Hi Geoff, Michael, I am working on a simple system. I have crypto driver at th freebsd kernel side, which will handle security acceleration hw. I want to expose this accelerator hw to openssl. Since, there will be one accelerator on the board, I decided not to provide engine component at the openssl side. With out engine parameter, when openssl issue dgst/enc commands, it will talk to opencrypto device at the kernel side, since there is only one crypto driver registered, every request comes to same crypto driver.
However, in openssl side, crypto/openssl/crypto/engine/hw_cryptodev.c, cryptodev_engine_digests() do nothing. cryptodev_usable_digests() returns NULL. It says, for all digests request it uses software. So, unlike ciphers request, digest requests are not send to kernel at all, they are handled by software and it has been decided by openssl lib. Thats why, I was not getting any digest request to cypto driver. Basically, kernel itself not getting the request. I feel, there could have been better way of handling this. There could have been a config params, which decide to send digest request to hw accelerators or handle by software. Anyway, if I support engine component, which will handle digest requests, then making use of engine parameter in openssl commands, one can still use the hw. But default behaviour of the openssl will not be able to use hw for the digests. I welcome your comments further. -Madhu. On Fri, Dec 12, 2008 at 11:27 PM, Geoff Thorpe <ge...@geoffthorpe.net>wrote: > On Friday 12 December 2008 01:07:04 Madhusudan Bhat wrote: > > Hi Geoff, > > > > I appreciate your reply. Currently, I dont have any engine supported > > at the openssl side. I have crypto driver at the kernel side, which > > registered with the kernel for the hashing and encryption algos. > > > > >From the openssl, when I issue "enc" or "dgst" commands, I dont give > > > > "engine" parameter. Basically, I dont set any engine. With my > > understanding, openssl will pass the command to kernel, kernel will > > search the first available registered crypto driver which is capable > > of handling requested operation and submit the request to that crypto > > driver. > > If no engine is set up, then openssl will use its own software > implementations to perform all crypto operations. If openssl is passing > anything to hardware via the kernel, that's because an engine has been > setup. You are probably using the cryptodev engine without realising it. > What is your platform, and what is your application? In particular, does > it call ENGINE_load_builtin_engines() at all? > > Cheers, > Geoff > > -- > Un terrien, c'est un singe avec des clefs de char... > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
