Re: sshd fails when using cryptodev-linux to compute hmac

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi Damien,

> I don't know anything about cryptodev-linux, but I assume it's an openssl engine? 
Cryptodev-linux is a kernel module that provides access to kernel crypto drivers, especially hardware-accelerated crypto, through the /dev/crypto device. Openssl implements an engine which interfaces to it.

> If so it's possible sshd's multiprocess model and/or file descriptor handling is confusing it.
This seems like a reasonable explanation based on what I've seen so far.

> It's not a configuration we test, so you're mostly on your own to debug it. It's entirely possible there's a bug there; if so, I'd expect it to be something like a fd being closed while devcrypto is still depending on it.
>
> I'd suggest turning on LogVerbose=* so you can see which process (represented by it's PID) is doing what, though that probably won't be represented in the devcrypto debug messages unless you hack something similar in.
Too bad, I was hoping it was a tested/supported configuration. Since that doesn't seem to be the case, I suspect the easiest way forward for me is going to be disabling the openssl engine entirely so that openssh works properly. I doubt that hardware-accelerated crypto is going to have much benefit for SSH workloads anyway.

Thanks,
Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux