tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?



I cleaned up some leftover OpenBSD-versus-FreeBSD variable naming cruft,
confirmed that the three-way logic described for crypto_devallowsoft a
couple of messages back really works (using gdb on /dev/mem[*]), and
committed a reworked version of the change.  

I'm very open to feedback on whether to make crypto_devallowsoft a
boolean, nuking the 'force software crypto' flag.

I'll add #ifdef DIAGNOSTIC around the warning for sessions denied by
crypto_userallowsoft settings: the message noise is more of a problem
than the "attempts".

Otherwise, I think we're now good to apply the OpenSSL patch.

[*] I had planned to wait for dynamic-sysctl before adding a sysctl
tree for crypto; if dynamic sysctl is deferred I may revisit that.



Home | Main Index | Thread Index | Old Index