# dm-crypt and openssl

## KShots

Question: When the kernel mounts a dm-crypt'd partition via 'cryptsetup luksOpen ...', does cryptsetup utilize openssl, or does it utilize whatever's built into the kernel? It's important to me, because I have hardware acceleration for the encryption built into the kernel (via padlock), but openssl doesn't utilize hardware accelerated ssl devices, at least not since the 0.9.8g release with the appropriate patches, which by this point is a security risk.

I'd just do an 'ldd `which cryptsetup`'... but it's statically linked, and doesn't tell me anything. Anyone know for sure?

----------

## Hu

I believe it does not use OpenSSL.  First, I have had dm-crypt'd drives that I was unable to open when I omitted a key kernel feature, which became usable after fixing the kernel configuration.  Second, Portage does not list OpenSSL as a dependency of sys-fs/cryptsetup.

----------

## KShots

That's good news, then... in that case, it's highly likely that the kernel is in fact using padlock to encrypt/decrypt my partition. Given I'm attempting to run a high-performance high-security file server, that's kinda important, and I was highly disappointed when I saw that openssl doesn't work with padlock anymore.

----------

## wippie

I can confirm that dm-crypt will use the padlock aes if it is available, and yes the performance really is amazing.  :Smile: 

----------

