That /proc/crypto
output tells me that you apparently have no hw-crypto that needs it.
/dev/crypto presence does not mean that there is any hardware-accelerated crypto available. By hw-accelerated, I'm not talking AES-NI, and other CPU instructions; from openssl point of view, they're 100% software (just another assembly instruction), and the default openssl provider most likely already uses them.
In openssl 1.1.1, the devcrypto engine only enables hardware-accelerated drivers by default. You can force the software drivers, restoring the old behavior, by using USE_SOFTDRIVERS=1
. I strongly recommend against it. Read this for some more info:
https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
If you want further help with this, especially if you're convinced that you do have hw-crypto, the output of openssl engine -t -c -pre DUMP_INFO
is really helpful.
Here's the output from a WRT3200ACM (with hardware crypto):
# openssl engine -t -c -pre DUMP_INFO devcrypto
(devcrypto) /dev/crypto engine
Information about ciphers supported by the /dev/crypto engine:
Cipher DES-CBC, NID=31, /dev/crypto info: id=1, driver=mv-cbc-des (hw accelerated)
Cipher DES-EDE3-CBC, NID=44, /dev/crypto info: id=2, driver=mv-cbc-des3-ede (hw accelerated)
Cipher BF-CBC, NID=91, /dev/crypto info: id=3, CIOCGSESSION (session open call) failed
Cipher CAST5-CBC, NID=108, /dev/crypto info: id=4, CIOCGSESSION (session open call) failed
Cipher AES-128-CBC, NID=419, /dev/crypto info: id=11, driver=mv-cbc-aes (hw accelerated)
Cipher AES-192-CBC, NID=423, /dev/crypto info: id=11, driver=mv-cbc-aes (hw accelerated)
Cipher AES-256-CBC, NID=427, /dev/crypto info: id=11, driver=mv-cbc-aes (hw accelerated)
Cipher RC4, NID=5, /dev/crypto info: id=12, CIOCGSESSION (session open call) failed
Cipher AES-128-CTR, NID=904, /dev/crypto info: id=21, driver=ctr-aes-neonbs (software)
Cipher AES-192-CTR, NID=905, /dev/crypto info: id=21, driver=ctr-aes-neonbs (software)
Cipher AES-256-CTR, NID=906, /dev/crypto info: id=21, driver=ctr-aes-neonbs (software)
Cipher AES-128-ECB, NID=418, /dev/crypto info: id=23, driver=mv-ecb-aes (hw accelerated)
Cipher AES-192-ECB, NID=422, /dev/crypto info: id=23, driver=mv-ecb-aes (hw accelerated)
Cipher AES-256-ECB, NID=426, /dev/crypto info: id=23, driver=mv-ecb-aes (hw accelerated)
Cipher CAMELLIA-128-CBC, NID=751, /dev/crypto info: id=101, CIOCGSESSION (session open call) failed
Cipher CAMELLIA-192-CBC, NID=752, /dev/crypto info: id=101, CIOCGSESSION (session open call) failed
Cipher CAMELLIA-256-CBC, NID=753, /dev/crypto info: id=101, CIOCGSESSION (session open call) failed
Information about digests supported by the /dev/crypto engine:
Digest MD5, NID=4, /dev/crypto info: id=13, driver=mv-md5 (hw accelerated), CIOCCPHASH capable
Digest SHA1, NID=64, /dev/crypto info: id=14, driver=mv-sha1 (hw accelerated), CIOCCPHASH capable
Digest RIPEMD160, NID=117, /dev/crypto info: id=102, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA224, NID=675, /dev/crypto info: id=103, driver=sha224-neon (software), CIOCCPHASH capable
Digest SHA256, NID=672, /dev/crypto info: id=104, driver=mv-sha256 (hw accelerated), CIOCCPHASH capable
Digest SHA384, NID=673, /dev/crypto info: id=105, driver=sha384-neon (software), CIOCCPHASH capable
Digest SHA512, NID=674, /dev/crypto info: id=106, driver=sha512-neon (software), CIOCCPHASH capable
[Success]: DUMP_INFO
[DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB, AES-256-ECB, MD5, SHA1, SHA256]
[ available ]
Here's the output from my x86_64 machine (sotware only, but AES-NI), with the USE_SOFTDRIVERS=1
:
openssl engine -t -c -pre DUMP_INFO devcrypto
(devcrypto) /dev/crypto engine
Information about ciphers supported by the /dev/crypto engine:
Cipher DES-CBC, NID=31, /dev/crypto info: id=1, driver=cbc(des-generic) (software)
Cipher DES-EDE3-CBC, NID=44, /dev/crypto info: id=2, driver=cbc(des3_ede-generic) (software)
Cipher BF-CBC, NID=91, /dev/crypto info: id=3, driver=cbc-blowfish-asm (software)
Cipher CAST5-CBC, NID=108, /dev/crypto info: id=4, CIOCGSESSION (session open call) failed
Cipher AES-128-CBC, NID=419, /dev/crypto info: id=11, driver=cbc-aes-aesni (software)
Cipher AES-192-CBC, NID=423, /dev/crypto info: id=11, driver=cbc-aes-aesni (software)
Cipher AES-256-CBC, NID=427, /dev/crypto info: id=11, driver=cbc-aes-aesni (software)
Cipher RC4, NID=5, /dev/crypto info: id=12, CIOCGSESSION (session open call) failed
Cipher AES-128-CTR, NID=904, /dev/crypto info: id=21, driver=ctr-aes-aesni (software)
Cipher AES-192-CTR, NID=905, /dev/crypto info: id=21, driver=ctr-aes-aesni (software)
Cipher AES-256-CTR, NID=906, /dev/crypto info: id=21, driver=ctr-aes-aesni (software)
Cipher AES-128-ECB, NID=418, /dev/crypto info: id=23, driver=ecb-aes-aesni (software)
Cipher AES-192-ECB, NID=422, /dev/crypto info: id=23, driver=ecb-aes-aesni (software)
Cipher AES-256-ECB, NID=426, /dev/crypto info: id=23, driver=ecb-aes-aesni (software)
Cipher CAMELLIA-128-CBC, NID=751, /dev/crypto info: id=101, driver=cbc-camellia-aesni (software)
Cipher CAMELLIA-192-CBC, NID=752, /dev/crypto info: id=101, driver=cbc-camellia-aesni (software)
Cipher CAMELLIA-256-CBC, NID=753, /dev/crypto info: id=101, driver=cbc-camellia-aesni (software)
Information about digests supported by the /dev/crypto engine:
Digest MD5, NID=4, /dev/crypto info: id=13, driver=md5-generic (software), CIOCCPHASH capable
Digest SHA1, NID=64, /dev/crypto info: id=14, driver=sha1-avx (software), CIOCCPHASH capable
Digest RIPEMD160, NID=117, /dev/crypto info: id=102, driver=rmd160-generic (software), CIOCCPHASH capable
Digest SHA224, NID=675, /dev/crypto info: id=103, driver=sha224-avx (software), CIOCCPHASH capable
Digest SHA256, NID=672, /dev/crypto info: id=104, driver=sha256-avx (software), CIOCCPHASH capable
Digest SHA384, NID=673, /dev/crypto info: id=105, driver=sha384-avx (software), CIOCCPHASH capable
Digest SHA512, NID=674, /dev/crypto info: id=106, driver=sha512-avx (software), CIOCCPHASH capable
[Success]: DUMP_INFO
[DES-CBC, DES-EDE3-CBC, BF-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-CTR, AES-192-CTR, AES-256-CTR, AES-128-ECB, AES-192-ECB, AES-256-ECB, CAMELLIA-128-CBC, CAMELLIA-192-CBC, CAMELLIA-256-CBC, MD5, SHA1, RIPEMD160, SHA224, SHA256, SHA384, SHA512]
[ available ]
Here's the most important part of my /proc/crypto
from openwrt:
# cat /proc/crypto | egrep -A 3 aes | egrep '^(--|name|driver|priority)'
name : __ctr(aes)
driver : cryptd(__ctr-aes-neonbs)
priority : 300
--
name : xts(aes)
driver : xts-aes-neonbs
priority : 250
--
name : ctr(aes)
driver : ctr-aes-neonbs
priority : 250
--
name : cbc(aes)
driver : cbc-aes-neonbs
priority : 250
--
name : ecb(aes)
driver : ecb-aes-neonbs
priority : 250
--
name : __xts(aes)
driver : __xts-aes-neonbs
priority : 250
--
name : __ctr(aes)
driver : __ctr-aes-neonbs
priority : 250
--
name : __cbc(aes)
driver : __cbc-aes-neonbs
priority : 250
--
name : __ecb(aes)
driver : __ecb-aes-neonbs
priority : 250
--
name : cbc(aes)
driver : mv-cbc-aes
priority : 300
--
name : ecb(aes)
driver : mv-ecb-aes
priority : 300
--
name : aes
driver : aes-generic
priority : 100
--
name : aes
driver : aes-arm
priority : 200
I hope this helps.
Cheers