query - Openssl

This is a discussion on query - Openssl ; Hi, Can any one tell me 1) when I call SSL_write() in application then which layer/code actually does encryption of data? As per my understanding, SSL_write() calls write callback of SSL object. 2) If I've to add crypto accelerator support ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: query

  1. query

    Hi,
    Can any one tell me
    1) when I call SSL_write() in application then which layer/code
    actually does encryption of data?
    As per my understanding, SSL_write() calls write callback of SSL object.
    2) If I've to add crypto accelerator support in openssl for linux then which is better approach
    a) I directly write an engine
    b) I use engine written for OCF and I just write my module for OCF in kernel



    Thanks
    Regards
    Manish
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    Development Mailing List openssl-dev@openssl.org
    Automated List Manager majordomo@openssl.org


  2. Re: query

    > 2) If I've to add crypto accelerator support in openssl for linux then which is better approach
    > a) I directly write an engine
    > b) I use engine written for OCF and I just write my module for OCF in kernel


    From my limited experience with OCF I remember a _significant_
    performance penalty for each call, assumed because of the
    penalty for transferring data to/from kernel-land. The only
    time I saw a benefit was for the larger block sizes...

    Here is a post I made a while back, it has some performance
    statistics for OCF vs software on a Geode...
    http://busybox.net/lists/buildroot/2...st/004810.html

    Basically, if you can do it by writing a real OpenSSL engine, my guess
    is that it will probably be faster and a better course of action. That
    said, I haven't run any tests on hardware supported by both OCF and
    directly as an OpenSSL engine to provide any real knowledge there,
    perhaps someone else could better answer your question.

    -Brad
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    Development Mailing List openssl-dev@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread