Subject: Re: /dev/crypto allows userspace requests for non-accelerated (software) crypto: disable for 2.0?
To: Jonathan Stone <jonathan@dsg.stanford.edu>
From: Jason Thorpe <thorpej@wasabisystems.com>
List: tech-kern
Date: 04/29/2004 10:15:40
--Apple-Mail-9--274958301
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed
On Apr 28, 2004, at 5:55 PM, Jonathan Stone wrote:
> I just checked, and I was surprised to find /dev/crypto still permits
> non-accelerated (i.e., software) sesssions, in both 2.0 and -current.
> I beleive the right thing to do is to disable them by default,
> for both 2.0 and -current. (note that applies to /dev/crypto; in-kernel
> opencrypto(9) requests, e.g., for FAST_IPSEC, will still be allowed).
> I will also add a sysctl knob to -current, to change that default.
I ageee, /dev/crypto should not allow software sessions by default,
only hardware accelerated sessions.
-- Jason R. Thorpe <thorpej@wasabisystems.com>
--Apple-Mail-9--274958301
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFAkTg8OpVKkaBm8XkRAjK5AKCmKaMo3C6f2QpcgdpQCfejW7kAcQCeKDh2
3swFpei1zIJqQdM9Cbfh3Ik=
=fMPx
-----END PGP SIGNATURE-----
--Apple-Mail-9--274958301--