Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?

[Thor Lancelot Simon <tls%rek.tjls.com@localhost>]

On Tue, Nov 18, 2003 at 04:27:48PM -0800, Jason Thorpe wrote:
> [ port-i386 and tech-kern trimmed, tech-userlevel on bcc, thread moved 
> to tech-crypto ]
> 
> On Nov 18, 2003, at 4:07 PM, Jonathan Stone wrote:
> 
> >Below is the patch I posted to tech-crypto in August.  I know Jason
> >has tried it; last call for feedback before I commit this, too...
> >Please send me an explicit cc: with any feedback.
> 
> After thinking about this a little bit, I think I would like for the 
> libcrypto stuff to only use /dev/crypto if acceleration hw is available 
> for the requested algorithm.
> 
> This is because using the kernel for the sw crypto is a neat little way 
> for things like ssh to cause a kernel thread that will not be preempted 
> to suck up a lot of CPU time.  I'm not sure I like that very much.
> 
> Is this pretty easy to handle in the OpenSSL "engine" support?

I've been looking at the OpenSSL /dev/crypto "engine".  It is... not
entirely baked, from my point of view.  I was intending to put some
work into cleaning it up over the course of the next week, actually,
but I am waiting for some crypto hardware to arrive here and at the
workplaces of others who could do some testing, so it may take a bit
longer than that.

If the engine interface were sane, which it's not, it'd be reasonable
to use a given engine only for certain algorithms.  Mmmmm, OpenSSL.

No, calling engines from one another isn't very clean or easy either
AFAICT.

Thor