The (un)encrypted data stream is already coming from the kernel ( socket read/write ) calls. So if everyting is in kernel space then you again save yourself from the overhead of context switch in reading/writing sockets ...
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rich Salz Sent: Wednesday, October 31, 2001 5:53 AM To: [EMAIL PROTECTED] Subject: Re: porting openssl to linux kernel > > The matter here is not to be more secure but definitely one can go faster. > > The guys who use hardware acceleration normally use device drivers which > > reside in kernel space. Now for every operation, the system has to take a > > context switch which could be expensive. But if openssl resides in kernel > > space then instead of calling a device driver it would be just another > > function call. Does it make sense now?? If you put the hardware crypto into the kernel, then you replace the crypto context switch -- which only transfers a small amount of data, typically an RSA-encrypted RC4 session key -- with a new context switch that transfers a LARGE amount of data, the (un)encrypted data stream. Performance would probably be MUCH WORSE. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]