The VIA C7 processor also has padlock encryption acceleration support. Linux support was added a while ago.
First, the automatically load the padlock module, add the /etc/sysconfig/modules/via-padlock.modules file.
#!/bin/sh
for i in padlock; do
modprobe $i >/dev/null 2>&1
done
Second, to use it for internal kernel encryption, add to /etc/modprobe.conf.
alias aes padlock
Third, OpenSSL can be configured to use padlock. To see if your
OpenSSL was compiled with padlock support, do openssl engine
padlock. You can see the speed difference by comparing openssl
speed -evp aes-128-cbc to openssl speed -evp aes-128-cbc -engine
padlock. To use padlock engine by default, add the following lines
to the top of `/etc/pki/tls/openssl.cnf.
#enable padlock engine by default:
openssl_conf = openssl_def
[openssl_def]
engines = openssl_engines
[openssl_engines]
padlock = padlock_engine
[padlock_engine]
default_algorithms = ALL
Unfortunately, the version of openssh in Centos 5 does not use the padlock engine. Engine support was added to openssh in 4.9p1 (bug 1437). It looks like there is a bug with engine support which is fixed in OpenSSL 0.9.7h. It looks like Ubuntu Hardy has patched its packages.