[dpdk-dev] OpenSSL Cryptodev PMD and openssl engine

Aravamudan Srivathsan Srivathsan.Aravamudan at technicolor.com
Thu Apr 27 03:20:14 CEST 2017

Hi Fiona,

Thank you for the reply.

I have a crypto device that is connected to PCI. It can do standard crypto operations like AES, DES, and so on.

I have openssl engine (a plugin) for this.

Our environment is

We have DPDK application for routing, forwarding, IPSec etc. (All routing and tunnelling)

We also have IoT application which would like to use the Openssl for doing some crypto operations.

My intention is

1. To use the existing openssl infrastructure (without writing the crypto PMD) to use the hardware acclearation.

2. Share the same device not only for doing the IPsec but also for doing crypto operations outside the DPDK EAL.

Yes the OpenSSL will have extra layer and do a copy of buffer, but the crypto operations will still happen in the driver.

Let me know if i make sense.


From: Trahe, Fiona <fiona.trahe at intel.com>
Sent: Wednesday, April 26, 2017 9:52 PM
To: Aravamudan Srivathsan; dev at dpdk.org
Cc: Trahe, Fiona; Doherty, Declan
Subject: RE: OpenSSL Cryptodev PMD and openssl engine

** WARNING: This mail is from an external source **

Hi Srivathsan,

> -----Original Message-----
> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Aravamudan
> Srivathsan
> Sent: Wednesday, April 26, 2017 8:49 AM
> To: dev at dpdk.org
> Subject: [dpdk-dev] OpenSSL Cryptodev PMD and openssl engine
> Hi All,
> We have a openssl engine available. Is it possible to use the openssl Crypto
> PMD to do the hardware offloading? I am trying to see if i can avoid writing
> the cryptopmd also to reuse the use of the device shared between the DPDK
> and other process.
> Thank you
> Srivathsan

It might be possible to plug your openssl engine in below the openssl PMD,
but you would lose the advantage of offloading bursts to the hardware and
would add an extra translation layer on the data path so it
would likely not be a performant solution.
Can you clarify a little how you want to share the device? i.e.
is the other process using the device directly with openssl and is the DPDK process
for IPSec or is this also for ssl?

More information about the dev mailing list