| View previous topic :: View next topic |
| Author |
Message |
Cinquero
Apprentice
Joined: 24 Jun 2004
Posts: 249
|
 Posted: Thu Sep 14, 2006 12:47 am Post subject: VIA C3 padlock support working for anyone? |
 |
|
Here is my patched ssh version: (4.3_p2-r102)
https://stier.dynu.com/~myportage/net-misc/openssh/
But not even benchmarking works here:
| Code: | root@k6 modules.d # openssl speed -evp aes-128-cbc -engine padlock
invalid engine "padlock"
19527:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(/usr/lib/engines/libpadlock.so): /usr/lib/engines/libpadlock.so: cannot open shared object file: No such file or directory
19527:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
19527:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
19527:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:415:id=padlock
19527:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(libpadlock.so): libpadlock.so: cannot open shared object file: No such file or directory
19527:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
19527:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
Doing aes-128-cbc for 3s on 16 size blocks:
... |
The problematic point is that it looks for libpadlock.so although openssl 0.9.8c puts the code from crypto/engine into libcrypto and not into separate libs. So what does that mean? I'm really confused here. How do I tell openssl to use the kernel driver?
The kernel padlock module is loaded:
| Code: | root@k6 ~ # cat /proc/crypto
name : deflate
driver : deflate-generic
module : kernel
priority : 0
type : compression
name : aes
driver : aes-padlock
module : padlock
priority : 300
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32 |
Anyone got any idea why I can't even run the openssl benchmark although eng_padlock.c is compiled into libcrypto.so?
Update:
the VIA padlock engine obviously must be enabled internally by patching the ENGINE_load_builtin_engines function in OpenSSL. See https://stier.dynu.com/~moinmoin/MarksWiki/ViaPadlock
Does anyone have an idea how to do that without requiring to patch OpenSSH and other OpenSSL-dependent apps?
Update 2:
I have released openssl-0.9.8c-r102 which you will find at the aforementioned URL(s). To make applications that depend on OpenSSL use padlock, you have to set the padlock-accelerated cipher implementations as defaults. This is done through an additional patch to the OpenSSL lib: if the padlock engine is found, the default ciphers are set accordingly.
The solution still requires a patched openssh. I have added the "padlock" use flag to openssh and openssl. It will apply the requried patches. On my VIA C3 I can now send (encrypt) SSH streams at 10.0 MB/s with a CPU usage of approx. 63%. On C7 systems, additional openssl patches are avaible to support additional digest algorithms in hardware. That should accelerate OpenSSH even more dramatically.
Additional note: I have remove the AES cryptography modules from the kernel config and only included the AES padlock module directly into the kernel (not as module). |
|
| Back to top |
|
 |
mludvig
n00b
Joined: 27 Dec 2006
Posts: 1
|
|
| Back to top |
|
|
|
Networking & Security
