** Next:** Minimize number user/kernel crossings
** Up:** Other Optimizations and Future
** Previous:** Asymmetric Multiprocessing (AMP) support.

As we mentioned in Section 4.2, TLS and SSH use the OCF at
the granularity of the algorithm. That is, if both an encryption and a
message authentication (MAC) algorithm have to be applied on an
outgoing message, there will be two distinct calls to the OCF via *
/dev/crypto.* (The same situation holds for incoming messages.)
Since the OCF supports algorithm chaining, there is no reason why
OpenSSL cannot take advantage of this to reduce the number of
user/kernel crossings. This requires modification of the TLS
implementation in OpenSSL and of OpenSSH, to support this algorithm
chaining. While this is purely an implementation matter, the
complexity of the OpenSSL code is a significant deterrent to progress
in this direction.

*Angelos D. Keromytis*

*3/25/2003*