3.7. OpenSSL PadLock Engine

The VIA PadLock Engine is available in some VIA C3 processors (Nehemia), and allows for extremely fast hardware encryption and decryption.

To enable it, edit /etc/pki/tls/openssl.cnf and add the following at the beginning of the file:

openssl_conf = openssl_init

Then add the following to the end of the file:

[openssl_init]
engines = openssl_engines

[openssl_engines]
padlock = padlock_engine

[padlock_engine]
default_algorithms = ALL
dynamic_path = /usr/lib/openssl/engines/libpadlock.so
init = 1

Note: for 64-bit systems, use dynamic_path = /usr/lib64/openssl/engines/libpadlock.so.

To check if the module is enabled, run the following command:

# openssl engine -c -tt

To test its speed, run the following command:

# openssl speed aes-128-cbc

To test the speed of OpenSSH you can run a command like the following:

# dd if=/dev/zero count=100 bs=1M | ssh -c aes128-cbc localhost "cat >/dev/null"

PadLock is a third-party initiative available in the Linux kernel. You can find out more about the VIA PadLock engine at the following URLs: http://www.logix.cz/michal/devel/padlock/ and http://www.via.com.tw/en/initiatives/padlock/.