Removing crypto(9) "opencrypto" and /dev/crypto

Michael Neumann mneumann at ntecs.de
Sun Aug 10 06:38:36 PDT 2025 

On Sun, Aug 10, 2025 at 09:59:44AM +0800, Aaron LI wrote:
> On 8/8/25 6:20 PM, Michael Neumann wrote:
> > Hi,
> 
> Hi Michael,
> 
> Great job!

Hi Aaron,


> > I'd like to commit the following two patches, removing a lot of "bloat":
> > 
> > https://leaf.dragonflybsd.org/~mneumann/0001-crypto-remove-dev-crypto-pseudo-device.patch
> 
> Some suggestions:
> 
> 1. UPDATING:
>    As we're removing 'device cryptodev' from the default kernel config, I
> suggest we first make 'cryptdev' a no-op and then remove it in a later
> release.  The UPDATING file said similar notes for the FFS_ROOT option.

Thanks for the notice! I am trying to accomplish that with a line
in sys/conf/files like:

	NOOP     optional cryptodev no-obj \
		 warning "device cryptodev removed"

And the same for the other removed devices like "aesni", "safe", etc.

I just did a "make buildworld" with a "device cryptodev" in the 
kernel config and with this line it succeeds.

> 2. Bump __DragonFly_version for the removal of "/dev/crypto" device.

ok

> 3. Makefile_upgrade.inc
>    Also remove "/boot/kernel/cryptodev.ko"
> 
> > https://leaf.dragonflybsd.org/~mneumann/0002-opencrypto-remove-in-kernel-crypto-9-framework.patch
> 
> Some suggestions:
> 
> 1. Makefile_upgrade.inc
>    Remove /usr/include/crypto directory,
>    also remove /boot/kernel/aesni.ko
> 
> 2. Again bump __DragonFly_version, as we're removing
>    "/usr/include/crypto" and changing kernel API, also the removal of
> aesni(4) device.

Bump it twice?

I removed other unused crypto devices ("safe", padlock, hifn, ubsec) in the past without bumping __DragonFly_version. Shall I cover that in a single version
bump, and another one for removing cryptodev, (which includes
/usr/include/crypto).

> 3. sys/config/X86_64_GENERIC, sys/config/LINT64
>    Remove "device aesni"
> 
> 4. UPDATING:
>    Announce that we made "aesni" a no-op and will remove it in a later
> release.
> 
> 5. share/man/man4/rndtest.4
>    Remove the trailing comma (,) from ".Xr random 4 ,".

Thanks for your commits. I'll address these issues.

Regards,

  Michael

> Cheers,
> Aaron

-- 
Michael Neumann
NTECS Consulting
www.ntecs.de

More information about the Kernel mailing list