This bug was initially created as a copy of Bug #1397547

I am copying this bug because: 

There seems to be a regression of this bug in RHEL-9.3 in FIPS. Scenario described below is implemented in TC#0544984 - /CoreOS/openssh/Regression/bz1397547-SSH-does-not-use-the-ibmca-crypto-hardware. The test fails on RHEL-9.3 with openssh-8.7p1-34.el9.s390x the same way that is described in the original bug report (counters are not incremented). When I downgrade to openssh-8.7p1-28.el9.s390x the test again works flawlessly. The most suspicious change in 9.3.9 openssh is in BZ#2091694 - isn't it possible that it brought this regression?

Description of problem:

Configured OpenSSL to use ibmca and verified the configuration for Apache but SSHD will not use the modular exponentiation (RSA/DH/DSA) from the crypto adapter.


Version-Release number of selected component (if applicable):

openssh-8.7p1-34.el9.s390x (the other packages make no difference)

How reproducible:

100% in FIPS mode on s390x

Steps to Reproduce:

1. Run TC#0544984 - /CoreOS/openssh/Regression/bz1397547-SSH-does-not-use-the-ibmca-crypto-hardware 

or 

0. configure the openssl.cnf as described in openssl.cnf.sample-s390x reboot 
1.configure openssl as above
2.reboot
3.run lszcrypt -VVV to check request_count
4.run icastats -r to clear stats
5.open multiple ssh sessions and the counter will not increment
6.run lszcrypt -VVV to check request_count
7.run icastats to verify the software count is incrementing and the hardware count is not

Actual results:

the request_count will not increment and icastats for hardware will not increment which means that ssh is using the builtin openssl engine instead of offloading to the crypto card

Expected results:

request_count should increment and icastats should increment for hardware

Additional info:

Works fine with openssh-8.7p1-28.el9.s390x. 
Works fine with openssh-8.7p1-34.el9.s390x when FIPS is disabled.