https://bugzilla.mindrot.org/show_bug.cgi?id=2972
Bug ID: 2972
Summary: Add build-time option to use OpenSSL for
ChaCha20-Poly1305
Product: Portable OpenSSH
Version: 7.9p1
Hardware: ARM
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: [email protected]
Reporter: [email protected]
I am using an ARM board based on the Marvell ARMADA 38x Cortex-A9+NEON
CPU to run a custom NAS server. While the CPU power is limited, OpenSSL
ships with a NEON-optimized implementation of ChaCha20-Poly1305 that
achieves just over 170MB/s on this CPU (as reported by "openssl speed
-elapsed -evp ChaCha20-Poly1305 -aead"), making it by far the fastest
algorithm with good security on this CPU. Unfortunately, unlike the
other algorithms supported by OpenSSH, it will not use OpenSSL support
for ChaCha20-Poly1305 even if building with OpenSSL is enabled.
Instead, it will use the bundled generic C implementation, which
appears to be slower on this CPU by at least a factor of 3. Indeed,
using OpenSSH with 'aes128-ctr' turns out to be faster, as it uses
OpenSSL's optimized implementation, despite that implementation being
2-3 times slower according to "openssl speed" than OpenSSL's optimized
version of ChaCha20-Poly1305.
As such, it would be really nice to be able to build OpenSSH to use
OpenSSL's optimized ChaCha20-Poly1305 implementation rather than the
built-in generic one.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
