Hi,
someone has been able to make it work devcrypto with R7800?
root@OpenWrt:/etc/init.d# openssl engine -t -c
(dynamic) Dynamic engine loading support
[ unavailable ]
(devcrypto) /dev/crypto engine
[ available ]
it is working well on wrt series from linksys
I think the openssl.cnf has been changed, maybe the openwrt wiki is not up to date anymore.?
what I have 
#
# OpenSSL example configuration file.
# See doc/man5/config.pod for more info.
#
# This is mostly being used for generation of certificate requests,
# but may be used for auto loading of providers
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
# Use this in order to automatically load providers.
openssl_conf = openssl_init
# Comment out the next line to ignore configuration errors
config_diagnostics = 1
# Extra OBJECT IDENTIFIER info:
# oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
openssl_conf=openssl_conf
[openssl_conf]
engines=engines
[engines]
.include /var/etc/ssl/engines.cnf
.include /etc/ssl/engines.cnf.d
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
vs what the wiki shows;
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
openssl_conf=openssl_conf
[openssl_conf]
engines=engines
[engines]
# To enable an engine, install the package, and uncomment it here:
devcrypto=devcrypto
#afalg=afalg
#padlock=padlock
[afalg]
# Leave this alone and configure algorithms with CIPERS/DIGESTS below
default_algorithms = ALL
# The following commands are only available if using the alternative
# (sync) AFALG engine
# Configuration commands:
# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
# list of supported algorithms, along with their driver, whether they
# are hw accelerated or not, and the engine's configuration commands.
# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
# if acceleration can't be determined) [default=2]
#USE_SOFTDRIVERS = 2
# CIPHERS: either ALL, NONE, NO_ECB (all except ECB-mode) or a
# comma-separated list of ciphers to enable [default=NO_ECB]
# Starting in 1.2.0, if you use a cipher list, each cipher may be
# followed by a colon (:) and the minimum request length to use
# AF_ALG drivers for that cipher; smaller requests are processed by
# softare; a negative value will use the default for that cipher
#CIPHERS=AES-128-CBC:1024, AES-256-CBC:768, DES-EDE3-CBC:0
# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
# enable [default=NONE]
# It is strongly recommended not to enable digests; their performance
# is poor, and there are many cases in which they will not work,
# especially when calling fork with open crypto contexts. Openssh,
# for example, does this, and you
Yes, bunch of rework with the upgrade to 3.x openssl in master, some volunteer should bring wiki in line with same.
1 Like