HL: /dev/crypto engine

The /dev/crypto engine project

A project in the Highlander family

This is the bring hardware acceleration to OpenSSL with minimal userland overhead.   The idea is pretty simple.  We create an OpenSSL engine that performs ioctl operations to do crypto via /dev/crypto.

Currently the only way to acccess hardware crypto is via the pkcs11 engine, which operates uses PKCS#11 interfaces to libpkcs11.so.  For programs that do not need the key handling or other operations that PKCS#11 can provide, this should be a perfect alternative.  Removing the layers of userland overhead should bring down the data size where software crypto is quicker than hardware.

Items to investigate:

• Will a threshold be too high still to make the new engine not effective? A significant concern, perhaps some threading or other things can be done for multipart operations to make them more effective.  Need to investigate OpenSSL engine's more
• Should a configuration file be include to control which algorithms are use? kcf.conf can be used to limit this too, albeit a system wide setting
• Would that config file nead a threshold?  That might not be possible with operations in webservers being multipart and not atomic.