Jivin Thor Lancelot Simon lays it down ... > On Tue, Jun 30, 2009 at 12:56:38PM +1000, David McCullough wrote: > > > > Change the speed test to only test sizes up to 4096. Most cryptodev > > HW drivers fail with 8192 sized requests. 4K seems like a reasonable > > limit to test up to. > > No. This is a bug in whatever "cryptodev HW drivers" you are referring > to. If a driver can't handle a request which can be generated by the > SSL layer (or which is legal to be directly invoked by the OpenSSL API) > it needs to split that request accordingly, not blindly fail it. This > is true of OpenSSL engines in general. > > Since you say "cryptodev" perhaps you think this is a generic limitation > of /dev/crypto. But it's not. I _might_ not be averse to changing > the single engine for /dev/crypto to split requests to 4K, but it would > take some persuasion since that is not a documented limitation of the API > and many backend drivers DTRT. > > If you change the speed test this way, it won't even give any indication > that some hardware drivers don't work right.
Fair call, I agree FWIW. Currently the crptodev hifn and safenet drivers (IIRC) fail, and like you said, that should be fixed. Cheers, Davidm -- David McCullough, [email protected], Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
