Can't use /dev/crypto with cryptosoft driver
in [FreeBSD]
|
Prev: Prevent loading items from /boot/loader.conf
Next: Why is this super simple ethernet bridge not working?
From: gerrie on 1 Aug 2008 04:42 Hi I've been struggling for a long time now trying to use /dev/crypto with the default software implemented driver. * Using FBSD 7, out of the box * Got crypto.ko and cryptodev.ko loaded * Set sysctl kern.cryptodevallowsoft=1 * Always getting 'Invalid argument' when doing the CIOCGSESSION ioctl; I specify aes-cbc, correct key, 16 byte keylen, zero flags...tried many different flags * Running /usr/src/tools/tools/crypto/cryptotest also gives 'Invalid argument' when doing the CIOCGSESSION ioctl...I also explicity ran it with -d cryptosoft. * Also tried the OpenSSL cryptodev driver and it fails in the same way. I looked at the crypto and cryptodev code and the intention of the code is not clear to me. It almost looks as if software crypto is not allowed, and yet the cryptosoft device code is there and loaded. Will now start looking exactly why the code fails but it will take some time. Does anybody perhaps have any ideas in the mean time? g
From: Patrick Lamaizière on 2 Aug 2008 09:05
gerrie wrote: > I've been struggling for a long time now trying to use /dev/crypto > with the default software implemented driver. > > * Using FBSD 7, out of the box > * Got crypto.ko and cryptodev.ko loaded > * Set sysctl kern.cryptodevallowsoft=1 > * Always getting 'Invalid argument' when doing the CIOCGSESSION > ioctl; I specify aes-cbc, correct key, 16 byte keylen, zero > flags...tried many different flags > * Running /usr/src/tools/tools/crypto/cryptotest also gives 'Invalid > argument' when doing the CIOCGSESSION ioctl...I also explicity ran it > with -d cryptosoft. > * Also tried the OpenSSL cryptodev driver and it fails in the same > way. > > I looked at the crypto and cryptodev code and the intention of the > code is not clear to me. It almost looks as if software crypto is not > allowed, and yet the cryptosoft device code is there and loaded. Will > now start looking exactly why the code fails but it will take some > time. cryptodev fails because it checks that the requested crypto driver provides hardware crypto. function "checkforsoftware" in cryptodev.c And it does not take care about the sysctl kern.cryptodevallowsoft. Looks like a bug and not a feature. OpenBSD's cryptodev seems to take care about the sysctl and i think you can use the cryptosoft driver with it. |