From owner-freebsd-hackers@FreeBSD.ORG Wed Jul 19 18:47:29 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46D8516A4DF for ; Wed, 19 Jul 2006 18:47:29 +0000 (UTC) (envelope-from jahrens@centtech.com) Received: from mh2.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4085E43D6E for ; Wed, 19 Jul 2006 18:47:26 +0000 (GMT) (envelope-from jahrens@centtech.com) Received: from moat.centtech.com (mailbox.centtech.com [10.20.0.15]) by mh2.centtech.com (8.13.1/8.13.1) with ESMTP id k6JIlPFn001483 for ; Wed, 19 Jul 2006 13:47:25 -0500 (CDT) (envelope-from jahrens@centtech.com) Received: from 70.52.116.83 (SquirrelMail authenticated user jahrens); by otter.centtech.com with HTTP; Wed, 19 Jul 2006 13:47:25 -0500 (CDT) Message-ID: <3714.70.52.116.83.1153334845.squirrel@70.52.116.83> In-Reply-To: <200607191451.k6JEpXYH052174@lurza.secnetix.de> References: <20060719163232.C38044@fw.reifenberger.com> <200607191451.k6JEpXYH052174@lurza.secnetix.de> Date: Wed, 19 Jul 2006 13:47:25 -0500 (CDT) From: "Jesse Ahrens" To: freebsd-hackers@freebsd.org User-Agent: SquirrelMail/1.5.0 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal X-Virus-Scanned: ClamAV 0.87.1/1609/Wed Jul 19 07:13:27 2006 on mh2.centtech.com X-Virus-Status: Clean Subject: Re: VIA padlock performance X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jahrens@centtech.com List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 18:47:29 -0000 There's no locking in the hardware, all the xcrypt commands are ring3 accessible. Shouldn't be an issue to use either. > Michael Reifenberger wrote: > > On Wed, 19 Jul 2006, Oliver Fromme wrote: > > ... > > > You will also need "cryptodev" in addition to "crypto". > > > "crypto" manages only in-kernel access to the cryptographic > > > facilities (including hardware acceleration through the > > > padlock driver), which is used by FAST_IPSEC, for example. > > > "cryptodev" will enable access by userland applications > > > (e.g. scp) and libraries (OpenSSL) through /dev/crypto. > > > > With OpenSSL you have two choices: > > engine cryptodev : uses /dev/crypto > > engine padlock : uses the xcrypt commands directly > > > > engine padlock should be the fastest of course. > > Is there any kind of locking (in hardware or software)? > I mean, what happens if both padlock(4) and OpenSSL try > to access the ACE engine directly? > > (If the answer is "don't do that", then it's probably > better to use cryptodev with OpenSSL, even if it's a > little less efficient.) > > Best regards > Oliver > > -- > Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing > Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd > Any opinions expressed in this message may be personal to the author > and may not necessarily reflect the opinions of secnetix in any way. > > "One of the main causes of the fall of the Roman Empire was that, > lacking zero, they had no way to indicate successful termination > of their C programs." > -- Robert Firth > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >