Subject: Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
To: Jason Thorpe <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-crypto
Date: 11/18/2003 19:58:15
I cleaned up some leftover OpenBSD-versus-FreeBSD variable naming cruft,
confirmed that the three-way logic described for crypto_devallowsoft a
couple of messages back really works (using gdb on /dev/mem[*]), and
committed a reworked version of the change.  

I'm very open to feedback on whether to make crypto_devallowsoft a
boolean, nuking the 'force software crypto' flag.

I'll add #ifdef DIAGNOSTIC around the warning for sessions denied by
crypto_userallowsoft settings: the message noise is more of a problem
than the "attempts".

Otherwise, I think we're now good to apply the OpenSSL patch.

[*] I had planned to wait for dynamic-sysctl before adding a sysctl
tree for crypto; if dynamic sysctl is deferred I may revisit that.