CPU Software Engine

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

CPU Software Engine

Costas Stasimos
Hello!

I'm currently using the cryptodev framework-engine with openssl-1.0.1e.

By run the command

# openssl engine -t
(cryptodev) cryptodev engine
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]

we can see that the cryptodev is the active-chosen engine.

So it seems that all the cryptographic load is directed automatically to /dev/crypto via the cryptodev engine.

My question is, how i can use the CPU instead of cryptodev, or with other words how i can disable the cryptodev from application level?

Is there an engine id-name in order to change the activated cryptodev engine and send the execution to the Software-CPU?

Thanks in advance!
Reply | Threaded
Open this post in threaded view
|

Re: CPU Software Engine

Jan Just Keijser-2
Hi Costas,

Costas Stasimos wrote:
Hello!

I'm currently using the cryptodev framework-engine with openssl-1.0.1e.

By run the command

# openssl engine -t
(cryptodev) cryptodev engine
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]

we can see that the cryptodev is the active-chosen engine.

So it seems that all the cryptographic load is directed automatically to /dev/crypto via the cryptodev engine.

My question is, how i can use the CPU instead of cryptodev, or with other words how i can disable the cryptodev from application level?

Is there an engine id-name in order to change the activated cryptodev engine and send the execution to the Software-CPU?

AFAIK the cryptodev engine won't be used unless you actually specify it on the command line, e.g.
  openssl speed -engine cryptodev -evp ....
etc.

HTH,

JJK


Reply | Threaded
Open this post in threaded view
|

Re: CPU Software Engine

Costas Stasimos
Hi Jan

By applying the cryptodev patch in openssl, all the applications that use openssl (postfix, tomcat etc) are automatically executed at hardware.

As far as it concerns the openssl speed, we can avoid the hardware acceleration by using the evp parameter.

My wonder is how we can avoid the hardware acceleration from application side?

Is there an engine name that we can use to run the application at software?

thanks


2013/3/22 Jan Just Keijser <[hidden email]>
Hi Costas,


Costas Stasimos wrote:
Hello!

I'm currently using the cryptodev framework-engine with openssl-1.0.1e.

By run the command

# openssl engine -t
(cryptodev) cryptodev engine
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]

we can see that the cryptodev is the active-chosen engine.

So it seems that all the cryptographic load is directed automatically to /dev/crypto via the cryptodev engine.

My question is, how i can use the CPU instead of cryptodev, or with other words how i can disable the cryptodev from application level?

Is there an engine id-name in order to change the activated cryptodev engine and send the execution to the Software-CPU?

AFAIK the cryptodev engine won't be used unless you actually specify it on the command line, e.g.
  openssl speed -engine cryptodev -evp ....
etc.

HTH,

JJK



Reply | Threaded
Open this post in threaded view
|

Re: CPU Software Engine

Jan Just Keijser-2
Hi,

Costas Stasimos wrote:
Hi Jan

By applying the cryptodev patch in openssl, all the applications that use openssl (postfix, tomcat etc) are automatically executed at hardware.

As far as it concerns the openssl speed, we can avoid the hardware acceleration by using the evp parameter.

My wonder is how we can avoid the hardware acceleration from application side?

Is there an engine name that we can use to run the application at software?

the fact that 'openssl engine -t' shows an engine as "available" does not mean that it is automagically *used*; on my openssl 1.0.1e build I see 'rsax' and 'gost' as available engines but I am quite certain that they are not used unless I specify them on the command line OR if I load them in my code using something like

  ENGINE_load_builtin_engines();


HTH,

JJK



2013/3/22 Jan Just Keijser <[hidden email]>
Hi Costas,


Costas Stasimos wrote:
Hello!

I'm currently using the cryptodev framework-engine with openssl-1.0.1e.

By run the command

# openssl engine -t
(cryptodev) cryptodev engine
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]

we can see that the cryptodev is the active-chosen engine.

So it seems that all the cryptographic load is directed automatically to /dev/crypto via the cryptodev engine.

My question is, how i can use the CPU instead of cryptodev, or with other words how i can disable the cryptodev from application level?

Is there an engine id-name in order to change the activated cryptodev engine and send the execution to the Software-CPU?

AFAIK the cryptodev engine won't be used unless you actually specify it on the command line, e.g.
  openssl speed -engine cryptodev -evp ....
etc.