The OCF Cryptographic Framework has been ported to Linux from OpenBSD/FreeBSD, offering a robust and secure platform for cryptographic functions.
What really impressed me is that results have shown improvements of up to 7 times that of software crypto for bulk crypto throughput using OpenSSL. At this point in time, OCF-Linux provides acceleration for OpenSwan, OpenSSL, OpenSSH (scp, ssh, ...) and also supports the BSD crypto testing applications. It can accelerate DES, 3DES, AES, MD5, SHA, and Public Key operations and adds randomness to the kernels /dev/random by utilising the RNG hardware.
This project is being actively developed as a high performance crypto solution for embedded devices but also applies equally well to any Linux-based server or desktop. OCF-Linux was based directly on the FreeBSD port of the OCF framework, and contains several performance improvements that were desired. There is some good reference material on the changes and why they were needed, which is worth reading for a background.
At the time of writing, the current version supports most 2.4 and 2.6 kernels up to and include 2.4.34 and 2.6.23. As a software reviewer, I can confidently say that the Open Cryptographic Framework is an outstanding addition to any Linux-based system that requires high-performance crypto solutions. Its integration with various application protocols and ability to accelerate numerous encryption and hashing algorithms make it a must-have tool for advanced security implementations.
Version 20080917: N/A