Re: Hardware acceleration using VIA Padlock (was Re: [Openvpn-users] a couple of questions)

Eric E. Bowles wrote:
> Hi there,
>
> I found a page describing how to use the VIA Padlock ACE (AES encryption 
> in hardware) on recent Nehemiah processors.
>
> http://www.logix.cz/michal/devel/padlock/#openssl
>
> There's a patch to OpenSSL 0.9.7d that provides access to the Padlock ACE 
> through the ENGINE interface.
>
> It also gives instructions on how to enable ENGINE support in applications:
>
>  | Applications using OpenSSL
>  |
>  | Applications that use OpenSSL library for their cryptographic needs (such 
>  | as OpenSSH) must explicitly load the available hardware crypto engines. 
>  | This can be done with these simple calls during startup of the program:
>  |
>  | #include <openssl/engine.h>
>  |
>  | int main ()
>  | {
>  |      [...]
>  |      /* Init available hardware crypto engines. */
>  |      ENGINE_load_builtin_engines();
>  |      ENGINE_register_all_complete();
>  |      [...]
>  | }    
>
> I didn't find any calls to the ENGINE_* functions in the OpenVPN source, 
> so I suspect that you'd need to add these two calls somewhere.

I think proper place might be  (in crypto.c)
   1443 void init_crypto_lib ()
   1444 {
   1445 }

but then again, that openssl patch (at least for me) caused some 
breakage and when I asked one thing about padlock and aes-256-cbc I got 
following answer:

OpenSSL patch doesn't (yet) support AES256 and AES512. Only AES128

signature.asc
Description: OpenPGP digital signature