OCF asym process failed, Running in software
-
I upgraded to 2.1.5 yesterday without any problems and everything appears to be running fine. However, when I ssh into my pfSense box I get 'OCF asym process failed, Running in software' displayed above the welcome message.
My pfSense box has a BCM5821 crypto accelerator installed.
After reading this:- http://permalink.gmane.org/gmane.comp.encryption.openssl.devel/17155
I assume that OpenSSL cryptodev is falling back to software because either my crypto accelerator card doesn't support the method requested in hardware or the certificate is too large for it to handle.Has anyone else seen this OCF message?
-
I assume you didn't see this message in 2.1.4 or lower?
OpenSSL versions were updated to patch some security holes for 2.1.5 so it's probably an underlying change there.
https://doc.pfsense.org/index.php/2.1.5_New_Features_and_ChangesSteve
-
Yes, I had noticed that both OpenSSL installations had been updated in pfSense but I hadn't noticed the 'OCF' message being displayed before 2.1.5 when ssh'ing to pfSense.
I will run some cryptodev benchmarks before taking a look at the OpenSSL 0.9.8zb and 1.0.1i sources.
-
I didn't get to running any more tests on 2.1.5 but this problem appears to be fixed in 2.2RC . I haven't seen the 'OCF asym process failed, Running in software' message at all.
-
Doh! I forgot to create a certificate for login. Now that I'm using SSH with certs on my test box the 'OCF asym process failed' is back again. It's not a big deal. I'm just pleased the crypto cards are working for IPsec.
-
Maybe ask in the 2.2 subforum if it's still happening. I don't see anyone else asking sbout it so perhaps you're doing something unusual.
Steve
