From owner-freebsd-stable@freebsd.org Thu Dec 6 23:24:38 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24F251318A4E for ; Thu, 6 Dec 2018 23:24:38 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from webmail5.jnielsen.net (webmail5.jnielsen.net [69.87.218.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "webmail2.jnielsen.net", Issuer "freebsdsolutions.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 209C96A202 for ; Thu, 6 Dec 2018 23:24:36 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from [10.3.135.19] (50-207-240-162-static.hfc.comcastbusiness.net [50.207.240.162]) (authenticated bits=0) by webmail5.jnielsen.net (8.15.2/8.15.2) with ESMTPSA id wB6NOWiA053063 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 6 Dec 2018 16:24:34 -0700 (MST) (envelope-from lists@jnielsen.net) X-Authentication-Warning: webmail5.jnielsen.net: Host 50-207-240-162-static.hfc.comcastbusiness.net [50.207.240.162] claimed to be [10.3.135.19] Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.101.1\)) Subject: Re: /dev/crypto not being used in 12-STABLE From: John Nielsen In-Reply-To: Date: Thu, 6 Dec 2018 16:24:31 -0700 Cc: FreeBSD Stable Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Xin LI X-Mailer: Apple Mail (2.3445.101.1) X-Rspamd-Queue-Id: 209C96A202 X-Spamd-Result: default: False [-2.31 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.95)[-0.953,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; DMARC_NA(0.00)[jnielsen.net]; NEURAL_HAM_LONG(-0.99)[-0.987,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[cached: mx0.freebsdsolutions.net]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.64)[-0.643,0]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; IP_SCORE(0.08)[asn: 6364(0.49), country: US(-0.09)]; ASN(0.00)[asn:6364, ipnet:69.87.218.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Dec 2018 23:24:38 -0000 > On Dec 6, 2018, at 4:04 PM, Xin LI wrote: >=20 > On Thu, Dec 6, 2018 at 11:37 AM John Nielsen = wrote: >>=20 >> I have upgraded two physical machines from 11-STABLE to 12-STABLE = recently (one is 12.0-PRERELEASE r341380 and the other is = 12.0-PRERELEASE r341391). I noticed today that neither machine seems to = be utilizing /dev/crypto. Typically I see at least ssh/sshd have the = device open plus some programs from ports. But 'fuser' doesn't list any = processes on either machine: >>=20 >> # fuser /dev/crypto >> /dev/crypto: >>=20 >> Both machines are running custom kernels that include "device crypto" = and "device cryptodev". One of them additionally has "device aesni". >>=20 >> Is anyone else seeing this? Any idea what would cause it? >=20 > Your average OpenSSL applications should not use /dev/crypto, if your > goal is to utilize AES-NI (which does not require /dev/crypto). On > capable systems, AES-NI would be used automatically (and it's faster > this way). Thanks for the response. Is there a way to verify that AES-NI is being = used for e.g. ssh? I'm also curious why/when/how the change to not use = (or support?) /dev/crypto from base openssl was made.