Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 148629

Summary: Add PadLock support for OpenSSL applications and Linux kernel
Product: Gentoo Linux Reporter: Le retraité <le.retired>
Component: [OLD] LibraryAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED DUPLICATE    
Severity: enhancement CC: hardened
Priority: High    
Version: 2006.1   
Hardware: All   
OS: All   
URL: http://www.logix.cz/michal/devel/padlock/
Whiteboard:
Package list:
Runtime testing required: ---

Description Le retraité 2006-09-22 04:35:35 UTC 
PadLock is a set of CPU instructions in VIA C-7 processors that provides hardware cryptography to speed up AES, SHA and RSA computing.

OpenSSL 0.9.8 has PadLock AES support out of the box but still need a patch to enable SHA:
http://www.logix.cz/michal/devel/padlock/openssl-0.9.8b-sha.diff
http://www.logix.cz/michal/devel/padlock/openssl-0.9.8b-sha.diff.md5
http://www.logix.cz/michal/devel/padlock/openssl-0.9.8b-sha.diff.asc

The same goes for the 2.6.18 Linux kernel:
http://www.logix.cz/michal/devel/padlock/kernel-sha/padlock-sha-complete.diff
http://www.logix.cz/michal/devel/padlock/kernel-sha/padlock-sha-complete.diff.sha1
http://www.logix.cz/michal/devel/padlock/kernel-sha/padlock-sha-complete.diff.asc

There's yet no patch for RSA encryption (Montgomery Multiplier)

It would be usefull to include theses patches in the next OpenSSL, gentoo-sources and hardened-sources ebuilds. No more need for C-7 users to do it manually and no harm for those who don't use a PadLock capable CPU.

Moreover, applications that use OpenSSL library for their cryptographic calculations must load themselves the cryptographic engines:

#include <openssl/engine.h>

int main(int argc, char **argv){

   ...
   ENGINE_load_builtin_engines();
   ENGINE_register_all_complete();
   ...
}	

The only one that i know it has a switch to enable a specific engine is OpenVPN. I really would prefer an OpenSSL config file to do the job, no need for any applications to be aware of that.

Regards.
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2006-09-22 04:37:06 UTC 

*** This bug has been marked as a duplicate of 145537 ***
Comment 2 Le retraité 2006-09-22 05:08:59 UTC 
The OpenSSL part is indeed a duplicate of 145537 (padlock as a search term didn't show any entry) but not the kernel one. Well, maybe the kernel patches should be send upstream as well.

Anyway, thoses patches are 2/3 months old, maybe gentoo could include them.

Regards.
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2006-09-22 05:20:43 UTC 
As said on the other bug, get it accepted upstream.

*** This bug has been marked as a duplicate of 145537 ***
Comment 4 Le retraité 2006-09-22 07:01:10 UTC 
And for the kernel patch ?
Comment 5 Jakub Moc (RETIRED) gentoo-dev 2006-09-22 07:57:51 UTC 
(In reply to comment #4)
> And for the kernel patch ?

http://dev.gentoo.org/~dsd/genpatches/faq.htm