Openvpn and cryptodev fails test-crypto

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
drbrains
OpenVpn Newbie
Posts: 4
Joined: Wed Dec 27, 2017 4:48 pm

Openvpn and cryptodev fails test-crypto

Post by drbrains » Sun Mar 18, 2018 11:09 am

Running OpenVPN on my OpenWRT router works perfect. I have build it with OpenSSL. But as soon as I add “-engine cryptodev” it fails. The ultimate goal is to use hardware encryption, but it fails using just software as well.

The —test-crypto always fails at 560 bytes with the RAND-bytes fail, resulting in an assertion failure. I have a random number generator installed and the “/dev/urandom” is present.

Any ideas what I’m missing??

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4042
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn and cryptodev fails test-crypto

Post by TinCanTech » Sun Mar 18, 2018 9:01 pm

drbrains wrote:
Sun Mar 18, 2018 11:09 am
Running OpenVPN on my OpenWRT router works perfect
OK.
drbrains wrote:
Sun Mar 18, 2018 11:09 am
I have build it with OpenSSL. But as soon as I add “-engine cryptodev” it fails. The ultimate goal is to use hardware encryption, but it fails using just software as well
Does openvpn work or not ? You have confused me ..
drbrains wrote:
Sun Mar 18, 2018 11:09 am
Any ideas what I’m missing
No idea .. perhaps your RNG is not working ..

Your openvpn log may help.

drbrains
OpenVpn Newbie
Posts: 4
Joined: Wed Dec 27, 2017 4:48 pm

Re: Openvpn and cryptodev fails test-crypto

Post by drbrains » Mon Mar 19, 2018 6:46 am

Thanks for the suggestions. I will see if there is a better explanation in the logs besides the RAND_bytes fail.

I think the RNG works, how can I verify that? Is it using something else when using the cryptodev engine in stead of the OpenSSL library?

To be sure: openvpn + OpenSSL works. It just as soon as I add the cryptodev as engine it fails. And always as soon as the test hits 560 bytes.

Post Reply