[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Upgrading in-tree OpenSSL to 0.9.9-current
In article <20080310143812.GA8191%panix.com@localhost>,
Thor Lancelot Simon <tls%rek.tjls.com@localhost> wrote:
>I am about to check in some rather large changes to the OpenSSL "cryptodev"
>engine (which we maintain locally in our tree) and to opencrypto itself to
>increase performance when there are many concurrent requests.
>It will be quite wasteful to do this with the current in-tree OpenSSL as
>engine performance is hamstrung by:
> 1) The fact that we build OpenSSL without threading support, and
> the engine interface is blocking.
> 2) The lack of HMAC support in the 0.9.8 engine interface, which
> results in every HMAC operation being decomposed into a series
> of MAC operations, roughly halving HMAC performance and causing
> MAC accelleration to be completely disabled in the engine.
>Unfortunately I can't get any good sense of when OpenSSL 0.9.9 will
>actually be released, but the head of the OpenSSL tree seems quite stable
>right now and I'd like to check it in and do my best to keep it up to date
>as it changes to become 0.9.9. This will yield several other performance
>wins including an approximate doubling of RSA performance on a number of
>architectures (better than that with certain CPUs on i386, in fact) and
>many bugfixes to lesser-used but useful features such as DTLS.
>I figure, it's NetBSD-current, so including OpenSSL-current is not such a
>big deal. And I will try to keep up to date as there are major changes
>in OpenSSL through 0.9.9 -- if in fact there are any.
Go for it.
Main Index |
Thread Index |