Miles Nordin wrote:
Do you know what it does exactly? ex., ``It accelerates AES in FAST_IPSEC and in cgd''?
It registers itself with the opencrypto framework, making it (transparently) useful for all opencrypto consumers. FAST_IPSEC is an opencrypto consumer, cgd is not at this time (though I plan to look at that if no one else does).
Anyway this is kernel-only support, or it somehow affects openssl too? I guess I don't understand our crypto architecture that well.
If you use OpenSSL with the cryptodev engine, yes, since it uses /dev/crypto (which is handled through opencrypto framework). Though, -current and 4.0_BETA2 also have an OpenSSL engine that directly utilizes ACE. I have issued a pullup request for the netbsd-3 branch to get this engine integrated in the netbsd-3 branch. So, for applications that rely on OpenSSL, you may want to use that, rather than cryptodev[1].
Still, this is patch is useful for kernel components that use crypto. -- Daniel[1] Especially considering that cryptodev currently does not support aes-256-cbc, though that is trivial to patch.