What is Intel QAT Engine?
Intel QuickAssist Technology (QAT) OpenSSL Engine is a plugin that provides cryptographic acceleration for OpenSSL-based applications. It leverages Intel QuickAssist Technology to offload compute-intensive cryptographic operations from the CPU, delivering significant performance improvements for secure communications.Hardware Acceleration
Offload crypto operations to dedicated QAT hardware accelerators on Intel platforms
Software Optimization
Utilize optimized CPU-based implementations using AVX-512 and Intel instruction sets
Seamless Integration
Works as a drop-in plugin for OpenSSL through the engine or provider interface
Broad Algorithm Support
Accelerate RSA, ECDH, ECDSA, AES-GCM, ChaCha20-Poly1305, and more
Architecture Overview
The QAT Engine sits between your application and OpenSSL, intercepting cryptographic operations and routing them to the most appropriate acceleration path:Dual Acceleration Paths
The QAT Engine supports two distinct acceleration paths that can be used independently or together for maximum flexibility.
QAT_HW: Hardware Acceleration
Uses dedicated Intel QuickAssist Technology hardware accelerators present in:- Intel Xeon Scalable Processors with C62X chipset
- Intel QAT 4xxx Series adapters
- Intel Atom C3000 and P5900 processors
- Asymmetric: RSA, DH, DSA, ECDH, ECDSA, X25519/X448, SM2
- Symmetric: AES-CBC-HMAC-SHA, AES-GCM, AES-CCM, ChaCha20-Poly1305, SM4-CBC
- Key Derivation: TLS PRF, HKDF
- Hashing: SHA3, SM3
QAT_SW: Software Acceleration
CPU-based acceleration using optimized instruction sets on 3rd Gen Intel Xeon Scalable Processors and newer:- Leverages AVX-512 and vector instructions
- Uses Intel Crypto Multi-buffer library
- Intel IPSec Multi-buffer library for AES-GCM
- Asymmetric: RSA (2048/3072/4096), ECDH (X25519, P-256, P-384, SM2), ECDSA (P-256, P-384, SM2)
- Symmetric: AES-GCM (128/192/256), SM4-CBC/GCM/CCM
- Hashing: SM3
Key Capabilities
Asynchronous Operations
Asynchronous Operations
Non-blocking asynchronous job handling allows applications to submit multiple crypto operations concurrently, maximizing throughput in multi-threaded environments. The engine supports OpenSSL’s async job infrastructure with configurable async_jobs parameters.
Pipelined Processing
Pipelined Processing
OpenSSL pipelining enables parallel processing of large data buffers by splitting them into smaller chunks. The QAT Engine supports up to 32 pipelines with 16KB per pipeline for chained cipher operations.
Software Fallback
Software Fallback
The heartbeat feature monitors QAT device health and automatically falls back to software implementations if hardware becomes unavailable, ensuring continuous operation even during device resets or failures.
OpenSSL 3.0 Provider
OpenSSL 3.0 Provider
Native provider interface support for OpenSSL 3.0 alongside the traditional engine interface, providing a modernized integration path for new applications.
FIPS 140-3 Ready
FIPS 140-3 Ready
Built with FIPS 140-3 Level-1 certification requirements including self-tests, integrity checks, and CMVP/CAVP compliance for regulated environments.
Multi-Crypto Library Support
Multi-Crypto Library Support
Works with OpenSSL, Tongsuo (BabaSSL), and BoringSSL, providing flexibility for different deployment scenarios and application requirements.
Use Cases
The QAT Engine is ideal for workloads that require high-throughput cryptographic operations:Web Servers
NGINX and Apache handling thousands of TLS connections per second
Load Balancers
HAProxy terminating SSL/TLS at scale
VPN Gateways
IPsec and SSL VPN concentrators
Content Delivery
CDN edge servers with HTTPS traffic
Performance Benefits
Hardware acceleration with QAT can deliver:- 10-100x throughput improvement for RSA operations
- 2-10x improvement for ECDH/ECDSA operations
- 2-5x improvement for AES-GCM bulk encryption
- Significantly reduced CPU utilization, freeing cycles for application logic
Actual performance gains depend on your specific workload, hardware configuration, algorithm choice, and async_jobs tuning. See the performance testing section for benchmarking guidance.
Next Steps
Quickstart
Get up and running with QAT Engine in minutes
Installation Guide
Detailed installation instructions for your platform
Core Concepts
Learn about QAT_HW and QAT_SW acceleration
API Reference
Explore the complete API documentation