Subject: Re: VIA ACE patch
To: Miles Nordin <carton@Ivy.NET>
From: Daniel de Kok <firstname.lastname@example.org>
Date: 01/12/2007 20:38:01
Miles Nordin wrote:
> Do you know what it does exactly? ex., ``It accelerates AES in
> FAST_IPSEC and in cgd''?
It registers itself with the opencrypto framework, making it
(transparently) useful for all opencrypto consumers. FAST_IPSEC is an
opencrypto consumer, cgd is not at this time (though I plan to look at
that if no one else does).
> Anyway this is kernel-only support, or it somehow affects openssl too?
> I guess I don't understand our crypto architecture that well.
If you use OpenSSL with the cryptodev engine, yes, since it uses
/dev/crypto (which is handled through opencrypto framework). Though,
-current and 4.0_BETA2 also have an OpenSSL engine that directly utilizes
ACE. I have issued a pullup request for the netbsd-3 branch to get
this engine integrated in the netbsd-3 branch. So, for applications that
rely on OpenSSL, you may want to use that, rather than cryptodev.
Still, this is patch is useful for kernel components that use crypto.
 Especially considering that cryptodev currently does not support
aes-256-cbc, though that is trivial to patch.