{"id":348,"date":"2008-09-20T15:01:34","date_gmt":"2008-09-20T23:01:34","guid":{"rendered":"http:\/\/znark.com\/blog\/?p=348"},"modified":"2008-09-21T11:12:07","modified_gmt":"2008-09-21T19:12:07","slug":"via-padlock-support-in-openssl","status":"publish","type":"post","link":"https:\/\/znark.com\/blog\/2008\/09\/via-padlock-support-in-openssl\/","title":{"rendered":"VIA padlock support in OpenSSL"},"content":{"rendered":"

The VIA C7 processor also has padlock encryption acceleration support.
\n[Linux support](http:\/\/www.logix.cz\/michal\/doc\/article.xp\/padlock-en)
\nwas added a while ago.<\/p>\n

First, the automatically load the `padlock` module, add the `\/etc\/sysconfig\/modules\/via-padlock.modules` file.<\/p>\n

#!\/bin\/sh
\n for i in padlock; do
\n modprobe $i >\/dev\/null 2>&1
\n done<\/p>\n

Second, to use it for internal kernel encryption, add to `\/etc\/modprobe.conf`.<\/p>\n

alias aes padlock<\/p>\n

Third, OpenSSL can be configured to use padlock. To see if your
\nOpenSSL was compiled with padlock support, do `openssl engine
\npadlock`. You can see the speed difference by comparing `openssl
\nspeed -evp aes-128-cbc` to `openssl speed -evp aes-128-cbc -engine
\npadlock`. To use padlock engine by default, add the following lines
\nto the top of `\/etc\/pki\/tls\/openssl.cnf.<\/p>\n

#enable padlock engine by default:
\n openssl_conf = openssl_def<\/p>\n

[openssl_def]
\n engines = openssl_engines<\/p>\n

[openssl_engines]
\n padlock = padlock_engine<\/p>\n

[padlock_engine]
\n default_algorithms = ALL<\/p>\n

Unfortunately, the version of openssh in Centos 5 does not use the
\npadlock engine. Engine support was added to openssh in 4.9p1
\n([bug 1437](https:\/\/bugzilla.mindrot.org\/show_bug.cgi?id=1437)). It looks
\nlike there is a
\n[bug](http:\/\/rt.openssl.org\/Ticket\/Display.html?id=1668) with engine
\nsupport which is fixed in OpenSSL 0.9.7h. It looks like Ubuntu Hardy
\n[has patched its
\npackages](https:\/\/bugs.launchpad.net\/ubuntu\/+source\/openssl\/+bug\/119295).<\/p>\n","protected":false},"excerpt":{"rendered":"

The VIA C7 processor also has padlock encryption acceleration support. [Linux support](http:\/\/www.logix.cz\/michal\/doc\/article.xp\/padlock-en) was added a while ago. First, the automatically load the `padlock` module, add the `\/etc\/sysconfig\/modules\/via-padlock.modules` file. #!\/bin\/sh for i in padlock; do modprobe $i >\/dev\/null 2>&1 done Second, to use it for internal kernel encryption, add to `\/etc\/modprobe.conf`. alias aes padlock Third, OpenSSL […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57],"tags":[],"class_list":["post-348","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/znark.com\/blog\/wp-json\/wp\/v2\/posts\/348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/znark.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/znark.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/znark.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/znark.com\/blog\/wp-json\/wp\/v2\/comments?post=348"}],"version-history":[{"count":2,"href":"https:\/\/znark.com\/blog\/wp-json\/wp\/v2\/posts\/348\/revisions"}],"predecessor-version":[{"id":350,"href":"https:\/\/znark.com\/blog\/wp-json\/wp\/v2\/posts\/348\/revisions\/350"}],"wp:attachment":[{"href":"https:\/\/znark.com\/blog\/wp-json\/wp\/v2\/media?parent=348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/znark.com\/blog\/wp-json\/wp\/v2\/categories?post=348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/znark.com\/blog\/wp-json\/wp\/v2\/tags?post=348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}