[Bug 2972] New: Add build-time option to use OpenSSL for ChaCha20-Poly1305
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Feb 24 08:59:27 AEDT 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=2972
Bug ID: 2972
Summary: Add build-time option to use OpenSSL for
ChaCha20-Poly1305
Product: Portable OpenSSH
Version: 7.9p1
Hardware: ARM
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: businesscorrespondence+openssh at rkjnsn.net
I am using an ARM board based on the Marvell ARMADA 38x Cortex-A9+NEON
CPU to run a custom NAS server. While the CPU power is limited, OpenSSL
ships with a NEON-optimized implementation of ChaCha20-Poly1305 that
achieves just over 170MB/s on this CPU (as reported by "openssl speed
-elapsed -evp ChaCha20-Poly1305 -aead"), making it by far the fastest
algorithm with good security on this CPU. Unfortunately, unlike the
other algorithms supported by OpenSSH, it will not use OpenSSL support
for ChaCha20-Poly1305 even if building with OpenSSL is enabled.
Instead, it will use the bundled generic C implementation, which
appears to be slower on this CPU by at least a factor of 3. Indeed,
using OpenSSH with 'aes128-ctr' turns out to be faster, as it uses
OpenSSL's optimized implementation, despite that implementation being
2-3 times slower according to "openssl speed" than OpenSSL's optimized
version of ChaCha20-Poly1305.
As such, it would be really nice to be able to build OpenSSH to use
OpenSSL's optimized ChaCha20-Poly1305 implementation rather than the
built-in generic one.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list