Re: OpenSSL + opencrypto

To: Jonathan Stone <jonathan%DSG.Stanford.EDU@localhost>
Subject: Re: OpenSSL + opencrypto
From: Jason Thorpe <thorpej%wasabisystems.com@localhost>
Date: Wed, 27 Aug 2003 17:20:02 -0700


On Wednesday, August 27, 2003, at 05:07  PM, Jonathan Stone wrote:

NB: the kernel currently honours requests on /dev/crypto transforms
which end up being handled in software. That's a
performance-measurement hack: both FreeBSD and OpenBSD disallow
/dev/crypto access to software operations.  I'd planned to turn them
off just before the openssl libcrypto patches go in.

Seems like that should be a per-file descriptor policy tweak. I'd saydefault to "don't allow software transforms to service this fd", butadd an ioctl to enable it. My measurements clearly show that thein-kernel 3des-cbc is faster than the libcrypto one for large blocks!

(Though, "non-preemptable kernel time" vs. "preemptable user time" isone aspect of the issue to consider, I guess :-)


        -- Jason R. Thorpe <thorpej%wasabisystems.com@localhost>

Follow-Ups:
- Re: OpenSSL + opencrypto
  - From: Jun-ichiro itojun Hagino

References:
- Re: OpenSSL + opencrypto
  - From: Jonathan Stone

Prev by Date: Re: OpenSSL + opencrypto
Next by Date: Re: OpenSSL + opencrypto
Previous by Thread: Re: OpenSSL + opencrypto
Next by Thread: Re: OpenSSL + opencrypto
Indexes:

Home | Main Index | Thread Index | Old Index