On Fri, Jan 12, 2007 at 03:16:22PM -0500, Miles Nordin wrote: > >>>>> "ddk" == Daniel de Kok <danieldk%pobox.com@localhost> writes: > > ddk> Just for clarity: these VIA CPUs just have additional > ddk> instructions, so the kernel opencrypto "driver" and the > ddk> OpenSSL padlock engine are not mutually exclusive. > > right. so, in Linux there are posts in the forums that even after > they added padlock support to OpenSSL, OpenSSL does not choose the > right ``engine'' by default. They had to go through and modify each > individual program, ssh, apache, u.s.w., to get it to use the > padlock-based openssl-engine. > > Will OpenSSL in NetBSD 4.0/-current use the additional instructions by > default? Or will it use /dev/crypto, or regular i386 algorithms, by > default? sounds like you almost have to do some careful performance > testing just to be reasonably sure the whole stack is glued together > and actually working. Not sure about NetBSD, but in FreeBSD you can doing by simply not having /dev/crypto. You IPsec will still be accelerated, but userland will use padlock directly. The all you need is not to load cryptodev.ko module and not compile-in 'device cryptodev'. -- Pawel Jakub Dawidek http://www.wheel.pl pjd%FreeBSD.org@localhost http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
Attachment:
pgpBjj84_gUHv.pgp
Description: PGP signature