Subject: Re: VIA ACE patch
To: Miles Nordin <carton@Ivy.NET>
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: 01/12/2007 21:29:14
Content-Type: text/plain; charset=iso-8859-2
On Fri, Jan 12, 2007 at 03:16:22PM -0500, Miles Nordin wrote:
> >>>>> "ddk" =3D=3D Daniel de Kok <firstname.lastname@example.org> writes:
> ddk> Just for clarity: these VIA CPUs just have additional
> ddk> instructions, so the kernel opencrypto "driver" and the
> ddk> OpenSSL padlock engine are not mutually exclusive.
> right. so, in Linux there are posts in the forums that even after
> they added padlock support to OpenSSL, OpenSSL does not choose the
> right ``engine'' by default. They had to go through and modify each
> individual program, ssh, apache, u.s.w., to get it to use the
> padlock-based openssl-engine.
> Will OpenSSL in NetBSD 4.0/-current use the additional instructions by
> default? Or will it use /dev/crypto, or regular i386 algorithms, by
> default? sounds like you almost have to do some careful performance
> testing just to be reasonably sure the whole stack is glued together
> and actually working.
Not sure about NetBSD, but in FreeBSD you can doing by simply not having
/dev/crypto. You IPsec will still be accelerated, but userland will use
padlock directly. The all you need is not to load cryptodev.ko module
and not compile-in 'device cryptodev'.
Pawel Jakub Dawidek http://www.wheel.pl
FreeBSD committer Am I Evil? Yes, I Am!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
-----END PGP SIGNATURE-----