FreeBSD equivalent to Sun crypto framework APIs (PKCS#11) (for hardware AES-CTR)

John Case case at
Fri Oct 16 02:26:47 UTC 2009

> There are a number of hardware solutions for performing AES-CTR in
> hardware - for example the broadcom BCM5825, which is supported by
> the ubsec driver.
> The problem is that OpenSSL does not currently support hardware
> acceleration of AES-CTR.  The solution on a Sun system is to use the
> Sun crypto framework APIs (PKCS#11) which does support AES-CTR in
> hardware.
> Is there an analagous API in FreeBSD that I could implement in my
> code so as to use the hardware AES-CTR of devices supported by ubsec ?

> Aside from  crypto(3) (OpenSSL), there's also crypto(9) (kernel) and
> crypto(4) (userland), but they don't appear to support CTR - just CBC.


How difficult or trivial would it be to add AES-CTR to either crypto(9) or 
crypto(4) ?

Are those just derived from OpenSSL in some way anyway ?  If not, who is 
responsible for this kind of work ?

More information about the freebsd-security mailing list