Check out the new USENIX Web site. next up previous
Next: Minimize number user/kernel crossings Up: Other Optimizations and Future Previous: Asymmetric Multiprocessing (AMP) support.

OpenSSL support algorithm-chaining with OCF.

As we mentioned in Section 4.2, TLS and SSH use the OCF at the granularity of the algorithm. That is, if both an encryption and a message authentication (MAC) algorithm have to be applied on an outgoing message, there will be two distinct calls to the OCF via /dev/crypto. (The same situation holds for incoming messages.) Since the OCF supports algorithm chaining, there is no reason why OpenSSL cannot take advantage of this to reduce the number of user/kernel crossings. This requires modification of the TLS implementation in OpenSSL and of OpenSSH, to support this algorithm chaining. While this is purely an implementation matter, the complexity of the OpenSSL code is a significant deterrent to progress in this direction.



Angelos D. Keromytis
3/25/2003