OpenBSD.org: Cryptographic Hardware Support

OpenBSD starting with 2.7 supports some limited
cryptography hardware.

  • “IPSEC crypto dequeue
    Our IPSEC stack has been modified so that cryptographic functions
    get done out-of-line. Most simple software IPSEC stacks need to do
    cryptography when processing each packet. This results in
    syncronous performance. To use hardware properly and speedily one
    needs to seperate these two components, as we have done. Actually,
    doing this gains some performance even for the software case.”
  • “HiFn 7751
    Cards using the HiFn 7751 can be used as a cryptographic
    accelerator (ie. PowerCrypt). Current performance using a single
    Hifn 7751 on each end of a tunnel is 63Mbit/sec for 3DES/SHA1 ESP,
    nearly a 600% improvement over using a P3/550 cpu. Further
    improvements are under way to resolve a few more issues, but as of
    April 13, 2000 the code is considered stable. We wrote our own
    driver for supporting this chip, rather than using the
    (USA-written) powercrypt driver, as well our driver links in
    properly to the IPSEC stack.”