Re: /dev/crypto missing

To: tech-kern%netbsd.org@localhost
Subject: Re: /dev/crypto missing
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Tue, 28 Jul 2020 04:47:09 -0000 (UTC)

john%ziaspace.com@localhost (John Klos) writes:

>I erroneously thought that if pseudo-device crypto wasn't in the kernel, 
>crypto would be done in userland. That's not the case:

>openssl s_client -debug -connect 192.80.49.7:443
>Could not open /dev/crypto: Device not configured

Crypto is done in userland. The error message comes from initializing all
builtin crypto engines, whether they get used or not.

% openssl engine
(devcrypto) /dev/crypto engine
(dynamic) Dynamic engine loading support

This also means that openssl (the library, not the command) eats one file
descriptor if /dev/crypto exists.

Only ENOENT is suppressed, deleting the /dev/crypto entry makes the
error message go away. You could expand that to also hide ENXIO or
rewrite devcrypto as a dynamic engine.

-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."

References:
- /dev/crypto missing
  - From: John Klos

Prev by Date: Re: /dev/crypto missing
Next by Date: Re: Proposal to enable WAPBL by default for 10.0
Previous by Thread: Re: /dev/crypto missing
Indexes:

Home | Main Index | Thread Index | Old Index