Comment 12 for bug 119295

** These bugs are fixed upstream in OpenSSH 4.9 and OpenSSL 0.9.8h **

You can apply the fix to OpenSSH 4.7 from Ubuntu just fine: https://bugzilla.mindrot.org/attachment.cgi?id=1458 . It applies cleanly except for two rejects at points where the changes have already been applied, so the rejects can be safely ignored. With the patch I get 100Mbit wire speed with the aes128-cbc cipher. You will also need to apply Ian Lister's OpenSSL patch above.

PLEASE merge both these patches (the openssl cache logic fix and the openssh engine init fix) for the next hardy update.

I can confirm that with both patches OpenSSH performs vastly better and with much lower CPU use.

As for why the tests I was doing weren't working:

It's necessary to specify "-evp aes-128-cbc" instead of just "aes-128-cbc" to get an engine to work; just passing "-engine padlock" is insufficient. The "engine" argument requests loading of a given engine, but doesn't tell "openssl speed" to use the engine system; it still calls the AES code directly. -evp tells openssl speed to use the engine system, but doesn't say anything about which engine.

/usr/bin/openssl speed -evp aes-128-cbc -engine padlock:
aes-128-cbc 30934.33k 102451.76k 251594.56k 391449.69k 468731.35k

/usr/bin/openssl speed aes-128-cbc -engine padlock:
aes-128 cbc 6827.95k 9055.61k 9926.85k 10172.77k 10244.14k