Re: Upgrading in-tree OpenSSL to 0.9.9-current

[christos%astron.com@localhost (Christos Zoulas)]

In article <20080310143812.GA8191%panix.com@localhost>,
Thor Lancelot Simon  <tls%rek.tjls.com@localhost> wrote:
>I am about to check in some rather large changes to the OpenSSL "cryptodev"
>engine (which we maintain locally in our tree) and to opencrypto itself to
>increase performance when there are many concurrent requests.
>
>It will be quite wasteful to do this with the current in-tree OpenSSL as
>engine performance is hamstrung by:
>
>       1) The fact that we build OpenSSL without threading support, and
>          the engine interface is blocking.
>
>       2) The lack of HMAC support in the 0.9.8 engine interface, which
>          results in every HMAC operation being decomposed into a series
>          of MAC operations, roughly halving HMAC performance and causing
>          MAC accelleration to be completely disabled in the engine.
>
>Unfortunately I can't get any good sense of when OpenSSL 0.9.9 will
>actually be released, but the head of the OpenSSL tree seems quite stable
>right now and I'd like to check it in and do my best to keep it up to date
>as it changes to become 0.9.9.  This will yield several other performance
>wins including an approximate doubling of RSA performance on a number of
>architectures (better than that with certain CPUs on i386, in fact) and
>many bugfixes to lesser-used but useful features such as DTLS.
>
>I figure, it's NetBSD-current, so including OpenSSL-current is not such a
>big deal.  And I will try to keep up to date as there are major changes
>in OpenSSL through 0.9.9 -- if in fact there are any.
>
>Opinions?

Go for it.

christos