Date: Wed, 19 Jul 2006 16:51:33 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-hackers@FreeBSD.ORG Subject: Re: VIA padlock performance Message-ID: <200607191451.k6JEpXYH052174@lurza.secnetix.de> In-Reply-To: <20060719163232.C38044@fw.reifenberger.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Reifenberger wrote: > On Wed, 19 Jul 2006, Oliver Fromme wrote: > ... > > You will also need "cryptodev" in addition to "crypto". > > "crypto" manages only in-kernel access to the cryptographic > > facilities (including hardware acceleration through the > > padlock driver), which is used by FAST_IPSEC, for example. > > "cryptodev" will enable access by userland applications > > (e.g. scp) and libraries (OpenSSL) through /dev/crypto. > > With OpenSSL you have two choices: > engine cryptodev : uses /dev/crypto > engine padlock : uses the xcrypt commands directly > > engine padlock should be the fastest of course. Is there any kind of locking (in hardware or software)? I mean, what happens if both padlock(4) and OpenSSL try to access the ACE engine directly? (If the answer is "don't do that", then it's probably better to use cryptodev with OpenSSL, even if it's a little less efficient.) Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "One of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs." -- Robert Firth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607191451.k6JEpXYH052174>