tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /dev/crypto missing

On Tue, Jul 28, 2020 at 01:35:53AM +0000, Taylor R Campbell wrote:
> /dev/crypto is totally obsolete as it exists today.  Really the only
> reason it continues to exist is to test opencrypto drivers from
> userland before using them in the kernel.

This is not really the case.  The OpenSSL project has *finally* made
the changes to their core TLS state machine required to take advantage
of asynchronous crypto via device driver in a performant way.  It would
now be possible, with a better /dev/crypto ENGINE in OpenSSL, to actually
get a pretty good performance bump from hardware accelleration on a number
of platforms.

Unfortunately, roughly contemporaneously with so doing, they also managed to
rewrite their own /dev/crypto engine to a weird variant Linux /dev/crypto
API, ignoring the significant enhancements we added in NetBSD about 15
years ago (multiple request submission/retrieval and asynchronous
operation).  This is particularly frustrating to me since, back then, we
(Coyote Point and NBMK) sent them patches for both parts of the puzzle... 

Anyhow, it's no longer the case that OpenSSL structurally _couldn't_ use
/dev/crypto efficiently.  But it'd take a second rewrite on their new
devvcrypto ENGINE to make it do so.

 Thor Lancelot Simon	                           
  "Whether or not there's hope for change is not the question.  If you
   want to be a free person, you don't stand up for human rights because
   it will work, but because it is right."	--Andrei Sakharov

Home | Main Index | Thread Index | Old Index