Menu
I compiled OpenSSL with cryptodev support (i.e. hardware acceleration), but unfortunately the default engine is still software.
time openssl speed -evp aes-128-cbc -engine cryptodev
yields the "right" number, but ProFTP (which also uses OpenSSL) does not show any performance gain when used (FTP Secure, FTPS, however you call it).
The engine has support for AES-128, AES-192, RC4, SHA-1, DES, Triple-DES and a few others.
My /etc/ssl/openssl.cnf looks like this:
#...
# a lot of generic stuff...
#...
[engine_section]
cryptodev = cryptodev_section
[cryptodev_section]
default_algorithms = ALL
I looked into the code, but they do nasty things with defines, redefines, undefines, combined with prototypes which makes tracing a pain...
If the above is correct, what routine gets called to initialize the engines when the user creates CTX_SSL or similar?
220
According to OpenSSL's config(5): "The command default_algorithms sets the default algorithms an ENGINE will supply using the functions ENGINE_set_default_string()". I don't believe "ALL" is a valid engine. You might try specifying the engine_id to default_algorithms.
If you are doing this in source code, try calling:
ENGINE_load_builtin_engines();
followed by
ENGINE_register_all_complete();
If you have an ENGINE*, then you can do something like:
ENGINE* eng = ENGINE_by_id("XXX");
ENGINE_set_default(eng, ENGINE_METHOD_ALL);
OpenSSL_add_all_algorithms();
I'm not aware of any good documentation on the subject, but I have not checked Viega, Massier, and Chandra's book. A few of us were discussing it on an OpenSSL wiki talk page for Libcrypto API.
141
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
