VIA padlock performance

Oliver Fromme olli at
Wed Jul 19 14:51:42 UTC 2006

Michael Reifenberger wrote:
 > On Wed, 19 Jul 2006, Oliver Fromme wrote:
 > ...
 > > You will also need "cryptodev" in addition to "crypto".
 > > "crypto" manages only in-kernel access to the cryptographic
 > > facilities (including hardware acceleration through the
 > > padlock driver), which is used by FAST_IPSEC, for example.
 > > "cryptodev" will enable access by userland applications
 > > (e.g. scp) and libraries (OpenSSL) through /dev/crypto.
 > With OpenSSL you have two choices:
 > engine cryptodev : uses /dev/crypto
 > engine padlock : uses the xcrypt commands directly
 > engine padlock should be the fastest of course.

Is there any kind of locking (in hardware or software)?
I mean, what happens if both padlock(4) and OpenSSL try
to access the ACE engine directly?

(If the answer is "don't do that", then it's probably
better to use cryptodev with OpenSSL, even if it's a
little less efficient.)

Best regards

Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD:
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"One of the main causes of the fall of the Roman Empire was that,
lacking zero, they had no way to indicate successful termination
of their C programs."
        -- Robert Firth

More information about the freebsd-hackers mailing list