From owner-freebsd-security@FreeBSD.ORG Wed Oct 14 18:15:02 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F33BE1065676 for ; Wed, 14 Oct 2009 18:15:02 +0000 (UTC) (envelope-from case@sdf.lonestar.org) Received: from sdf.lonestar.org (ol.freeshell.org [192.94.73.20]) by mx1.freebsd.org (Postfix) with ESMTP id 27EE18FC1D for ; Wed, 14 Oct 2009 18:15:01 +0000 (UTC) Received: from sdf.lonestar.org (IDENT:case@otaku.freeshell.org [192.94.73.2]) by sdf.lonestar.org (8.14.3/8.14.3) with ESMTP id n9EI2aQX008907 for ; Wed, 14 Oct 2009 18:02:36 GMT Received: (from case@localhost) by sdf.lonestar.org (8.14.3/8.12.8/Submit) id n9EI2aj9001568; Wed, 14 Oct 2009 18:02:36 GMT Date: Wed, 14 Oct 2009 18:02:36 +0000 (UTC) From: John Case X-X-Sender: case@otaku.freeshell.org To: freebsd-security@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Mailman-Approved-At: Wed, 14 Oct 2009 18:24:43 +0000 Subject: FreeBSD equivalent to Sun crypto framework APIs (PKCS#11) (for hardware AES-CTR) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2009 18:15:03 -0000 There are a number of hardware solutions for performing AES-CTR in hardware - for example the broadcom BCM5825, which is supported by the ubsec driver. The problem is that OpenSSL does not currently support hardware acceleration of AES-CTR. The solution on a Sun system is to use the Sun crypto framework APIs (PKCS#11) which does support AES-CTR in hardware. Is there an analagous API in FreeBSD that I could implement in my code so as to use the hardware AES-CTR of devices supported by ubsec ? Or do I need to directly manipulate ubsec with my actual application in order to do this ?