Date: Fri, 23 Aug 2013 21:30:33 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Mike Tancsa <mike@sentex.net> Cc: Ollivier Robert <roberto@keltia.freenix.fr>, freebsd-current@freebsd.org Subject: Re: patch to improve AES-NI performance Message-ID: <86d2p419ye.fsf@nine.des.no> In-Reply-To: <20130823185241.GO94127@funkthat.com> (John-Mark Gurney's message of "Fri, 23 Aug 2013 11:52:41 -0700") References: <20130822202027.GH94127@funkthat.com> <20130823151615.GD41379@roberto02-aw.erc.corp.eurocontrol.int> <52177F0B.9020906@sentex.net> <20130823180513.GM94127@funkthat.com> <5217A7B5.8040904@sentex.net> <20130823185241.GO94127@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John-Mark Gurney <jmg@funkthat.com> writes: > Mike Tancsa <mike@sentex.net> writes: > > John-Mark Gurney <jmg@funkthat.com> writes: > > > My patch would only effect userland applications that use /dev/crypto= ... > > For me its ssh which I think does, no ? > It looks like it uses OpenSSL for it's crypto, not /dev/crypto... It uses OpenSSL engines, which use /dev/crypto. This is why we had to turn off sandbox mode - a CRIOGET ioctl fails because the sandbox code sets RLIMIT_NOFILES to 0. (trimming security@ from the cc: list as it's an alias for secteam@ which is not the appropriate venue for this discussion.) DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86d2p419ye.fsf>