"Adam Cécile (Le_Vert)"
2008-Jan-20 13:42 UTC
OpenSSH + GeodeLX + Linux + Cryptodev = Corrupted MAC on input.
Hello, I just set up Debian Lenny on a PCEngines ALIX. This board have a GeodeLX processor with hardware crypto accelerator, so I patched my kernel to get cryptodev support. Everything is fine when playin with openssl, but openssh just crash when a large amount of data is transfered. A small example: alix:~# scp 100meg.test localhost:/dev/null root at localhost's password: 100meg.test 0% 0 0.0KB/s --:-- ETAReceived disconnect from 127.0.0.1: 2: Corrupted MAC on input. lost connection alix:~# If I unload cryptodev kernel modules, averything works fine again. I found this guy which reported to have the same issue: http://www.docunext.com/wiki/My_Notes_on_Patching_2.6.22_with_OCF#The_Results Tested with OpenSSH 4.6p1 and 4.7p1. Any help would be appreciated. Best regards, Adam. PS: If you don't know at all what's wrong, could you please tell me how to disable cryptodev in sshd (without rebuilding the package wihout --with-ssl-engine) ? Please always CC me, I'm not subscribed.
Darren Tucker
2008-Jan-21 21:11 UTC
OpenSSH + GeodeLX + Linux + Cryptodev = Corrupted MAC on input.
Adam C?cile (Le_Vert) wrote:> I just set up Debian Lenny on a PCEngines ALIX. This board have a > GeodeLX processor with hardware crypto accelerator, so I patched my > kernel to get cryptodev support. > Everything is fine when playin with openssl, but openssh just crash when > a large amount of data is transfered. > > A small example: > alix:~# scp 100meg.test localhost:/dev/null > root at localhost's password: > 100meg.test > 0% 0 0.0KB/s --:-- ETAReceived disconnect from 127.0.0.1: 2: > Corrupted MAC on input. > lost connection > alix:~# > > If I unload cryptodev kernel modules, averything works fine again.Given that it works without the hardware driver, it sounds like some kind of problem with the crypto engine or the interface to it. Can you run OpenSSL's self-test "make tests" and if so do they pass? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Apparently Analagous Threads
- [openssh with openssl cryptodev engine] sshd killed by seccomp filter
- sshd fails when using cryptodev-linux to compute hmac
- sshd fails when using cryptodev-linux to compute hmac
- sshd fails when using cryptodev-linux to compute hmac
- sshd fails when using cryptodev-linux to compute hmac