On Tue, Jul 28, 2020 at 01:35:53AM +0000, Taylor R Campbell wrote: > > /dev/crypto is totally obsolete as it exists today. Really the only > reason it continues to exist is to test opencrypto drivers from > userland before using them in the kernel.
This is not really the case. The OpenSSL project has *finally* made the changes to their core TLS state machine required to take advantage of asynchronous crypto via device driver in a performant way. It would now be possible, with a better /dev/crypto ENGINE in OpenSSL, to actually get a pretty good performance bump from hardware accelleration on a number of platforms. Unfortunately, roughly contemporaneously with so doing, they also managed to rewrite their own /dev/crypto engine to a weird variant Linux /dev/crypto API, ignoring the significant enhancements we added in NetBSD about 15 years ago (multiple request submission/retrieval and asynchronous operation). This is particularly frustrating to me since, back then, we (Coyote Point and NBMK) sent them patches for both parts of the puzzle... Anyhow, it's no longer the case that OpenSSL structurally _couldn't_ use /dev/crypto efficiently. But it'd take a second rewrite on their new devvcrypto ENGINE to make it do so. -- Thor Lancelot Simon [email protected] "Whether or not there's hope for change is not the question. If you want to be a free person, you don't stand up for human rights because it will work, but because it is right." --Andrei Sakharov
