To answer my own question at last:
The problem was a RHEL specific audit related patch to OpenSSH.
The said audit patch is quite large, intrusive, poorly tested
to even work with the configuration options RH broke out
as build-time configurable, and breaks cryptodev offload.
The solution was to back out that patch, and fix all the
subsequent patches that broke to resolve the ensuing FTBFS.

Patched EL6 source packages for OpenSSL (-DHAVE_CRYPTODEV) and
OpenSSH (with audit patch backed out) can be acquired from here:

I hope this saves others time in the future.


On 2015-06-24 13:50, Gordan Bobic wrote:
I've been trying to get this working for a while now and I am having
absolutely no luck. I just built vanilla OpenSSL 1.0.1o, and I still
get the same problem when an offloadable crypto algorithm is used
(note - not specific to hardware acceleration, the same thing
happens if the crypto is any in-kernel software implementation):

sshd: fatal: evp_crypt: EVP_Cipher failed

Has anybody got this working with any combination of OpenSSH and
OpenSSL versions?

For completeness, mod_ssl and openssl pipes using s_client and
s_server work offloaded as expected, it is only sshd that seems
to fail when an offloadable algorithm is used, but unless I'm
misreading the code the above error arises due to an error
return from OpenSSL rather than within OpenSSH.

If anybody has a version combination that works I would really
like to know.



Cryptodev-linux-devel mailing list

Cryptodev-linux-devel mailing list

Reply via email to