Node: crypto: re-enable openssl /dev/crypto support on freebsd+openbsd?

Created on 28 Sep 2016  路  11Comments  路  Source: nodejs/node

Carrying the discussion over from https://github.com/nodejs/node-private/pull/58#issuecomment-249862787:

On FreeBSD and OpenBSD, turning on OPENSSL_NO_HW (commit e5998c4) also disables /dev/crypto support.

It's not like the other hardware engines where OPENSSL_NO_HW compiles out the engine; the cryptodev engine is still built but openssl no longer loads it due to what I think is a logic buglet with a trivial fix:

diff --git a/deps/openssl/openssl/crypto/engine/eng_all.c b/deps/openssl/openssl/crypto/engine/eng_all.c
index 48ad0d2..473267a 100644
--- a/deps/openssl/openssl/crypto/engine/eng_all.c
+++ b/deps/openssl/openssl/crypto/engine/eng_all.c
@@ -68,17 +68,17 @@ void ENGINE_load_builtin_engines(void)
     /*
      * There's no longer any need for an "openssl" ENGINE unless, one day, it
      * is the *only* way for standard builtin implementations to be be
      * accessed (ie. it would be possible to statically link binaries with
      * *no* builtin implementations).
      */
     ENGINE_load_openssl();
 #endif
-#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
     ENGINE_load_cryptodev();
 #endif
 #ifndef OPENSSL_NO_RDRAND
     ENGINE_load_rdrand();
 #endif
     ENGINE_load_dynamic();
 #ifndef OPENSSL_NO_STATIC_ENGINE
 # ifndef OPENSSL_NO_HW

I don't think it's a blocker (for the September 27 releases - ed.) because openssl will simply fall back to its builtin implementations of AES-CBC, etc. (assuming it actually uses /dev/crypto in the first place) but we should investigate after the release whether it's worth enabling again.

The /dev/crypto ciphers that openssl can potentially use are:

aes_128_ctr
aes_192_cbc
aes_192_ctr
aes_256_cbc
aes_256_ctr
bf_cbc
cast5_cbc
des_cbc
des_ede3_cbc

Digests are not offloaded to /dev/crypto because we don't build with -DUSE_CRYPTODEV_DIGESTS.

crypto freebsd openssl
Source
picture bnoordhuis

Most helpful comment

It happened when OpenSSL was forked to LibreSSL in OpenBSD because of security issues in OpenSSL.

http://opensslrampage.org/post/88395266930/abandon-the-auto-engine-devcrypto-interface

if more info needed, ask on the mailing list:

https://lists.openbsd.org/cgi-bin/mj_wwwusr?user=&passw=&func=lists-long-full&extra=misc

or better, the LibreSSL mailing list: https://lists.openbsd.org/cgi-bin/mj_wwwusr?user=&passw=&func=lists-long-full&extra=libressl

Thanks!

picture ngabormini on 3 Oct 2016
👍2

All 11 comments

cc @nodejs/crypto @nodejs/platform-freebsd

bnoordhuis picture bnoordhuis on 28 Sep 2016

I'm fine with restoring it.

indutny picture indutny on 28 Sep 2016

Yeah, I'm fine too. Not sure how big the impact currently is seeing how they (freebsd, openbsd) build against a shared representation (1,2) anyway.

jbergstroem picture jbergstroem on 28 Sep 2016

I'm curious if anyone has actually seen node use /dev/crypto. I don't think I've ever seen it show up in truss output. cc @qbit - what about openbsd?

Playing devil's advocate, perhaps it's better to leave it disabled? /dev/crypto stores some of the cipher state kernel-side where it's more difficult to compromise but it requires 1500 lines of support code (plus kernel infrastructure) that probably isn't as carefully vetted as openssl core.

bnoordhuis picture bnoordhuis on 28 Sep 2016

No /dev/crypto on OpenBSD and as @jbergstroem pointed out, we build against an external OpenSSL anyway.

qbit picture qbit on 28 Sep 2016

Are you sure about that? I thought /dev/crypto originated on openbsd. Some quick googling seems to confirm that, e.g. the source of all truth.

bnoordhuis picture bnoordhuis on 28 Sep 2016

@bnoordhuis yep:

qbit@slip[5]:/usr/src[BIG]位 ls -lart /dev/crypto
ls: /dev/crypto: No such file or directory
qbit@slip[1]:/usr/src[BIG]位

Here is the commit that removed the device node.

Anything after 5.6 will not have /dev/crypto.

qbit picture qbit on 28 Sep 2016

Interesting, I suppose that is another argument for leaving it disabled, at least on openbsd.

For my own curiosity, do you know why it was removed? My searches turn up links to deletion commits but not much actual discussion.

bnoordhuis picture bnoordhuis on 28 Sep 2016

It seems to be:

  • System call to kernel shuffle was inefficient.
  • Inclusion of AES-NI in modern cpus.
  • Not much development in the realm of hardware crypto cards has been done.
qbit picture qbit on 28 Sep 2016

Thanks @qbit, that seems quite sensible; it matches my observations of AF_ALG on Linux.

I'm going to close the issue. If someone feels /dev/crypto support should be re-enabled again, please speak up.

bnoordhuis picture bnoordhuis on 30 Sep 2016
👍1

It happened when OpenSSL was forked to LibreSSL in OpenBSD because of security issues in OpenSSL.

http://opensslrampage.org/post/88395266930/abandon-the-auto-engine-devcrypto-interface

if more info needed, ask on the mailing list:

https://lists.openbsd.org/cgi-bin/mj_wwwusr?user=&passw=&func=lists-long-full&extra=misc

or better, the LibreSSL mailing list: https://lists.openbsd.org/cgi-bin/mj_wwwusr?user=&passw=&func=lists-long-full&extra=libressl

Thanks!

ngabormini picture ngabormini on 3 Oct 2016
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

danielstaleiny picture danielstaleiny  路  3Comments
vsemozhetbyt picture vsemozhetbyt  路  3Comments
srl295 picture srl295  路  3Comments
Brekmister picture Brekmister  路  3Comments
dfahlander picture dfahlander  路  3Comments