Hi,
I run trough mailing list archives back to "ancient times" and from time
to time there is a noise about the lack of cryptoapi userspace
interface. There were just wining ( like me :D ), there were some
attempts to do something reasonable/usable - but nothing reached
mainline kernel...
I am not good at C or C++, so I will limit my contribution to some
observations/ideas:
* in user space, openssl is the defacto cryptography provider. it even
supports some hardware accelerators.
* the biggest desire for cryptoapi userspace interface comes from corner
cases there kernel supports hardware acceleration, while openssl does
not (like geode aes engine).
* for this interface to achieve reasonable adoption (succeed),
it must be exposed to openssl (aka some sort of openssl engine)
* there were attempts to port cryptodev, but filed due some gurus don't
like the interface or the implementation or both.
* despite cryptodev is far from ideal interface - it already has support
in openssl.
* unless there are willing ones to code on both (kernel and openssl),
why not to properly implement cryptodev, mark it as highly experimental
and add a fat warning what it will be tiered apart once someone comes
with something better?
* I beleve, there will be more willing ones to create proper interface
once there is actual user base instead of targeted one :)
---
teaser: I dream about cheap stock vga card acting as cryptography
accelerator to feed 10G ethernet links at no cost :D
---
ArturasK.