Subject: Re: VIA ACE patch
To: None <>
From: Miles Nordin <carton@Ivy.NET>
List: tech-crypto
Date: 01/12/2007 16:41:20
Content-Type: text/plain; charset=US-ASCII

>>>>> "pjd" == Pawel Jakub Dawidek <> writes:

   pjd> Not sure about NetBSD, but in FreeBSD you can doing by simply
   pjd> not having /dev/crypto.

OpenBSD claims it will ``just work'' since version 3.5:

 * VIA C3 AES instructions

   VIA C3 CPUs with a step 8 or later Nehemiah core contains an AES
   implementation accessible via simple instructions. As of 3.4 the
   kernel supports them to be used in an IPsec context and exported by
   /dev/crypto. As of 3.5 performances have been greatly improved and
   OpenSSL now uses the new instruction directly when available
   without the need to enter the kernel, resulting in vastly improved
   speed (AES-128 measured at 780MByte/sec) for applications using
   OpenSSL to perform AES encryption.

I'm not sure what is the value of having OpenSSL even be capable to
use engines which are not the fastest, much less the rationale for
having it do so by default.  Shouldn't there be just one system-wide
knob?  Shouldn't it be set either by hand, or by a quick performance
self-test run at boot time?

Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

Version: GnuPG v1.4.2 (NetBSD)