According to John-Mark Gurney: > I discovered a similar issue on HEAD w/ 1.0.1e where openssl speed -engine > aes-256-cbc when ktraced would not issue any ioctl's during the speed > test... You can see that it opens the device, but then it gets a number > of failures: > 11466 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd590) > 11466 openssl RET ioctl -1 errno 22 Invalid argument
That is not the main problem, openssl is asking which ciphers are supported and not everything is through cryptodev. The issue is that it should issue other ioctl for the supported ciphers and my 1.0.1c does not do that. I've obtained a "ktrace.out" of a working version: ------ 23961 openssl CALL open(0x800c6874f,0x2<O_RDWR>,<unused>0) 23961 openssl NAMI "/dev/crypto" 23961 openssl RET open 3 23961 openssl CALL fcntl(0x3,F_SETFD,FD_CLOEXEC) 23961 openssl RET fcntl 0 23961 openssl CALL ioctl(0x3,CRIOGET,0x7fffffffd51c) 23961 openssl RET ioctl 0 23961 openssl CALL fcntl(0x4,F_SETFD,FD_CLOEXEC) 23961 openssl RET fcntl 0 23961 openssl CALL ioctl(0x4,CIOCASYMFEAT,0x800ec73e0) 23961 openssl RET ioctl 0 23961 openssl CALL close(0x4) 23961 openssl RET close 0 23961 openssl CALL ioctl(0x3,CRIOGET,0x7fffffffd47c) 23961 openssl RET ioctl 0 23961 openssl CALL fcntl(0x4,F_SETFD,FD_CLOEXEC) 23961 openssl RET fcntl 0 23961 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0) 23961 openssl RET ioctl -1 errno 22 Invalid argument 23961 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0) 23961 openssl RET ioctl -1 errno 22 Invalid argument 23961 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0) 23961 openssl RET ioctl -1 errno 22 Invalid argument 23961 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0) 23961 openssl RET ioctl 0 23961 openssl CALL ioctl(0x4,CDRIOCINITWRITER,0x7fffffffd4c8) 23961 openssl RET ioctl 0 23961 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0) 23961 openssl RET ioctl 0 23961 openssl CALL ioctl(0x4,CDRIOCINITWRITER,0x7fffffffd4c8) 23961 openssl RET ioctl 0 23961 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0) 23961 openssl RET ioctl 0 23961 openssl CALL ioctl(0x4,CDRIOCINITWRITER,0x7fffffffd4c8) 23961 openssl RET ioctl 0 23961 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0) 23961 openssl RET ioctl -1 errno 22 Invalid argument 23961 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4a0) 23961 openssl RET ioctl -1 errno 22 Invalid argument 23961 openssl CALL close(0x4) 23961 openssl RET close 0 ------ Notice the CDRIOCINITWRITER? My run does not show these: so after these lines, there are no "sessions" available and cryptodev is in fact not used. ----- 2709 openssl CALL open(0x800c56cef,0x2<O_RDWR>,<unused>0) 2709 openssl NAMI "/dev/crypto" 2709 openssl RET open 3 2709 openssl CALL fcntl(0x3,F_SETFD,FD_CLOEXEC) 2709 openssl RET fcntl 0 2709 openssl CALL ioctl(0x3,CRIOGET,0x7fffffffd56c) 2709 openssl RET ioctl 0 2709 openssl CALL fcntl(0x4,F_SETFD,FD_CLOEXEC) 2709 openssl RET fcntl 0 2709 openssl CALL ioctl(0x4,CIOCASYMFEAT,0x800eb3fe0) 2709 openssl RET ioctl 0 2709 openssl CALL close(0x4) 2709 openssl RET close 0 2709 openssl CALL ioctl(0x3,CRIOGET,0x7fffffffd4cc) 2709 openssl RET ioctl 0 2709 openssl CALL fcntl(0x4,F_SETFD,FD_CLOEXEC) 2709 openssl RET fcntl 0 2709 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0) 2709 openssl RET ioctl -1 errno 22 Invalid argument 2709 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0) 2709 openssl RET ioctl -1 errno 22 Invalid argument 2709 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0) 2709 openssl RET ioctl -1 errno 22 Invalid argument 2709 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0) 2709 openssl RET ioctl 0 2709 openssl CALL ioctl(0x4,CIOCFSESSION,0x7fffffffd518) 2709 openssl RET ioctl 0 2709 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0) 2709 openssl RET ioctl 0 2709 openssl CALL ioctl(0x4,CIOCFSESSION,0x7fffffffd518) 2709 openssl RET ioctl 0 2709 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0) 2709 openssl RET ioctl 0 2709 openssl CALL ioctl(0x4,CIOCFSESSION,0x7fffffffd518) 2709 openssl RET ioctl 0 2709 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0) 2709 openssl RET ioctl -1 errno 22 Invalid argument 2709 openssl CALL ioctl(0x4,CIOCGSESSION,0x7fffffffd4f0) 2709 openssl RET ioctl -1 errno 22 Invalid argument 2709 openssl CALL close(0x4) 2709 openssl RET close 0 ----- Making progress... -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- robe...@keltia.freenix.fr In memoriam to Ondine : http://ondine.keltia.net/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
