The wolfSSL team are adding two new enhancements to our FreeBSD kernel module (bsdkm) that will make cryptography in the kernel faster and more secure:
- FIPS 140-3 in the kernel:
PR #9590 introduced support for wolfCrypt FIPS in our FreeBSD kernel module. This provides a simple recipe for FIPS-certified crypto in FreeBSD kernel space. - x86 crypto acceleration:
PR #9714 adds support for AES-NI and AVX to bsdkm (accelerating symmetric cipher and hash operations), in addition to Single Precision Math Assembly (–enable-sp-asm) to speed up asymmetric ops. This PR also includes preliminary support to register wolfcrypt with the opencrypto framework.
The acceleration from AES-NI and AVX combined is substantial, reducing time and cycles per byte by 10-20x depending on mode and operation.
If you’re interested in cryptography in kernel space, have ideas on what we should support in FreeBSD next, or have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247!
Download wolfSSL Now