Subject: Re: VIA ACE patch
To: None <tech-crypto@netbsd.org>
From: Miles Nordin <carton@Ivy.NET>
List: tech-crypto
Date: 01/12/2007 15:16:22
--pgp-sign-Multipart_Fri_Jan_12_15:16:22_2007-1
Content-Type: text/plain; charset=US-ASCII

>>>>> "ddk" == Daniel de Kok <danieldk@pobox.com> writes:

   ddk> Just for clarity: these VIA CPUs just have additional
   ddk> instructions, so the kernel opencrypto "driver" and the
   ddk> OpenSSL padlock engine are not mutually exclusive.

right.  so, in Linux there are posts in the forums that even after
they added padlock support to OpenSSL, OpenSSL does not choose the
right ``engine'' by default.  They had to go through and modify each
individual program, ssh, apache, u.s.w., to get it to use the
padlock-based openssl-engine.

Will OpenSSL in NetBSD 4.0/-current use the additional instructions by
default?  Or will it use /dev/crypto, or regular i386 algorithms, by
default?  sounds like you almost have to do some careful performance
testing just to be reasonably sure the whole stack is glued together
and actually working.

--pgp-sign-Multipart_Fri_Jan_12_15:16:22_2007-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)

iQCVAwUARafslonCBbTaW/4dAQKDswP/QMPfzkGzwh/5us6YUokYJHWJsex2O0Sp
cDKUZ/upXKi+YijRArQNMBQpk1UyxMG7nvf75ui8Rd3l9IfjzJaqbk8pQzVlVo8b
r1AY0uLTOXG+WTnF+1qGgBJCrLQIpGanc11TpWnbWwNyDdKE7llieQRBjV54btJk
sbt+tMIND7Y=
=WS3w
-----END PGP SIGNATURE-----

--pgp-sign-Multipart_Fri_Jan_12_15:16:22_2007-1--