sshd fails when using cryptodev-linux to compute hmac
Damien Miller
djm at mindrot.org
Thu Oct 10 08:40:24 AEDT 2024
On Wed, 9 Oct 2024, Peter Rashleigh wrote:
> > I'd suggest turning on LogVerbose=* so you can see which process
> > (represented by it's PID) is doing what, though that probably won't
> > be represented in the devcrypto debug messages unless you hack
> > something similar in.
>
> Too bad, I was hoping it was a tested/supported configuration. Since
> that doesn't seem to be the case, I suspect the easiest way forward
> for me is going to be disabling the openssl engine entirely so that
> openssh works properly. I doubt that hardware-accelerated crypto is
> going to have much benefit for SSH workloads anyway.
Yeah, we used to support /dev/crypto on OpenBSD and it only really
helped with pre-2005ish CPUs; the costs of massaging/moving the data
around and user/kernel context switching erased the gains. Maybe
this would be better if the application was explicitly designed for
the kernel interface, but OpenSSH isn't
Hardware-accelerated crypto is still a huge win when it doesn't need
to go via the kernel, e.g. AES-NI.
-d
More information about the openssh-unix-dev
mailing list