Jason Burrell wrote: > > NSS supports PKCS#11 which most hardware crypto accelerators > (including > > things like smartcards and offloading coprocessors) use. As far as I > > know, the only OpenSSL PKCS#11 library is external to it, from the > > OpenSC people. > > Hmm... Are the relevant kernel drivers and interfaces in place for > PKCS#11 for any of the crypto offload engines discussed (Kirkwood, > Tegra, Freescale)? Can somebody point me at the relevant interface docs? > > > Generally, the CPU-based "crypto" hardware is actually just a few > acceleration functions, so you don't usually access it through PKCS#11. > I know NSS supports the Intel AES instructions directly (not via > PKCS#11), so it should be possible to add others as well.
Accelerating instructions are something for the compilers and assemblers to deal with. I was specifically talking about asynchronous offload engines that ARM SoCs often to have. > So are you saying that the number of organizations that _don't_ use > OpenSSH, OpenLDAP, mod_ssl, etc. is greater than those that do (limiting > the field here to those that use some unix-like OS)? That would surprise > me if it really is the case. > > > I don't have figures as to the number of deployments of any of those > tools, but only OpenSSH is listed as not yet supporting NSS anyway. > > I do think there are many deployments of OpenSSL that aren't following > its license's advertising requirements. As you stated, OpenSSH is used > pretty much everywhere, but I don't even remember the last time I saw a > statement saying a product included software from OpenSSL, except in > hidden about boxes, which isn't what a clear reading for the Four-clause > BSD license states. Just out of interest, have OpenSSL maintainers complained at having just about every distribution on the planet break their licencing terms? Gordan _______________________________________________ arm mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/arm
