--pgp-sign-Multipart_Fri_Jan_12_16:41:20_2007-1
Content-Type: text/plain; charset=US-ASCII

>>>>> "pjd" == Pawel Jakub Dawidek <pjd@FreeBSD.org> writes:

   pjd> Not sure about NetBSD, but in FreeBSD you can doing by simply
   pjd> not having /dev/crypto.

OpenBSD claims it will ``just work'' since version 3.5:

 http://www.openbsd.org/crypto.html

 * VIA C3 AES instructions

   VIA C3 CPUs with a step 8 or later Nehemiah core contains an AES
   implementation accessible via simple instructions. As of 3.4 the
   kernel supports them to be used in an IPsec context and exported by
   /dev/crypto. As of 3.5 performances have been greatly improved and
   OpenSSL now uses the new instruction directly when available
   without the need to enter the kernel, resulting in vastly improved
   speed (AES-128 measured at 780MByte/sec) for applications using
   OpenSSL to perform AES encryption.

I'm not sure what is the value of having OpenSSL even be capable to
use engines which are not the fastest, much less the rationale for
having it do so by default.  Shouldn't there be just one system-wide
knob?  Shouldn't it be set either by hand, or by a quick performance
self-test run at boot time?

--pgp-sign-Multipart_Fri_Jan_12_16:41:20_2007-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)

iQCVAwUARagAgInCBbTaW/4dAQJ6ggP7BxsTPK3Tli3K5titNDiykXDCbceCftDz
b9Z7gN48LmV1WsmqvwixHFzUEzPkL0qvNra0iUvzxB9oLp856ET//nFllAyOc5Ir
sUJYyVfKvGMjsKc1pzHAc/hlp2vNA2w8cmw5/TD+lYpVYNKxnBnDivi85/vtm4bt
xQ06hrJsPEo=
=Vl3t
-----END PGP SIGNATURE-----

--pgp-sign-Multipart_Fri_Jan_12_16:41:20_2007-1--