Also, as you test, you may want to look into whether the kernel is using AES instructions, with or without /dev/crypto offload. I have not paid attention to these details in quite a few years. As wikipedia notes, while twofish and rijndael were competitive in speed, twofihs is slower on computers with AES hardware support!
Of course, the only symmetric cipher that can compete with hardware accelerated AES in terms of throughput is Chacha20 and we don't have it in setkey. It's there in the OpenSSH code, though, it's even builtin without OpenSSL. I am not clear however on how to test crypto hardware acceleration on netbsd. I could try the `openssl speed` feature but the first thing I would be looking for is whether my CPU has the AES-NI, AVX and AVX2 flags available. Is there a way to do that on NetBSD? Then how to check of /dev/crypto is leveraged at various places in userland? -pph