So I recompiled and have the crypto engine installed now, but the ccp_crypto
module is still not loaded. /dev/crypto
is present now though; so there's progress.
The OpenSSL configuration looks like this (CIPHERS used to be the default, ALL):
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
openssl_conf=openssl_conf
[openssl_conf]
engines=engines
[engines]
# To enable an engine, install the package, and uncomment it here:
devcrypto=devcrypto
#afalg=afalg
#padlock=padlock
[afalg]
default_algorithms = ALL
[devcrypto]
# Leave this alone and configure algorithms with CIPERS/DIGESTS below
default_algorithms = ALL
# Configuration commands:
# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
# list of supported algorithms, along with their driver, whether they
# are hw accelerated or not, and the engine's configuration commands.
# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
# if acceleration can't be determined) [default=2]
#USE_SOFTDRIVERS = 2
# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to
# enable [default=ALL]
# It is recommended to disable the ECB ciphers; in most cases, it will
# only be used for PRNG, in small blocks, where performance is poor,
# and there may be problems with apps forking with open crypto
# contexts, leading to failures. The CBC ciphers work well:
CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
# enable [default=NONE]
# It is strongly recommended not to enable digests; their performance
# is poor, and there are many cases in which they will not work,
# especially when calling fork with open crypto contexts. Openssh,
# for example, does this, and you may not be able to login.
#DIGESTS = NONE
openssl engine -pre DUMP_INFO devcrypto
output:
Information about ciphers supported by the /dev/crypto engine:
Cipher DES-CBC, NID=31, /dev/crypto info: id=1, CIOCGSESSION (session open call) failed
Cipher DES-EDE3-CBC, NID=44, /dev/crypto info: id=2, CIOCGSESSION (session open call) failed
Cipher BF-CBC, NID=91, /dev/crypto info: id=3, CIOCGSESSION (session open call) failed
Cipher CAST5-CBC, NID=108, /dev/crypto info: id=4, CIOCGSESSION (session open call) failed
Cipher AES-128-CBC, NID=419, /dev/crypto info: id=11, driver=cbc-aes-aesni (software)
Cipher AES-192-CBC, NID=423, /dev/crypto info: id=11, driver=cbc-aes-aesni (software)
Cipher AES-256-CBC, NID=427, /dev/crypto info: id=11, driver=cbc-aes-aesni (software)
Cipher RC4, NID=5, /dev/crypto info: id=12, CIOCGSESSION (session open call) failed
Cipher AES-128-CTR, NID=904, /dev/crypto info: id=21, driver=ctr-aes-aesni (software)
Cipher AES-192-CTR, NID=905, /dev/crypto info: id=21, driver=ctr-aes-aesni (software)
Cipher AES-256-CTR, NID=906, /dev/crypto info: id=21, driver=ctr-aes-aesni (software)
Cipher AES-128-ECB, NID=418, /dev/crypto info: id=23, driver=ecb-aes-aesni (software)
Cipher AES-192-ECB, NID=422, /dev/crypto info: id=23, driver=ecb-aes-aesni (software)
Cipher AES-256-ECB, NID=426, /dev/crypto info: id=23, driver=ecb-aes-aesni (software)
Information about digests supported by the /dev/crypto engine:
Digest MD5, NID=4, /dev/crypto info: id=13, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA1, NID=64, /dev/crypto info: id=14, driver=sha1-avx (software), CIOCCPHASH capable
Digest RIPEMD160, NID=117, /dev/crypto info: id=102, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA224, NID=675, /dev/crypto info: id=103, driver=sha224-avx (software), CIOCCPHASH capable
Digest SHA256, NID=672, /dev/crypto info: id=104, driver=sha256-avx (software), CIOCCPHASH capable
Digest SHA384, NID=673, /dev/crypto info: id=105, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA512, NID=674, /dev/crypto info: id=106, driver=unknown. CIOCGSESSION (session open) failed