To answer my own question at last: The problem was a RHEL specific audit related patch to OpenSSH. The said audit patch is quite large, intrusive, poorly tested to even work with the configuration options RH broke out as build-time configurable, and breaks cryptodev offload. The solution was to back out that patch, and fix all the subsequent patches that broke to resolve the ensuing FTBFS.
Patched EL6 source packages for OpenSSL (-DHAVE_CRYPTODEV) and OpenSSH (with audit patch backed out) can be acquired from here: http://ftp.redsleeve.org/pub/el6/packages/soc/SRPMS/openssl-1.0.1e-30.el6.11.cryptodev.src.rpm http://ftp.redsleeve.org/pub/el6/packages/soc/SRPMS/openssh-5.3p1-104.el6.1.cryptodev.src.rpm I hope this saves others time in the future. Gordan On 2015-06-24 13:50, Gordan Bobic wrote:
I've been trying to get this working for a while now and I am having absolutely no luck. I just built vanilla OpenSSL 1.0.1o, and I still get the same problem when an offloadable crypto algorithm is used (note - not specific to hardware acceleration, the same thing happens if the crypto is any in-kernel software implementation): sshd: fatal: evp_crypt: EVP_Cipher failed Has anybody got this working with any combination of OpenSSH and OpenSSL versions? For completeness, mod_ssl and openssl pipes using s_client and s_server work offloaded as expected, it is only sshd that seems to fail when an offloadable algorithm is used, but unless I'm misreading the code the above error arises due to an error return from OpenSSL rather than within OpenSSH. If anybody has a version combination that works I would really like to know. TIA. Gordan _______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
_______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
