I have upgraded two physical machines from 11-STABLE to 12-STABLE recently (one is 12.0-PRERELEASE r341380 and the other is 12.0-PRERELEASE r341391). I noticed today that neither machine seems to be utilizing /dev/crypto. Typically I see at least ssh/sshd have the device open plus some programs from ports. But 'fuser' doesn't list any processes on either machine: # fuser /dev/crypto /dev/crypto: Both machines are running custom kernels that include "device crypto" and "device cryptodev". One of them additionally has "device aesni". Is anyone else seeing this? Any idea what would cause it? Thanks, JN
On Thu, 06 Dec 2018 20:19:44 +0100, John Nielsen wrote:> > I have upgraded two physical machines from 11-STABLE to 12-STABLE > recently (one is 12.0-PRERELEASE r341380 and the other is > 12.0-PRERELEASE r341391). I noticed today that neither machine seems > to be utilizing /dev/crypto. Typically I see at least ssh/sshd have > the device open plus some programs from ports. But 'fuser' doesn't > list any processes on either machine: > > # fuser /dev/crypto > /dev/crypto: > > Both machines are running custom kernels that include "device > crypto" and "device cryptodev". One of them additionally has "device > aesni". > > Is anyone else seeing this? Any idea what would cause it?With security/openssl (1.0.2q): % /usr/local/bin/openssl engine (cryptodev) BSD cryptodev engine (rdrand) Intel RDRAND engine (dynamic) Dynamic engine loading support % /usr/local/bin/openssl speed -engine cryptodev engine "cryptodev" set. With openssl 1.1.1a from base (and security/openssl111): % openssl engine (rdrand) Intel RDRAND engine (dynamic) Dynamic engine loading support % openssl speed -engine cryptodev invalid engine "cryptodev" 34371112960:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:117:filename(/usr/lib/engines/cryptodev.so): Cannot open "/usr/lib/engines/cryptodev.so" 34371112960:error:25070067:DSO support routines:DSO_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:162: 34371112960:error:260B6084:engine routines:dynamic_load:dso not found:/usr/src/crypto/openssl/crypto/engine/eng_dyn.c:414: 34371112960:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/crypto/openssl/crypto/engine/eng_list.c:334:id=cryptodev 34371112960:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:117:filename(libcryptodev.so): Shared object "libcryptodev.so" not found, required by "openssl" 34371112960:error:25070067:DSO support routines:DSO_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:162: 34371112960:error:260B6084:engine routines:dynamic_load:dso not found:/usr/src/crypto/openssl/crypto/engine/eng_dyn.c:414: -- Herbert
On Thu, Dec 6, 2018 at 11:37 AM John Nielsen <lists at jnielsen.net> wrote:> > I have upgraded two physical machines from 11-STABLE to 12-STABLE recently (one is 12.0-PRERELEASE r341380 and the other is 12.0-PRERELEASE r341391). I noticed today that neither machine seems to be utilizing /dev/crypto. Typically I see at least ssh/sshd have the device open plus some programs from ports. But 'fuser' doesn't list any processes on either machine: > > # fuser /dev/crypto > /dev/crypto: > > Both machines are running custom kernels that include "device crypto" and "device cryptodev". One of them additionally has "device aesni". > > Is anyone else seeing this? Any idea what would cause it?Your average OpenSSL applications should not use /dev/crypto, if your goal is to utilize AES-NI (which does not require /dev/crypto). On capable systems, AES-NI would be used automatically (and it's faster this way). Cheers,