
I offloaded CAAM hardware with OpenSSL version 3.0.2 .Then I tested the openssl in NXP board
Following List of algorithm are tested in NXP board
genpkey
RSA
AES-256-CBC
AES-256-CFB
rand
enc
ecparam SECP256K1
ecparam SECP384R1
ecparam SECP521R1
while offload and test the openssl I getting "Segmentation fault" in NXP board And also I atteach the manual which i followed the steps to installation ,configuration and testing the openssl in nxp board
The think is i have questions about openssl offloading in SEC hardware
While excuting openssl commands i am getting output in .key formate file but it is showing "Segmentation fault" after excuting ever command
is this affect my project because openssl 3.0.2 version which i am currently using for project development ?
what are the crypto algorithm will supported by SEC hardware in openssl 3.0.2 ?
And also guide us for openssl future developemnt