Bug 1120075 - Via padlock acceleration not working
Summary: Via padlock acceleration not working
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openssl
Version: 6.5
Hardware: i686
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-16 08:34 UTC by Steven Haigh
Modified: 2014-07-16 09:05 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-07-16 09:05:12 UTC


Attachments (Terms of Use)

Description Steven Haigh 2014-07-16 08:34:35 UTC
Description of problem:
When using the via padlock engine on a VIA Esther processor, it seems openssl is not accelerated.

Followed the configuration guide here:
http://docs.huihoo.com/redhat/rhel6/en-US/html/Security_Guide/ch03s07.html

Version-Release number of selected component (if applicable):
# rpm -qa | grep openssl
openssl-1.0.1e-16.el6_5.14.i686

# cat /proc/version
Linux version 2.6.32-431.20.3.el6.i686 (mockbuild@sl6.fnal.gov) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Thu Jun 19 14:02:04 CDT 2014

Testing configuration:
# dmesg | grep padlock
padlock: Using VIA PadLock ACE for AES algorithm.
padlock: Using VIA PadLock ACE for SHA1/SHA256 algorithms.

# dmesg | grep -i rng
alg: No test for stdrng (krng)
VIA RNG detected

# openssl engine -c -tt
(dynamic) Dynamic engine loading support
     [ unavailable ]
(padlock) VIA PadLock (no-RNG, ACE)
 [AES-128-ECB, AES-128-CBC, AES-128-CFB, AES-128-OFB, AES-192-ECB, AES-192-CBC, AES-192-CFB, AES-192-OFB, AES-256-ECB, AES-256-CBC, AES-256-CFB, AES-256-OFB]
     [ available ]

Results of benchmark:
# openssl speed aes-128-cbc aes-192-cbc aes-256-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc       7005.88k     7392.24k     7524.35k    14964.10k    15058.99k
aes-192 cbc       6067.21k     6389.33k     6484.13k    12691.00k    12782.82k
aes-256 cbc       5099.18k     5308.64k     5338.34k    10922.32k    10970.64k

These figures suggest a non-accelerated result for this CPU type.

Comment 2 Steven Haigh 2014-07-16 08:55:51 UTC
As a reference, I removed the padlock_aes, padlock_sha modules from the running kernel using rmmod, also removed any config from /etc/pki/tls/openssl.cnf related to the padlock engine and re-ran the benchmark:

# openssl engine -c -tt
(dynamic) Dynamic engine loading support
     [ unavailable ]

# openssl speed aes-128-cbc aes-192-cbc aes-256-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc       7142.83k     7468.82k     7563.13k    14955.54k    15079.86k
aes-192 cbc       6157.28k     6397.10k     6483.56k    12719.18k    12745.55k
aes-256 cbc       5117.68k     5276.13k     5332.25k    10964.70k    10961.94k

Comment 3 Tomas Mraz 2014-07-16 09:05:12 UTC
You have to use openssl speed -evp aes-128-cbc
And so on for other aes variants.


Note You need to log in before you can comment on or make changes to this bug.