Subject: Re: VIA ACE patch
To: None <>
From: Miles Nordin <carton@Ivy.NET>
List: tech-crypto
Date: 01/12/2007 14:14:10
Content-Type: text/plain; charset=US-ASCII

>>>>> "ddk" == Daniel de Kok <> writes:

   ddk> I have mostly completed my port of the OpenBSD VIA ACE code,
   ddk> and I have attached a patch. This area is pretty new to me, so
   ddk> please be gentle.

Do you know what it does exactly?  ex., ``It accelerates AES in
FAST_IPSEC and in cgd''?

AIUI, one of Padlock's virtues was that it could be used from
userspace with no syscall overhead, so unlike PCI ``crypto
accelerators'' it is reasonable to use it from OpenSSL to accelerate
the symmetric AES crypto in apache https or ssh/sshd, while for the
PCI accelerators it's only a net performance win to use them either
for AES _inside the kernel_, or for the RSA-only part of userland
apache/ssh (which is more computation per context switch).  If someone
knows better please correct me---I don't know this stuff well.

Anyway this is kernel-only support, or it somehow affects openssl too?
I guess I don't understand our crypto architecture that well.

Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

Version: GnuPG v1.4.2 (NetBSD)