>>>>> "pjd" == Pawel Jakub Dawidek <pjd%FreeBSD.org@localhost> writes: pjd> Not sure about NetBSD, but in FreeBSD you can doing by simply pjd> not having /dev/crypto. OpenBSD claims it will ``just work'' since version 3.5: http://www.openbsd.org/crypto.html * VIA C3 AES instructions VIA C3 CPUs with a step 8 or later Nehemiah core contains an AES implementation accessible via simple instructions. As of 3.4 the kernel supports them to be used in an IPsec context and exported by /dev/crypto. As of 3.5 performances have been greatly improved and OpenSSL now uses the new instruction directly when available without the need to enter the kernel, resulting in vastly improved speed (AES-128 measured at 780MByte/sec) for applications using OpenSSL to perform AES encryption. I'm not sure what is the value of having OpenSSL even be capable to use engines which are not the fastest, much less the rationale for having it do so by default. Shouldn't there be just one system-wide knob? Shouldn't it be set either by hand, or by a quick performance self-test run at boot time?
Attachment:
pgpitbv4BhRNL.pgp
Description: PGP signature