bugzilla-daemon at bugzilla.mindrot.org
2011-Mar-26 17:52 UTC
[Bug 1882] New: Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 Summary: Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine Product: Portable OpenSSH Version: 5.7p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: scp AssignedTo: unassigned-bugs at mindrot.org ReportedBy: opod at nic-nac-project.org I have a VIA C7 box which supports hardware acceleration for aes-cbc with OpenSSL 'padlock' engine. I have defined the padlock engine as default in /etc/ssl/openssl.conf and it has worked for OpenSSH versions 5.4p1 through 5.6p1. With 5.7p1 and 5.8p1 the hardware acceleration is no longer used. Both OpenSSH versions are configured as such: ./configure --prefix=/usr --libexecdir=/usr/lib/ssh \ --sysconfdir=/etc/ssh --with-tcp-wrappers --with-privsep-user=nobody \ --with-md5-passwords --with-pam --with-mantype=man --mandir=/usr/share/man \ --with-xauth=/usr/bin/xauth --with-kerberos5=/usr --with-ssl-engine \ --with-libedit=/usr/lib I am enclosing verbose client logs, but I don't know if they will be of any use. I'll be happy to provide any additional information that is required. I am filing this against scp as this is how I can verify if the hardware acceleration is working or not, but this is probably a deeper problem. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Mar-26 17:52 UTC
[Bug 1882] Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 --- Comment #1 from opod at nic-nac-project.org 2011-03-27 04:52:40 EST --- Created attachment 2022 --> https://bugzilla.mindrot.org/attachment.cgi?id=2022 5.6p1 client -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Mar-26 17:53 UTC
[Bug 1882] Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 --- Comment #2 from opod at nic-nac-project.org 2011-03-27 04:53:11 EST --- Created attachment 2023 --> https://bugzilla.mindrot.org/attachment.cgi?id=2023 5.8p1 client -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-05 16:42 UTC
[Bug 1882] Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 --- Comment #3 from opod at nic-nac-project.org 2011-05-06 02:42:55 EST --- The bug still persists with 5.8p2. I'll happily provide more information, just tell me what you need. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-06 00:22 UTC
[Bug 1882] Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au Depends on| |1845 --- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2011-05-06 10:22:30 EST --- You can forcibly enable hardware support with ./configure --with-ssl-engine although I'm not sure what would have changed to stop an override in openssl.cnf from working (without --with-ssl-engine it does the same thing it used to do). -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-06 01:59 UTC
[Bug 1882] Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 --- Comment #5 from Darren Tucker <dtucker at zip.com.au> 2011-05-06 11:59:41 EST --- ... which you have. I'm going to attach a patch to add some debugging, please try again with that and attach the output of the client with ssh -vvv. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-06 02:12 UTC
[Bug 1882] Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2041| |ok?(djm at mindrot.org) Flags| | --- Comment #6 from Darren Tucker <dtucker at zip.com.au> 2011-05-06 12:12:49 EST --- Created attachment 2041 --> https://bugzilla.mindrot.org/attachment.cgi?id=2041 switch from SSLeay_add_all_algorithms to OpenSSL_add_all_algoritms for compat hook ah, I think I see what happened. We changed from the old (undocumented) SSLeay_add_all_algorithms() function the new (documented) OpenSSL_add_all_algorithms() function, and in doing so we no longer called the hook in the compat library we use to enable this. Please try the attached patch. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-06 02:32 UTC
[Bug 1882] Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2041|ok?(djm at mindrot.org) |ok+ Flags| | -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-06 17:25 UTC
[Bug 1882] Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 opod at nic-nac-project.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #7 from opod at nic-nac-project.org 2011-05-07 03:25:55 EST --- This does indeed work, thank you for addressing this issue. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-May-10 01:13 UTC
[Bug 1882] Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 --- Comment #8 from Darren Tucker <dtucker at zip.com.au> 2011-05-10 11:13:55 EST --- Committed, thanks. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 05:32 UTC
[Bug 1882] Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #9 from Damien Miller <djm at mindrot.org> 2011-09-06 15:32:53 EST --- close resolved bugs now that openssh-5.9 has been released -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 23:55 UTC
[Bug 1882] Since 5.7p1 OpenSSH doesn't take advantage of OpenSSL hardware engine
https://bugzilla.mindrot.org/show_bug.cgi?id=1882 Bug 1882 depends on bug 1845, which changed state. Bug 1845 Summary: Bugs intended to be fixed in 5.9 https://bugzilla.mindrot.org/show_bug.cgi?id=1845 What |Old Value |New Value ---------------------------------------------------------------------------- Resolution| |FIXED Status|NEW |RESOLVED -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.