Project

General

Profile

Actions

Regression #11785

closed

OpenSSL "Operation not supported" error with cryptodev in certain cases

Added by Jim Pingle over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Very High
Assignee:
Category:
FreeBSD
Target version:
Start date:
04/06/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Force Exclusion
Affected Version:
2.5.1
Affected Architecture:

Description

It's not clear what specifically is triggering this, but with AES-NI+cryptodev loaded, I have a VM which is failing to start OpenVPN. If I disable AES-NI+cryptodev, it works.

Looks like it's an issue in OpenSSL 1.1.1k that's being worked on upstream: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254643

Apr 6 10:08:23     openvpn     60652     Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
Apr 6 10:08:23     openvpn     60652     OpenVPN 2.5.1 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Apr 5 2021
Apr 6 10:08:23     openvpn     60652     library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10
Apr 6 10:08:23     openvpn     60725     NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 6 10:08:23     openvpn     60725     OpenSSL: error:0201502D:system library:ioctl:Operation not supported
Apr 6 10:08:23     openvpn     60725     EVP cipher init #2
Apr 6 10:08:23     openvpn     60725     Exiting due to fatal error

Related issues

Has duplicate Bug #11774: unbound control shows SSL errorDuplicate04/02/2021

Actions
Actions

Also available in: Atom PDF