OpenSSH & T2 (contd)
By sprack on Sep 22, 2008
Following from the recent post discussing modifying OpenSSL to enable OpenSSH to take advantage of the UltraSPARC T2 crypto accelerators, I should also mention that it is possible to just use the PKCS11 engine modified OpenSSL that Sun provides. You should use the –with-ssl-engine when you configure OpenSSH. Further, it may just be my mistake, but I am having problems getting OpenSSH to use the PKCS11 engine unless I modify openssl-compat.c. In the unmodified code, ssh_SSLeay_add_all_algorithms() does:
/\* Enable use of crypto hardware \*/ ENGINE_load_builtin_engines(); ENGINE_register_all_complete();
I changed this to:
ENGINE \*pkcengine; /\* Enable use of crypto hardware \*/ ENGINE_load_builtin_engines(); pkcengine = ENGINE_by_id("pkcs11"); ENGINE_init(pkcengine); ENGINE_set_default_ciphers(pkcengine);
and things started working fine. I need to find some cycles to go back I see if I had things misconfigured.