On 09/07/2011 12:46 AM, Andy Polyakov wrote: > As for SHA. It was shown that there is a way to use SHA even on > pre-Nano, see > http://www.mail-archive.com/openssl-dev@openssl.org/msg21787.html. > Challenge is to make it multi-thread safe. It would take allocation of > dynamic lock and serializing access to "crash page" allocated at engine > load.
No, there's more problem on using the "crash page" than benefit. I've had the "crash page" patch on production system, and couple of situation it broke things. There's also additional overhead in copying the data to the specifically crafted memory area, and it causes this kludge to be not as beneficial. I also believe the "crash page" approach was disapproved previously for main line use. I had the patch set that allows using accelerated SHA when the ONESHOT flag is set in the context. I have also patch to update HMAC code to use the ONESHOT flag accordingly. I'd rather see the ONESHOT patchset + non-Nano patches that enable acceleration for the ONESHOT mode only. It works in most of the cases giving acceleration, and there's no drawbacks. - Timo ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
