# OpenSSL Padlock Crypto



## Jimmy (Feb 28, 2014)

These are my results for OpenSSL w/padlock with Padlock on a J7N2/J7N4 with a VIA C7 CPU.  They look a little low when compared to http://lists.freebsd.org/pipermail/free ... 27231.html. I am getting approx_imately_ 14 MB/s while the author of the link above sees about 90 MB/s. Is it possible Padlock is still not functioning correctly in this version of FreeBSD/OpenSSL?

```
uname -a
FreeBSD diesel.steppingstones 9.1-RELEASE-p4 FreeBSD 9.1-RELEASE-p4 #14: Mon Jun 24 23:17:13 BST 2013     jim@diesel.steppingstones:/usr/obj/usr/src/sys/DIESEL  i386

/usr/bin/openssl engine -c -tt
(cryptodev) BSD cryptodev engine
 [RSA, DSA, DH, AES-128-CBC]
     [ available ]
(padlock) VIA PadLock (no-RNG, ACE)
 [AES-128-ECB, AES-128-CBC, AES-128-CFB, AES-128-OFB, AES-192-ECB, AES-192-CBC, AES-192-CFB, AES-192-OFB, AES-256-ECB, AES-256-CBC, AES-256-CFB, AES-256-OFB]
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]

/usr/bin/openssl speed -engine padlock

OpenSSL 0.9.8y 5 Feb 2013
built on: date not available
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
compiler: cc
available timing options: USE_TOD HZ=128 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md2                792.04k     1668.07k     2306.81k     2551.20k     2632.35k
mdc2              1630.97k     1782.74k     1824.73k     1835.52k     1838.11k
md4               7372.35k    24707.33k    65291.77k   110866.83k   139391.59k
md5               5663.26k    17748.88k    42552.56k    65411.84k    77610.28k
hmac(md5)         5420.62k    17213.81k    41776.37k    64952.56k    77552.00k
sha1              4969.11k    13730.81k    28198.98k    38314.72k    42813.57k
rmd160            4768.14k    12977.55k    26296.41k    35374.84k    39348.13k
rc4              53785.15k    58939.57k    60252.70k    60723.58k    60862.69k
des cbc          16131.69k    16649.52k    16813.57k    16854.75k    16866.77k
des ede3          5777.37k     5850.19k     5872.01k     5877.49k     5879.33k
idea cbc             0.00         0.00         0.00         0.00         0.00
seed cbc             0.00         0.00         0.00         0.00         0.00
rc2 cbc           7618.17k     7895.44k     7962.46k     7978.65k     7984.80k
rc5-32/12 cbc    55018.65k    61430.24k    63692.76k    64285.79k    64457.70k
blowfish cbc     29116.02k    30831.46k    31291.18k    31434.20k    31475.44k
cast cbc         28694.18k    30345.60k    30886.94k    31027.29k    31067.03k
aes-128 cbc      14168.70k    14654.35k    14816.16k    14858.11k    14867.54k
aes-192 cbc      12409.50k    12781.68k    12903.53k    12935.20k    12943.95k
aes-256 cbc      11038.34k    11331.98k    11427.19k    11452.06k    11459.12k
camellia-128 cbc    15981.82k    16727.91k    16905.26k    16962.90k    17022.85k
camellia-192 cbc    12519.67k    12935.81k    13042.90k    13077.21k    13086.96k
camellia-256 cbc    12520.06k    12930.41k    13042.75k    13077.37k    13086.53k
sha256            3197.86k     7301.35k    12744.77k    15619.27k    16733.21k
sha512             878.28k     3511.89k     5125.23k     7050.67k     7918.10k
aes-128 ige      15095.74k    15875.61k    16122.96k    16186.62k    16204.00k
aes-192 ige      13115.26k    13699.63k    13883.23k    13930.46k    13943.04k
aes-256 ige      11593.77k    12038.35k    12190.04k    12226.56k    12236.53k
                  sign    verify    sign/s verify/s
rsa  512 bits 0.002117s 0.000204s    472.4   4904.1
rsa 1024 bits 0.009570s 0.000505s    104.5   1980.7
rsa 2048 bits 0.054326s 0.001575s     18.4    634.8
rsa 4096 bits 0.349970s 0.005496s      2.9    181.9
                  sign    verify    sign/s verify/s
dsa  512 bits 0.001579s 0.001831s    633.2    546.3
dsa 1024 bits 0.004388s 0.005217s    227.9    191.7
dsa 2048 bits 0.014329s 0.017248s     69.8     58.0
```


----------



## Jimmy (Mar 5, 2014)

Hi

This has probably moved more into a software/ports question, but I posted this in Networking because I'm using OpenSSL with OpenVPN.

The version of OpenSSL which ships with FreeBSD in /usr/bin/openssl does have Padlock support but there's information floating around online stating that it's broken and you should build the version from the ports. I then had a go building the port and although I included Padlock in the configuration and can see the patches associated with http://www.freebsd.org/cgi/query-pr.cgi?pr=164795 present in the distinfo of the port, I don't seem to have Padlock support? I followed the guide here to configure OpenSSL: http://home.exetel.com.au/mansfield/?page_id=4, adding the listed param*eter*s to /usr/local/openssl/openssl.cfg but to no avail, the following is all I get:

```
> /usr/local/bin/openssl engine -c -tt

/usr/local/bin/openssl engine -c -tt
(cryptodev) BSD cryptodev engine
 [RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC]
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]

> /usr/local/bin/openssl version
OpenSSL 1.0.1f 6 Jan 2014
```

Can anyone offer some advice to get Padlock support in the ports version of OpenSSL?


----------

