Subject: Re: VIA ACE patch
To: Daniel de Kok <>
From: Thor Lancelot Simon <>
List: tech-crypto
Date: 01/12/2007 18:03:57
On Fri, Jan 12, 2007 at 08:42:12PM +0100, Daniel de Kok wrote:
> On Fri, 12 Jan 2007, Daniel de Kok wrote:
> >in the netbsd-3 branch. So, for applications that rely on OpenSSL, you may 
> >want to use that, rather than cryptodev[1].
> Just for clarity: these VIA CPUs just have additional instructions, so 
> the kernel opencrypto "driver" and the OpenSSL padlock engine are not 
> mutually exclusive.

And that is why, as I noted yesterday, a separate opencrypto "driver"
for this functionality really doesn't seem right.  I would urge you,
again, to simply add support for these instructions to the code in
/sys/crypto and merge it with the code in /sys/opencrypto that is the
algorithm implementations used by the existing opencrypto software

If you do that, _everything_ in the kernel that uses crypto wins.
If you do what you did, only things that already know how to use
opencrypto (basically nothing but fast_ipsec, since there is already
a better openssl engine for these cards than cryptodev) win...

Thor Lancelot Simon	                     
  "All of my opinions are consistent, but I cannot present them all
   at once."	-Jean-Jacques Rousseau, On The Social Contract