Re: [Ocf-linux-users] A quick question about cryptodev openssl engine.

[David M. <dav...@mc...>]

Jivin Liu Hui lays it down ...
> Hi David and all.
> 
> I take a loot at the source code of cryptodev openssl engine and have one question.
> 
> OCF-Linux has a good framework for IPSEC combination request,
> for example, if 3des+sha1 comes, ocf-driver can handle them in one operation.
> So some hardware which support combination request, this is very convenient because they don't have to do the request for two times. And it also save a lot time for memory copy.
> 
> But openssl engine mechanism seems to can't handle combination request, they only can pass
> crypt and hash request separately to the cryptodev.  So,  driver and hardware have to operate twice instead of one.
> 
> Is this a restrict of OPENSSL engine mechanism? If so, the cryptodev engine have to follow this restrict. Am I right?

This is a restiction of how the openssl engine is implemented.
I believe cryptodev will allow conbinations just like the kernel, you can
try it by modifying cryptotest and see.

> And I don't understand, why the famous OPENSSL doesn't consider the combination request in its engine mechanism? This is very important for performance.

You will notice that by default openssl doesn't even do hashes,  you need to
enable it specifically with a config option.

You are right though,  if you wanted to do both cipher and hash,  then
having cryptodev do both at the same time would be great.  I am not sure the
openssl internals are geared up for that though.

If you can figure it out then I am sure the openssl devs would be happy to
take a patch.

If, however,  you just want to do cipher+hash in another program,  then just
go ahead and do it using cryptodev directly.  if you hit any issues I'll be
glad to fix them or sort it out.

Cheers,
Davidm

-- 
David McCullough,      dav...@mc...,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org