Re: OpenSSL + opencrypto

To: thorpej%wasabisystems.com@localhost
Subject: Re: OpenSSL + opencrypto
From: itojun%itojun.org@localhost (Jun-ichiro itojun Hagino)
Date: Thu, 28 Aug 2003 10:54:20 +0900 (JST)

> > NB: the kernel currently honours requests on /dev/crypto transforms
> > which end up being handled in software. That's a
> > performance-measurement hack: both FreeBSD and OpenBSD disallow
> > /dev/crypto access to software operations.  I'd planned to turn them
> > off just before the openssl libcrypto patches go in.
> 
> Seems like that should be a per-file descriptor policy tweak.  I'd say 
> default to "don't allow software transforms to service this fd", but 
> add an ioctl to enable it.  My measurements clearly show that the 
> in-kernel 3des-cbc is faster than the libcrypto one for large blocks!
> 
> (Though, "non-preemptable kernel time" vs. "preemptable user time" is 
> one aspect of the issue to consider, I guess :-)

        are there any possible negative impact due to non-preemptiveness of
        software-based /dev/crypto operation?  such as unfairness in scheduling,
        or whatever.  especially public key crypto (D-H/RSA) operation could
        take a long time...

itojun

Follow-Ups:
- Re: OpenSSL + opencrypto
  - From: Jason Thorpe

References:
- Re: OpenSSL + opencrypto
  - From: Jason Thorpe

Prev by Date: Re: OpenSSL + opencrypto
Next by Date: Re: OpenSSL + opencrypto
Previous by Thread: Re: OpenSSL + opencrypto
Next by Thread: Re: OpenSSL + opencrypto
Indexes:

Home | Main Index | Thread Index | Old Index