Subject: Re: VIA ACE patch
To: Daniel de Kok <email@example.com>
From: Thor Lancelot Simon <firstname.lastname@example.org>
Date: 01/12/2007 18:03:57
On Fri, Jan 12, 2007 at 08:42:12PM +0100, Daniel de Kok wrote:
> On Fri, 12 Jan 2007, Daniel de Kok wrote:
> >in the netbsd-3 branch. So, for applications that rely on OpenSSL, you may
> >want to use that, rather than cryptodev.
> Just for clarity: these VIA CPUs just have additional instructions, so
> the kernel opencrypto "driver" and the OpenSSL padlock engine are not
> mutually exclusive.
And that is why, as I noted yesterday, a separate opencrypto "driver"
for this functionality really doesn't seem right. I would urge you,
again, to simply add support for these instructions to the code in
/sys/crypto and merge it with the code in /sys/opencrypto that is the
algorithm implementations used by the existing opencrypto software
If you do that, _everything_ in the kernel that uses crypto wins.
If you do what you did, only things that already know how to use
opencrypto (basically nothing but fast_ipsec, since there is already
a better openssl engine for these cards than cryptodev) win...
Thor Lancelot Simon email@example.com
"All of my opinions are consistent, but I cannot present them all
at once." -Jean-Jacques Rousseau, On The Social Contract