9.6 Cryptographic Backend

Today most new processors, either for embedded or desktop systems include either instructions intended to speed up cryptographic operations, or a co-processor with cryptographic capabilities. Taking advantage of those is a challenging task for every cryptographic application or library. Unfortunately the cryptographic libraries that GnuTLS is based on take no advantage of these properties. For this reason GnuTLS handles this internally by following a layered approach to accessing cryptographic operations as in fig:crypto-layers.

Figure 9.8: GnuTLS cryptographic back-end design.

The TLS layer uses a cryptographic provider layer, that will in turn either use the default crypto provider - a crypto library, or use an external crypto provider, if available.