Hi all and @xiaodong_zhang
I mean this article
Enhance cryptodev and its engine in OpenSSL by CAA... - NXP Community
Is it really supposed to run properly on iMX7D? Article suggests yes, but I have serious problems with it. If iMX7 indeed is not supported, then which iMX variants are really compatible with these patches? I used kernel 5.4. Perhaps I'm doing something wrong, then just confirm it is really OK for iMX7 and that you don't experience issues like these:
Yes, it improves benchmarks noticeably. But we need not only speed improvements, but as well compatible encrypt/decrypt and digest operations to allow interoperation of network nodes using cryptodev and not using cryptodev. I mean `openssl enc` and `openssl enc -d` should be able to decrypt and encrypt files not only when cryptodev is always loaded/ aloways not loaded, bus as well:
- cryptodev unloaded at encryption time + cryptodev loaded at decryption time
- cryptodev loaded at encryption time + cryptodev unloaded at decryption time
- openssl dgst should give the same results with cryptodev loaded and unloaded. Hopefully I see no problems with dighests
- `openssl s_client -connect mysite.com:443` should work OK with cryptodev loaded when connecting to different TLS hosts, which are using different certificates and encodings.
My results:
`openssl s_client` doesn't work properly at all with cryptodev loaded. You may try connecting to www.google.com:443.
All added OFB and CFB cipher modes are broken. For example using -aes-128-ofb, not possible to decrypt file encrypted with opposite state of cryptodev loaded/unloaded status, like this
# modprobe cryptodev
# echo "Abrakadabra" | openssl enc -aes-128-ofb -out file.enc -iter 1
# rmmod cryptodev
# openssl enc -d -aes-128-ofb -in file.enc -iter 1
In contrast the same works well replacing -ofb with -ecb, - ctr and others.
Edward
