------- Comment From <email address hidden> 2016-07-14 09:08 EDT-------
Hi,
that's right !
A workaround would be to configure the IBMCA engine into openssl (openssl.cnf).
However, as the Polyakov code directly make use of the CPACF instructions we will end up with about
50 % performance degradation compared to the 'longer' way through the libica API for small payloads.
For the asymmetric case, when no CEX5 cards are available, we will still have a factor ~4. You remember the 'bn_mult_add_words' improvements, right ?
------- Comment From <email address hidden> 2016-07-14 09:08 EDT-------
Hi,
that's right !
A workaround would be to configure the IBMCA engine into openssl (openssl.cnf).
However, as the Polyakov code directly make use of the CPACF instructions we will end up with about
50 % performance degradation compared to the 'longer' way through the libica API for small payloads.
For the asymmetric case, when no CEX5 cards are available, we will still have a factor ~4. You remember the 'bn_mult_add_words' improvements, right ?