logo       
<prev   next>

Hardware acceleration using VIA Padlock (was Re: a couple of questions): msg#00455

network.openvpn.user

Subject: Hardware acceleration using VIA Padlock (was Re: a couple of questions)

Hi there,

I found a page describing how to use the VIA Padlock ACE (AES encryption
in hardware) on recent Nehemiah processors.

http://www.logix.cz/michal/devel/padlock/#openssl

There's a patch to OpenSSL 0.9.7d that provides access to the Padlock ACE
through the ENGINE interface.

It also gives instructions on how to enable ENGINE support in applications:

| Applications using OpenSSL
|
| Applications that use OpenSSL library for their cryptographic needs (such
| as OpenSSH) must explicitly load the available hardware crypto engines.
| This can be done with these simple calls during startup of the program:
|
| #include <openssl/engine.h>
|
| int main ()
| {
| [...]
| /* Init available hardware crypto engines. */
| ENGINE_load_builtin_engines();
| ENGINE_register_all_complete();
| [...]
| }

I didn't find any calls to the ENGINE_* functions in the OpenVPN source,
so I suspect that you'd need to add these two calls somewhere.

It would be nice if somebody who has one of these units could benchmark
its performance with OpenVPN.

--eric

> OpenVPN's interface to the OpenSSL library uses either TLS or the EVP layer
> for low-level crypto. I know that the EVP layer supports crypto acceleration,
> but I've never actually tested this feature with OpenVPN because I haven't had
> access to a machine with hardware acceleration.
>
> If you have a version of OpenSSL which is smart enough to allow the user to
> configure it so that all OpenSSL client applications will transparently use
> the accelerator without needing explicit source code changes to do so, then
> the answer is probably yes, OpenVPN will use it transparently.


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Will v1.5 work with v1.3.2: 00455, James Yonan
Next by Date:  OpenVPN 2.0-beta6 released: 00455, James Yonan
Previous by Thread:  2.x Confs and Cert Pathsi: 00455, Raymond
Next by Thread:  Re: Hardware acceleration using VIA Padlock (was Re: a couple of questions): 00455, Jon Bendtsen
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | FAQ | advertise