From owner-freebsd-arch@FreeBSD.ORG Wed Feb 4 23:30:24 2004 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D8A816A4CE for ; Wed, 4 Feb 2004 23:30:24 -0800 (PST) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FD6043D41 for ; Wed, 4 Feb 2004 23:30:22 -0800 (PST) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.10/8.12.10) with ESMTP id i157UGDF038922; Thu, 5 Feb 2004 08:30:16 +0100 (CET) (envelope-from phk@phk.freebsd.dk) To: Sam Leffler From: "Poul-Henning Kamp" In-Reply-To: Your message of "Wed, 04 Feb 2004 23:24:18 PST." <200402042324.18434.sam@errno.com> Date: Thu, 05 Feb 2004 08:30:16 +0100 Message-ID: <38921.1075966216@critter.freebsd.dk> cc: arch@freebsd.org Subject: Re: Resolving the crypto duplicity... X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Feb 2004 07:30:24 -0000 In message <200402042324.18434.sam@errno.com>, Sam Leffler writes: >All the cipher code in opencrypto is there for a reason; either because it ran >substantially faster than the KAME code at the time I imported the crypto >framework or because there were API incompatbilities that made using the KAME >versions difficult. In general the one overriding rule I had was that I could >not remove any code in crypto so anything new had to go in opencrypto. If we collapse the two, we should of course keep the best version. I guess my suggestion/question could also be put this way: "Is it about time we stop having a 'KAME crypto' and a 'OpenCrypto' code set, and instead get us a 'FreeBSD crypto' code set. >I tried to get opencrypto included in GENERIC for 5.2 but was too late. I >think making it part of the base system is too costly for embedded >environments but could be persuaded otherwise. > >I think with your recent mods that gbde depends on opencrypto so I'm not sure >why you're worried about an explicit rijndael dependency unless you can build >gbde w/ and w/o the opencrypto usage. Well, my problem is that either I need a compiletime #ifdef to decide to pull in opencrypto support, or we need to add failing stub-functions when we do not have opencrypto in the kernel. I would really like to avoid the situation where I have to have two different gbde kld's: one with and one without opencrypto. But as I said, it may be time to discuss the overall issue of kld dependencies, rather than just scratch my own little itch... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.