OpenBSD Cryptographic Framework

The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD 2.8 (December, 2000). Like other OpenBSD projects such as OpenSSH, it has been ported to other systems based on Berkeley Unix such as FreeBSD and NetBSD, and to Solaris and Linux. One of the Linux ports is supported by Intel for use with its proprietary cryptographic software and hardware to provide hardware-accelerated SSL encryption for the open source Apache HTTP Server.

Cryptography is computationally intensive and is used in many different contexts. Software implementations often serve as a bottleneck to information flow or increase network latency. Specialist hardware such as cryptographic accelerators can mitigate the bottleneck problem by introducing parallelism. Certain kinds of hardware, hardware random number generators, can also produce randomness more reliably than a pseudo-random software algorithm by exploiting the entropy of natural events.

Unlike graphics applications such as games and film processing where similar hardware accelerators are in common use and have strong operating system support, the use of hardware in cryptography has had relatively low uptake. By the late 1990s, there was a need for a uniform operating system layer to mediate between cryptographic hardware and application software that used it. The lack of this layer led to the production of applications that were hard-coded to work with one or a very small range of cryptographic accelerators.

...
Wikipedia