Date: Wed, 19 Jul 2006 13:47:25 -0500 (CDT) From: "Jesse Ahrens" <jahrens@centtech.com> To: freebsd-hackers@freebsd.org Subject: Re: VIA padlock performance Message-ID: <3714.70.52.116.83.1153334845.squirrel@70.52.116.83> In-Reply-To: <200607191451.k6JEpXYH052174@lurza.secnetix.de> References: <20060719163232.C38044@fw.reifenberger.com> <200607191451.k6JEpXYH052174@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
There's no locking in the hardware, all the xcrypt commands are ring3 accessible. Shouldn't be an issue to use either. > Michael Reifenberger wrote: > > On Wed, 19 Jul 2006, Oliver Fromme wrote: > > ... > > > You will also need "cryptodev" in addition to "crypto". > > > "crypto" manages only in-kernel access to the cryptographic > > > facilities (including hardware acceleration through the > > > padlock driver), which is used by FAST_IPSEC, for example. > > > "cryptodev" will enable access by userland applications > > > (e.g. scp) and libraries (OpenSSL) through /dev/crypto. > > > > With OpenSSL you have two choices: > > engine cryptodev : uses /dev/crypto > > engine padlock : uses the xcrypt commands directly > > > > engine padlock should be the fastest of course. > > Is there any kind of locking (in hardware or software)? > I mean, what happens if both padlock(4) and OpenSSL try > to access the ACE engine directly? > > (If the answer is "don't do that", then it's probably > better to use cryptodev with OpenSSL, even if it's a > little less efficient.) > > Best regards > Oliver > > -- > Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing > Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd > Any opinions expressed in this message may be personal to the author > and may not necessarily reflect the opinions of secnetix in any way. > > "One of the main causes of the fall of the Roman Empire was that, > lacking zero, they had no way to indicate successful termination > of their C programs." > -- Robert Firth > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3714.70.52.116.83.1153334845.squirrel>