[Bug 1882] New: Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Mar 27 04:52:07 EST 2011


https://bugzilla.mindrot.org/show_bug.cgi?id=1882

           Summary: Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL
                    hardware engine
           Product: Portable OpenSSH
           Version: 5.7p1
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: scp
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: opod at nic-nac-project.org


I have a VIA C7 box which supports hardware acceleration for aes-cbc
with OpenSSL 'padlock' engine.

I have defined the padlock engine as default in /etc/ssl/openssl.conf
and it has worked for OpenSSH versions 5.4p1 through 5.6p1. With 5.7p1
and 5.8p1 the hardware acceleration is no longer used. 

Both OpenSSH versions are configured as such:

./configure --prefix=/usr --libexecdir=/usr/lib/ssh \
        --sysconfdir=/etc/ssh --with-tcp-wrappers
--with-privsep-user=nobody \
        --with-md5-passwords --with-pam --with-mantype=man
--mandir=/usr/share/man \
        --with-xauth=/usr/bin/xauth --with-kerberos5=/usr
--with-ssl-engine \
        --with-libedit=/usr/lib

I am enclosing verbose client logs, but I don't know if they will be of
any use. I'll be happy to provide any additional information that is
required.

I am filing this against scp as this is how I can verify if the
hardware acceleration is working or not, but this is probably a deeper
problem.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list