Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1120075

Summary: Via padlock acceleration not working
Product: Red Hat Enterprise Linux 6 Reporter: Steven Haigh <netwiz>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.5   
Target Milestone: rc   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-16 09:05:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steven Haigh 2014-07-16 08:34:35 UTC 
Description of problem:
When using the via padlock engine on a VIA Esther processor, it seems openssl is not accelerated.

Followed the configuration guide here:
http://docs.huihoo.com/redhat/rhel6/en-US/html/Security_Guide/ch03s07.html

Version-Release number of selected component (if applicable):
# rpm -qa | grep openssl
openssl-1.0.1e-16.el6_5.14.i686

# cat /proc/version
Linux version 2.6.32-431.20.3.el6.i686 (mockbuild.gov) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Thu Jun 19 14:02:04 CDT 2014

Testing configuration:
# dmesg | grep padlock
padlock: Using VIA PadLock ACE for AES algorithm.
padlock: Using VIA PadLock ACE for SHA1/SHA256 algorithms.

# dmesg | grep -i rng
alg: No test for stdrng (krng)
VIA RNG detected

# openssl engine -c -tt
(dynamic) Dynamic engine loading support
     [ unavailable ]
(padlock) VIA PadLock (no-RNG, ACE)
 [AES-128-ECB, AES-128-CBC, AES-128-CFB, AES-128-OFB, AES-192-ECB, AES-192-CBC, AES-192-CFB, AES-192-OFB, AES-256-ECB, AES-256-CBC, AES-256-CFB, AES-256-OFB]
     [ available ]

Results of benchmark:
# openssl speed aes-128-cbc aes-192-cbc aes-256-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc       7005.88k     7392.24k     7524.35k    14964.10k    15058.99k
aes-192 cbc       6067.21k     6389.33k     6484.13k    12691.00k    12782.82k
aes-256 cbc       5099.18k     5308.64k     5338.34k    10922.32k    10970.64k

These figures suggest a non-accelerated result for this CPU type.
Comment 2 Steven Haigh 2014-07-16 08:55:51 UTC 
As a reference, I removed the padlock_aes, padlock_sha modules from the running kernel using rmmod, also removed any config from /etc/pki/tls/openssl.cnf related to the padlock engine and re-ran the benchmark:

# openssl engine -c -tt
(dynamic) Dynamic engine loading support
     [ unavailable ]

# openssl speed aes-128-cbc aes-192-cbc aes-256-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc       7142.83k     7468.82k     7563.13k    14955.54k    15079.86k
aes-192 cbc       6157.28k     6397.10k     6483.56k    12719.18k    12745.55k
aes-256 cbc       5117.68k     5276.13k     5332.25k    10964.70k    10961.94k
Comment 3 Tomas Mraz 2014-07-16 09:05:12 UTC 
You have to use openssl speed -evp aes-128-cbc
And so on for other aes variants.