Subject: Re: FYI: this time, really about to import crypto framework
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Sam Leffler <>
List: tech-kern
Date: 07/25/2003 14:41:47
> There's one more substantive issue: the FreeBSD opencrypto includes
> what (at the time) were ``best-of-breed'' crypto implementations.
> Those are the ones I've tested as part of opencrypto over the last few
> months, so I also imported the FreeBSD crypto-transform code.  Some
> duplication may have occurred (specificallyw ith rijndael and
> cast128). Obviously, I'd like to resolve that ASAP, but it will
> require some collaboration with the KAME team and any other users of
> the extant crypto APIs.

If I recall I did this by enabling /dev/crypto access to the s/w crypto 
support in the kernel and then used the cryptotest program to benchmark 
each implementation.  Fastest one was selected if the time difference was 
noticeable (>5% perhaps).