>>> There are some fairly severe performance hits in engine support unless the >>> engine includes all the submodes as well. >>> That includes things you are just starting to play with now, like the >>> combined >>> AES+SHA1 on x86. >> ??? Here is output for 'speed -engine intel-accel -evp >> aes-128-cbc-hmac-sha1' for 1.0.0d, i.e. through engine. > > It depends what the engine is and how the device backing it works. If > anything has much latency -- extra trips through the interface can be > a killer. > > Engines using unprivileged instructions -- effectively, special software > engines -- are really just a few extra layers of function call indirection. > It's not surprising extra trips are cheap. But engines with real hardware, > even where evil hacks are used to map the hardware into userspace, don't > tolerate this well.
Argument is specifically about unprivileged instructions. Peter agues that engine should be avoided and I argue that additional [small till proven otherwise] overhead is reasonable price to pay for easier maintenance and faster adoption. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
