Subject: Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
To: Jason Thorpe <thorpej@wasabisystems.com>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-crypto
Date: 11/19/2003 01:35:13
On Tue, Nov 18, 2003 at 04:27:48PM -0800, Jason Thorpe wrote:
> [ port-i386 and tech-kern trimmed, tech-userlevel on bcc, thread moved
> to tech-crypto ]
>
> On Nov 18, 2003, at 4:07 PM, Jonathan Stone wrote:
>
> >Below is the patch I posted to tech-crypto in August. I know Jason
> >has tried it; last call for feedback before I commit this, too...
> >Please send me an explicit cc: with any feedback.
>
> After thinking about this a little bit, I think I would like for the
> libcrypto stuff to only use /dev/crypto if acceleration hw is available
> for the requested algorithm.
>
> This is because using the kernel for the sw crypto is a neat little way
> for things like ssh to cause a kernel thread that will not be preempted
> to suck up a lot of CPU time. I'm not sure I like that very much.
>
> Is this pretty easy to handle in the OpenSSL "engine" support?
I've been looking at the OpenSSL /dev/crypto "engine". It is... not
entirely baked, from my point of view. I was intending to put some
work into cleaning it up over the course of the next week, actually,
but I am waiting for some crypto hardware to arrive here and at the
workplaces of others who could do some testing, so it may take a bit
longer than that.
If the engine interface were sane, which it's not, it'd be reasonable
to use a given engine only for certain algorithms. Mmmmm, OpenSSL.
No, calling engines from one another isn't very clean or easy either
AFAICT.
Thor