SSL -> EVP functions [was: xlat lower/upper]
Alexander Clouter
alex at digriz.org.uk
Tue Sep 21 09:52:47 CEST 2010
Alan DeKok <aland at deployingradius.com> wrote:
>
>> Another patch that Alan will no doubt neglect, others might find it
>> useful though.
>
> Already in 2.1.10, via another patch. This functionality is having
> enough demand that it's worth doing.
>
The Little Tin God known as 'Efficiency' is displeased with your
patch...
*Two* if() statements and two additional pointers, -3 to wisdom. :)
Although I do now ponder why I bothered doing an 'upper' function in my
patch.
Now, if you could rewrite all your calls to the OpenSSL library code to
use EVP functions instead I would be able to use my crypto-accelerators,
then I say you are ready for a point release. On a serious note would
that be a case of me having to do this if I wanted it?
The reason I ask is that I have put FreeRADIUS on an OpenRD[1]
(replacing the old 600W Dull boxen we have with a £200 7W nicety) and
although regular non-EAP requests are fast I think the EAP ones are alot
more expensive CPU wise due to the SSL overhead. Of course I have not
profiled anything yet (do you have any profiling data supporting this or
do I need to generate my own?) so could be wrong. Anyway, as with most
ARM/MIPS SoC's they come with lots of goodies, including hardware
crypto.
I got OpenSSL using it which is nice, however I then discovered the hard
way that FreeRADIUS does not use the EVP functions in OpenSSL and so
offload engines cannot be used.
Would you accept a change like this, or would I be wasting my time
trying to submit this sort of thing?
Cheers
[1] http://www.marvell.com/platforms/open_rd.html
--
Alexander Clouter
.sigmonster says: Don't look back, the lemmings are gaining on you.
More information about the Freeradius-Devel
mailing list