About a year ago, there was a discussion here about /dev/crypto, the performance
of the in-kernel software crypto algorithms, and whether to permit user requests
on /dev/crypto for crypto algorithms for which no hardware acceleration is available.

I have a very strong recollection that Jason Thorpe was initially in favour
of allowing user requests that mapped to software; but later changed his mind,
on the grounds that the time spent inside the kernel outweighed any potential
benefit from (then) better-tuned crypto software in our kernel than in OpenSSL.

I just checked, and I was surprised to find /dev/crypto still permits
non-accelerated (i.e., software) sesssions, in both 2.0 and -current.
I beleive the right thing to do is to disable them by default,
for both 2.0 and -current. (note that applies to /dev/crypto; in-kernel
opencrypto(9) requests, e.g., for FAST_IPSEC, will still be allowed).
I will also add a sysctl knob to -current, to change that default.

Comments?