--SNIs70sCzqvszXB4
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 12, 2007 at 03:16:22PM -0500, Miles Nordin wrote:
> >>>>> "ddk" =3D=3D Daniel de Kok <danieldk@pobox.com> writes:
>=20
>    ddk> Just for clarity: these VIA CPUs just have additional
>    ddk> instructions, so the kernel opencrypto "driver" and the
>    ddk> OpenSSL padlock engine are not mutually exclusive.
>=20
> right.  so, in Linux there are posts in the forums that even after
> they added padlock support to OpenSSL, OpenSSL does not choose the
> right ``engine'' by default.  They had to go through and modify each
> individual program, ssh, apache, u.s.w., to get it to use the
> padlock-based openssl-engine.
>=20
> Will OpenSSL in NetBSD 4.0/-current use the additional instructions by
> default?  Or will it use /dev/crypto, or regular i386 algorithms, by
> default?  sounds like you almost have to do some careful performance
> testing just to be reasonably sure the whole stack is glued together
> and actually working.

Not sure about NetBSD, but in FreeBSD you can doing by simply not having
/dev/crypto. You IPsec will still be accelerated, but userland will use
padlock directly. The all you need is not to load cryptodev.ko module
and not compile-in 'device cryptodev'.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--SNIs70sCzqvszXB4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFFp++aForvXbEpPzQRAl97AKCV8DEX++qOcMLRwbJzh4vQeSCyYQCgskxw
JAbLUoFEv900u8NlDQr2sSs=
=6OSn
-----END PGP SIGNATURE-----

--SNIs70sCzqvszXB4--