Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OCF asym process failed, Running in software

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    6 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vbentley
      last edited by

      I upgraded to 2.1.5 yesterday without any problems and everything appears to be running fine. However, when I ssh into my pfSense box I get 'OCF asym process failed, Running in software' displayed above the welcome message.

      My pfSense box has a BCM5821 crypto accelerator installed.
      After reading this:- http://permalink.gmane.org/gmane.comp.encryption.openssl.devel/17155
      I assume that OpenSSL cryptodev is falling back to software because either my crypto accelerator card doesn't support the method requested in hardware or the certificate is too large for it to handle.

      Has anyone else seen this OCF message?

      Trademark Attribution and Credit
      pfSense® and pfSense Certified® are registered trademarks of Electric Sheep Fencing, LLC in the United States and other countries.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        I assume you didn't see this message in 2.1.4 or lower?
        OpenSSL versions were updated to patch some security holes for 2.1.5 so it's probably an underlying change there.
        https://doc.pfsense.org/index.php/2.1.5_New_Features_and_Changes

        Steve

        1 Reply Last reply Reply Quote 0
        • V
          vbentley
          last edited by

          Yes, I had noticed that both OpenSSL installations had been updated in pfSense but I hadn't noticed the 'OCF' message being displayed before 2.1.5 when ssh'ing to pfSense.

          I will run some cryptodev benchmarks before taking a look at the OpenSSL 0.9.8zb and 1.0.1i sources.

          Trademark Attribution and Credit
          pfSense® and pfSense Certified® are registered trademarks of Electric Sheep Fencing, LLC in the United States and other countries.

          1 Reply Last reply Reply Quote 0
          • V
            vbentley
            last edited by

            I didn't get to running any more tests on 2.1.5 but this problem appears to be fixed in 2.2RC . I haven't seen the 'OCF asym process failed, Running in software' message at all.

            Trademark Attribution and Credit
            pfSense® and pfSense Certified® are registered trademarks of Electric Sheep Fencing, LLC in the United States and other countries.

            1 Reply Last reply Reply Quote 0
            • V
              vbentley
              last edited by

              Doh! I forgot to create a certificate for login. Now that I'm using SSH with certs on my test box the 'OCF asym process failed' is back again. It's not a big deal. I'm just pleased the crypto cards are working for IPsec.

              Trademark Attribution and Credit
              pfSense® and pfSense Certified® are registered trademarks of Electric Sheep Fencing, LLC in the United States and other countries.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Maybe ask in the 2.2 subforum if it's still happening. I don't see anyone else asking sbout it so perhaps you're doing something unusual.

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.