Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
kernel crypto API and ssl
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
D-LINC
Tux's lil' helper
Tux's lil' helper


Joined: 31 Jan 2011
Posts: 135
Location: Alaska

PostPosted: Tue Jan 24, 2012 6:29 am    Post subject: kernel crypto API and ssl Reply with quote

I was curious about something: the kernel crypto API. From what I was able to gather from Googling, I understand that certain subsystems of the kernel (like wireless) utilize the kernel crypto API, and they are also necessary when you want to do things like boot from an encrypted root. But do openssl/gnutls libraries also use this API, or do they just have their own user space implementations of all the ciphers?

I run a Web server and I like to pick my SSL cipher, key lengths, etc. to get the best security for the least amount of cpu cycles. So I was curious if building the kernel with a certain cipher gives some kind of performance boost to openssl/gnutls when using that cipher.
_________________
frigidcode.com
Back to top
View user's profile Send private message
roarinelk
Guru
Guru


Joined: 04 Mar 2004
Posts: 515

PostPosted: Tue Jan 24, 2012 8:40 am    Post subject: Reply with quote

until recently (3.2-ish IIRC) there was no way for userspace to interface with the kernel's
crypto system, so userspace always had its own implementations.

given a recent intel/amd cpu, at least using the kernel crypto system for aes should
give a small performance boost over pure software implementations.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum