From owner-freebsd-hackers@FreeBSD.ORG Wed Jul 19 14:51:41 2006 Return-Path: X-Original-To: freebsd-hackers@FreeBSD.ORG Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E24E316A4DD for ; Wed, 19 Jul 2006 14:51:41 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F01143D5E for ; Wed, 19 Jul 2006 14:51:40 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (tcfqps@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id k6JEpXHl052175 for ; Wed, 19 Jul 2006 16:51:39 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id k6JEpXYH052174; Wed, 19 Jul 2006 16:51:33 +0200 (CEST) (envelope-from olli) Date: Wed, 19 Jul 2006 16:51:33 +0200 (CEST) Message-Id: <200607191451.k6JEpXYH052174@lurza.secnetix.de> From: Oliver Fromme To: freebsd-hackers@FreeBSD.ORG In-Reply-To: <20060719163232.C38044@fw.reifenberger.com> X-Newsgroups: list.freebsd-hackers User-Agent: tin/1.8.0-20051224 ("Ronay") (UNIX) (FreeBSD/4.11-STABLE (i386)) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Wed, 19 Jul 2006 16:51:39 +0200 (CEST) X-Mailman-Approved-At: Wed, 19 Jul 2006 16:00:10 +0000 Cc: Subject: Re: VIA padlock performance X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-hackers@FreeBSD.ORG List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 14:51:42 -0000 Michael Reifenberger wrote: > On Wed, 19 Jul 2006, Oliver Fromme wrote: > ... > > You will also need "cryptodev" in addition to "crypto". > > "crypto" manages only in-kernel access to the cryptographic > > facilities (including hardware acceleration through the > > padlock driver), which is used by FAST_IPSEC, for example. > > "cryptodev" will enable access by userland applications > > (e.g. scp) and libraries (OpenSSL) through /dev/crypto. > > With OpenSSL you have two choices: > engine cryptodev : uses /dev/crypto > engine padlock : uses the xcrypt commands directly > > engine padlock should be the fastest of course. Is there any kind of locking (in hardware or software)? I mean, what happens if both padlock(4) and OpenSSL try to access the ACE engine directly? (If the answer is "don't do that", then it's probably better to use cryptodev with OpenSSL, even if it's a little less efficient.) Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "One of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs." -- Robert Firth