Jivin Ronen Shitrit lays it down ...
> Hi
>
> Beside, is there any special reason why the OpenSSL OCF engine is not
> supporting Authentication??
In what context ? It is being used for AH and ESP/AH processing
in OpenSwan. But this is in kernel space.
If you are talking about using MD5/SHA through the cryptodev interface,
Here is a comment in the SSL code:
/*
* XXXX just disable all digests for now, because it sucks.
* we need a better way to decide this - i.e. I may not
* want digests on slow cards like hifn on fast machines,
* but might want them on slow or loaded machines, etc.
* will also want them when using crypto cards that don't
* suck moose gonads - would be nice to be able to decide something
* as reasonable default without having hackery that's card dependent.
* of course, the default should probably be just do everything,
* with perhaps a sysctl to turn algoritms off (or have them off
* by default) on cards that generally suck like the hifn.
*/
So that probably summs it up. I have done some tests on hashes and
PK operations, and generally the host CPU is better or on par with
passing it on to the kernel.
To get the hashes running from openssl still requires some code to be
complete IIRC,
Cheers,
Davidm
--
David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com
-
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
