Subject: Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
To: Jason Thorpe <firstname.lastname@example.org>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Date: 11/18/2003 19:58:15
I cleaned up some leftover OpenBSD-versus-FreeBSD variable naming cruft,
confirmed that the three-way logic described for crypto_devallowsoft a
couple of messages back really works (using gdb on /dev/mem[*]), and
committed a reworked version of the change.
I'm very open to feedback on whether to make crypto_devallowsoft a
boolean, nuking the 'force software crypto' flag.
I'll add #ifdef DIAGNOSTIC around the warning for sessions denied by
crypto_userallowsoft settings: the message noise is more of a problem
than the "attempts".
Otherwise, I think we're now good to apply the OpenSSL patch.
[*] I had planned to wait for dynamic-sysctl before adding a sysctl
tree for crypto; if dynamic sysctl is deferred I may revisit that.