Hi,
Linux kernel 2.6.38 introduced an API (AF_ALG) to access the kernel crypto API from userspace. Accessing the kernels crypto API from userspace allows making use of crypto hardware, which can't be accessed from userspace directly. Hardware accelerated cryptography as provided by VIA Padlock and Intel AES-NI can be accessed from userspace directly, so you do not need AF_ALG at all, but AMD Geode processors AES cryptography is - contrary to Padlock and AES-NI - not an instruction3) and therefore can't be accessed from userspace. I wrote a dynamic engine for openssl which allows making use of AF_ALG, code is available here: http://src.carnivore.it/users/common/af_alg/ The engine exports the kernels aes {128,192,256} cbc functions to openssl, extending it to export more ciphers or the kernels hashing functions available via AF_ALG is possible. The engine is not exactly a patch, as it is possible to compile dynamic engines outside of openssl, so Makefile adjustments would have to be made. Here are some numbers on the performance of the engine, the engine provides a speedup if the kernel can access crypto acceleration hardware, and will slow things down otherwise: http://carnivore.it/2011/04/23/openssl_-_af_alg If possible, please consider including the engine into openssl mainline, required license permissions are granted. MfG Markus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
