Re: communicating from the user space

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Montag, 23. Februar 2015, 09:36:22 schrieb sri sowj:

Hi sri,

> Hi Nikos,
> 
> Please can you let me know my understanding regarding openssl and
> crypto are correct?
> I have mentioned my understanding in my earlier posts,but let me
> mention it here again.
> 
> I want to interact with Crypto Hardware from user space using openssl
> like libraries based applications through cryptodev-linux interface.
> 
> it looks like openssl comes with cryptodev-linux support(through
> eng_cryptodev.c) .
> When I downloaded openssl,eng_cryptodev.c file is available by default.
> 
> below link refers about eng_cryptodev.c for openssl support :
> 
> http://repo.or.cz/w/cryptodev-linux.git/commitdiff/56cc4e3b8b761cb34f928f4ee
> e59755d1f0afc53
> 
> Note:looks like there are some additional changes done on
> eng_cryptodev.c file available in updated openssl source code.
> 
> There seems to be some changes/patches  also available recently for
> cryptodev-linux,below contains reference information.
> 
> http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
> 
> 
> Please let me know if my understanding is incorrect .
> 
> one more thing while compiling openssl with above mentioned changes I
> faced compilation issues in linux ,Please can you also let me know
> whether there are per-requisites like any dependent libraries or
> installing cryptodev-linux on host/target machine before compiling
> openssl etc?

Per default, you lack the kernel side support (there is no /dev/crypto) unless 
you patch your kernel. Thus, that cryptodev support in OpenSSL is not used on 
default kernels.
> 
> BR,
> Srisowj
> 
> 
> On Mon, Feb 23, 2015 at 2:56 AM, Nikos Mavrogiannopoulos
> 
> <nmav@xxxxxxxxxx> wrote:
> > On Sun, 2015-02-22 at 16:04 +0100, Stephan Mueller wrote:
> >> Am Sonntag, 22. Februar 2015, 18:32:34 schrieb sri sowj:
> >> 
> >> Hi sri,
> >> 
> >> > Hi Stephen,
> >> > 
> >> > It was a great information with respective PF_ALG , I have explored a
> >> > bit on openssl and algorithms prospect , Please let me know if
> >> > anything to add to it.
> >> > 
> >> > openssl crypto engine:
> >> > 
> >> > below are the steps to enable openssl to communicate using pf/af_alg.
> >> > 
> >> > #1:git clone http://src.carnivore.it/users/common/af_alg/
> >> 
> >> Yes, that is it. But it is not fully efficient as it does not use
> >> vmsplice
> >> where appropriate. So, libkcapi should be faster in several use cases.
> > 
> > When would vmsplice be appropriate? As far as I understand vmsplice adds
> > a cost on operations for small data, which is the majority of use cases
> > in crypto. In the measurements I did for cryptodev-linux [0] vmsplice
> > did improve performance only for more than 64k packets which is never
> > the case with real world crypto (TLS has a maximum of 14k for example).
> > 
> > regards,
> > Nikos
> > 
> > [0]. http://cryptodev-linux.org/comparison.html
> > 
> > 
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> > the body of a message to majordomo@xxxxxxxxxxxxxxx
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html


-- 
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux