Enable openssl devcrypto

Installing and Using OpenWrt
1

Hello!
I am using this crypto accelerator: https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators

There is a section that need should be modified: /etc/ssl/openssl.cnf
It should use like this:

[default]
openssl_conf=openssl_def

[openssl_def]
# this is the main library configuration section
engines=engine_section

[engine_section]
# this is the engine configuration section, where the engines are listed
devcrypto=devcrypto_section

[devcrypto_section]
# this is the section where the devcrypto engine commands are used
CIPHERS=ALL
DIGESTS=NONE

Now, in the devcrypto_section it says DIGEST is NONE.

I tried it, to set DIGEST to ALL and it works.
So, if I add to digests, it looks like this:

root@hawk:~# openssl engine -t -c
(dynamic) Dynamic engine loading support
     [ unavailable ]
(devcrypto) /dev/crypto engine
 [DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB, AES-256-ECB, MD5, SHA1, SHA256]
     [ available ]

You can see in the end, shows MD5, SHA1 and SHA256.

It I set in openssl.cnf digest to none, it will not use the digests.

So, why is this link (https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators) not enabled for digests?
Should I enable it or not?

2

OK, i found the solution, as it is in the openssl.conf file, saying:

# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
# enable [default=NONE]
# It is strongly recommended not to enable digests; their performance
# is poor, and there are many cases in which they will not work,
# especially when calling fork with open crypto contexts.  Openssh,
# for example, does this, and you may not be able to login.
#DIGESTS = NONE
2 Likes
3

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.