[Dovecot] Solaris hardware crypto engines

Stan Hoeppner stan at hardwarefreak.com
Mon Apr 18 22:53:13 EEST 2011


Martin Preen put forth on 4/18/2011 5:30 AM:
> Hello,
> I tried to find out how about to use the hardware crypto engines under
> Solaris (Sun Fire T2000). It seems, that its not just a compilation issue:
> 
>> For operations that are to be offloaded, it is necessary to restrict
>> use to subset
>> of OpenSSL functions (the EVP_ functions) and explicitly indicate the
> use of the PKCS11
>> engine; something like the following works for bulk ciphers (the
> process for RSA is similar):
>>
>> ENGINE *e;
>> ENGINE_load_builtin_engines();
>> e = ENGINE_by_id("pkcs11");
>> ENGINE_set_default_ciphers(e);
>> EVP_CIPHER_CTX_init (&ctx);
>> EVP_EncryptInit (&ctx, EVP_des_cbc (), key, iv);
>> EVP_EncryptUpdate (.....);
> 
> Since I'm not familiar with SSL programming, I wonder if it's possible to
> modify the dovecot 1.2.x source code. Maybe someone has already tried this
> or can give me hint.

I would think that this would be handled transparently at the system
library level.  Doesn't SUN ship a set of replacement Solaris crypto
libraries which make use the hardware engine in the CPU instead of the
normal software routines?

-- 
Stan


More information about the dovecot mailing list