Re: [Ocf-linux-users] A quick question about cryptodev openssl engine.
Brought to you by:
david-m
Menu
▾
▴
Re: [Ocf-linux-users] A quick question about cryptodev openssl engine.
|
From: Liu H. <onl...@gm...> - 2011-07-31 07:50:56
|
Hi David, Got it, thanks for your opinion. Much appreciated! Hui 2011/7/30 David McCullough <dav...@mc...> > > Jivin Liu Hui lays it down ... > > Hi David and all. > > > > I take a loot at the source code of cryptodev openssl engine and have one > question. > > > > OCF-Linux has a good framework for IPSEC combination request, > > for example, if 3des+sha1 comes, ocf-driver can handle them in one > operation. > > So some hardware which support combination request, this is very > convenient because they don't have to do the request for two times. And it > also save a lot time for memory copy. > > > > But openssl engine mechanism seems to can't handle combination request, > they only can pass > > crypt and hash request separately to the cryptodev. So, driver and > hardware have to operate twice instead of one. > > > > Is this a restrict of OPENSSL engine mechanism? If so, the cryptodev > engine have to follow this restrict. Am I right? > > This is a restiction of how the openssl engine is implemented. > I believe cryptodev will allow conbinations just like the kernel, you can > try it by modifying cryptotest and see. > > > And I don't understand, why the famous OPENSSL doesn't consider the > combination request in its engine mechanism? This is very important for > performance. > > You will notice that by default openssl doesn't even do hashes, you need > to > enable it specifically with a config option. > > You are right though, if you wanted to do both cipher and hash, then > having cryptodev do both at the same time would be great. I am not sure > the > openssl internals are geared up for that though. > > If you can figure it out then I am sure the openssl devs would be happy to > take a patch. > > If, however, you just want to do cipher+hash in another program, then > just > go ahead and do it using cryptodev directly. if you hit any issues I'll be > glad to fix them or sort it out. > > Cheers, > Davidm > > -- > David McCullough, dav...@mc..., Ph:+61 734352815 > McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org > -- Thanks & Best Regards Liu Hui -- |
