Re: patch to improve AES-NI performance

From: Dag-Erling Smørgrav <des_at_des.no>
Date: Fri, 23 Aug 2013 21:30:33 +0200
John-Mark Gurney <jmg_at_funkthat.com> writes:
> Mike Tancsa <mike_at_sentex.net> writes:
> > John-Mark Gurney <jmg_at_funkthat.com> writes:
> > > My patch would only effect userland applications that use /dev/crypto...
> > For me its ssh which I think does, no ?
> It looks like it uses OpenSSL for it's crypto, not /dev/crypto...

It uses OpenSSL engines, which use /dev/crypto.  This is why we had to
turn off sandbox mode - a CRIOGET ioctl fails because the sandbox code
sets RLIMIT_NOFILES to 0.

(trimming security_at_ from the cc: list as it's an alias for secteam_at_
which is not the appropriate venue for this discussion.)

DES
-- 
Dag-Erling Smørgrav - des_at_des.no
Received on Fri Aug 23 2013 - 17:31:12 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:40 UTC