Comments (4)
skrueger8
commented on August 20, 2024
Quick win, call at least ENGINE_load_builtin_engines() to get hardware crypto out of the box...
A call to ENGINE_load_builtin_engines loads all built-in engines, including those for AES_NI instructions and RDRAND. After the call, OpenSSL will use the engines for AES encryption and random number generation, if available. In this case, RDRAND will be the only source of random numbers.
https://wiki.openssl.org/index.php/Library_Initialization
from nrpe.
skrueger8
commented on August 20, 2024
I did some testing (Solaris 11 and FreeBSD 11, OpenSSL 1.0.1) and it seems hardware crypto such as AESNI is already used without calling ENGINE_load_builtin_engines():
root@x86:~# dtrace -n 'pid$target::*crypt*:entry { @[probemod, probefunc] = count(); }' -c ".../check_nrpe -H 127.0.0.1"
dtrace: description 'pid$target::*crypt*:entry ' matched 9 probes
NRPE v3.0.1
dtrace: pid 12461 has exited
libcrypto.so.1.0.0 ERR_load_crypto_strings 1
libcrypto.so.1.0.0 _aesni_encrypt4 1
libcrypto.so.1.0.0 CRYPTO_gcm128_decrypt_ctr32 2
libcrypto.so.1.0.0 aesni_set_encrypt_key 2
libcrypto.so.1.0.0 CRYPTO_gcm128_encrypt_ctr32 3
libcrypto.so.1.0.0 aesni_ctr32_encrypt_blocks 4
libcrypto.so.1.0.0 aesni_encrypt 10
SPARC T7 with builtin T4 engine:
root@t7:/~ # dtrace -n 'pid$target::*crypt*:entry { @[probemod, probefunc] = count(); }' -c ".../check_nrpe -H 127.0.0.1"
dtrace: description 'pid$target::*crypt*:entry ' matched 9 probes
NRPE v2.12
dtrace: pid 21481 has exited
libcrypto.so.1.0.0 ERR_load_crypto_strings 2
libcrypto.so.1.0.0 aes_t4_set_encrypt_key 4
libcrypto.so.1.0.0 CRYPTO_gcm128_decrypt_ctr32 5
libcrypto.so.1.0.0 CRYPTO_gcm128_encrypt_ctr32 6
libcrypto.so.1.0.0 aes256_t4_ctr32_encrypt 7
libcrypto.so.1.0.0 aes_t4_encrypt 22
But it would still be nice to use a non-builtin engine such as pkcs11 on older SPARC (M10/T1000/T5xx0/T3/etc.) servers to use hardware crypto there, too.
from nrpe.
hedenface
commented on August 20, 2024
I think this is a good idea. We'll talk about it at our next internal open source development meeting.
from nrpe.
hedenface
commented on August 20, 2024
I went with the quick implementation, which should be fine. We may discuss allowing engines in the future, but this seems like something more for NCPA to be honest. What's your opinion @jomann09 ?
Anyway, added in 50cbea7.
from nrpe.
Related Issues (20)
- Unable to build against OpenSSL 3.0.0 HOT 5
- 4.0.3 does not accept v3 Packets HOT 2
- NRPE not showing real output of check_apt HOT 6
- Remove deprecated anonymous diffie-helman options
- Nrpe not working with external ip
- Receive header underflow - only 0 bytes received (4 expected). HOT 1
- Error while making with OpenSSL 1.1.1k
- CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
- DNS issue should return UNKNOWN or CRITICAL HOT 6
- Parasitic characters in output
- Wrong user owning the nrpe process under AIX HOT 2
- nrpe[xxxx]: ERROR: my_system() write(fd, buffer)-2 failed... HOT 2
- RHEL9 fails with ERR_get_error_line_data HOT 2
- nrpe 4.1: configuration line length issue? HOT 2
- Problema a la hora de compilar el agente npre4.1.0 fedora17
- NRPE v4.1 repo EPEL : nrpe_user and nrpe_group in nrpe.fg not used HOT 2
- NRPE : "deprecated" removed HOT 2
- Feature Request - Support wildcards in exclude arguments HOT 9
- check_nrpe: Could not connect / Receive header underflow HOT 1
- Error: Request contained command arguments! HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nrpe.