tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Upgrading in-tree OpenSSL to 0.9.9-current

In article <>,
Thor Lancelot Simon  <> wrote:
>I am about to check in some rather large changes to the OpenSSL "cryptodev"
>engine (which we maintain locally in our tree) and to opencrypto itself to
>increase performance when there are many concurrent requests.
>It will be quite wasteful to do this with the current in-tree OpenSSL as
>engine performance is hamstrung by:
>       1) The fact that we build OpenSSL without threading support, and
>          the engine interface is blocking.
>       2) The lack of HMAC support in the 0.9.8 engine interface, which
>          results in every HMAC operation being decomposed into a series
>          of MAC operations, roughly halving HMAC performance and causing
>          MAC accelleration to be completely disabled in the engine.
>Unfortunately I can't get any good sense of when OpenSSL 0.9.9 will
>actually be released, but the head of the OpenSSL tree seems quite stable
>right now and I'd like to check it in and do my best to keep it up to date
>as it changes to become 0.9.9.  This will yield several other performance
>wins including an approximate doubling of RSA performance on a number of
>architectures (better than that with certain CPUs on i386, in fact) and
>many bugfixes to lesser-used but useful features such as DTLS.
>I figure, it's NetBSD-current, so including OpenSSL-current is not such a
>big deal.  And I will try to keep up to date as there are major changes
>in OpenSSL through 0.9.9 -- if in fact there are any.

Go for it.


Home | Main Index | Thread Index | Old Index