On 4/8/26 18:39, Charles Sprickman wrote: > Hello all, just re-sending this to see if anyone can provide info here. > > The last release that will still support "Asymmetric crypto features via > /dev/crypto" is 13.5-RELEASE which will hit EOL on April 30th. > > Can someone familiar with this please address how we can identify which > jail/process/pid/anything is triggering this? Or even narrow it down? Is it > just old OpenSSL or are other applications known to use this interface? > Searching through the source over on the GitHub mirror isn't even turning up > any matches on the error text, so I'm kind of lost.
I do not know if it helps establish some useful context, but the left hand side of the diff in https://reviews.freebsd.org/D29736 for sys/opencrypto/cryptodev.c has: . . . static int crypto_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td) . . . devfs_get_cdevpriv((void **)&fcr); switch (cmd) { . . . case CIOCKEY: case CIOCKEY2: if (ratecheck(&keywarn, &warninterval)) gone_in(14, "Asymmetric crypto operations via /dev/crypto"); . . . break; case CIOCASYMFEAT: if (ratecheck(&featwarn, &warninterval)) gone_in(14, "Asymmetric crypto features via /dev/crypto"); . . . break; . . . All 3 case blocks of code were completely removed on the right hand side of the diff. Looks like the commit was: <https://cgit.freebsd.org/src/commit/sys/opencrypto/cryptodev.c?id=76681661be2859622872c3a8a1bd68260403ddd0> from 2021-04-12. > > Thanks, > > Charles > >> On Dec 6, 2025, at 1:22 PM, Charles Sprickman <[email protected]> wrote: >> >> Hi all, >> >> As someone that runs a TON of old junk in jails (including I believe a 4.11 >> somewhere), I've been seeing this message for ages: >> >> "Deprecated code (to be removed in FreeBSD 14): Asymmetric crypto features >> via /dev/crypto" >> >> This pops up during boot (jail startup) and also shows up in the dmesg >> buffer whenever I guess /dev/crypto is touched. A few questions: >> >> - can we have this message state which jail (even jail ID) is generating the >> message? >> - can the message include the PID of the process or really anything to >> identify what's triggering this? >> >> I feel like this would be helpful for others with old software who are >> avoiding 14.x. >> >> If not, what can I do with the system as it is to dig up what's generating >> this? >> >> I'd like to see if this is something that can be upgraded, even for the >> jails trapped in CVE amber, or if I'm stuck moving these into vmware of >> bhyve. >> >> Thanks, >> >> Charles >> >> > > > -- === Mark Millard marklmi at yahoo.com
