Subject: Re: VIA ACE patch
To: None <tech-crypto@netbsd.org>
From: Miles Nordin <carton@Ivy.NET>
List: tech-crypto
Date: 01/12/2007 16:41:20
--pgp-sign-Multipart_Fri_Jan_12_16:41:20_2007-1
Content-Type: text/plain; charset=US-ASCII
>>>>> "pjd" == Pawel Jakub Dawidek <pjd@FreeBSD.org> writes:
pjd> Not sure about NetBSD, but in FreeBSD you can doing by simply
pjd> not having /dev/crypto.
OpenBSD claims it will ``just work'' since version 3.5:
http://www.openbsd.org/crypto.html
* VIA C3 AES instructions
VIA C3 CPUs with a step 8 or later Nehemiah core contains an AES
implementation accessible via simple instructions. As of 3.4 the
kernel supports them to be used in an IPsec context and exported by
/dev/crypto. As of 3.5 performances have been greatly improved and
OpenSSL now uses the new instruction directly when available
without the need to enter the kernel, resulting in vastly improved
speed (AES-128 measured at 780MByte/sec) for applications using
OpenSSL to perform AES encryption.
I'm not sure what is the value of having OpenSSL even be capable to
use engines which are not the fastest, much less the rationale for
having it do so by default. Shouldn't there be just one system-wide
knob? Shouldn't it be set either by hand, or by a quick performance
self-test run at boot time?
--pgp-sign-Multipart_Fri_Jan_12_16:41:20_2007-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)
iQCVAwUARagAgInCBbTaW/4dAQJ6ggP7BxsTPK3Tli3K5titNDiykXDCbceCftDz
b9Z7gN48LmV1WsmqvwixHFzUEzPkL0qvNra0iUvzxB9oLp856ET//nFllAyOc5Ir
sUJYyVfKvGMjsKc1pzHAc/hlp2vNA2w8cmw5/TD+lYpVYNKxnBnDivi85/vtm4bt
xQ06hrJsPEo=
=Vl3t
-----END PGP SIGNATURE-----
--pgp-sign-Multipart_Fri_Jan_12_16:41:20_2007-1--