Module Name: src
Committed By: bouyer
Date: Sun Feb 14 13:38:28 UTC 2010
Modified Files:
src/share/man/man9 [netbsd-5]: opencrypto.9
Log Message:
Pull up following revision(s) (requested by hubertf in ticket #1293):
share/man/man9/opencrypto.9: revision 1.9
Document sysctls
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.5.18.1 src/share/man/man9/opencrypto.9
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man9/opencrypto.9
diff -u src/share/man/man9/opencrypto.9:1.5 src/share/man/man9/opencrypto.9:1.5.18.1
--- src/share/man/man9/opencrypto.9:1.5 Sat Jul 14 10:52:49 2007
+++ src/share/man/man9/opencrypto.9 Sun Feb 14 13:38:28 2010
@@ -1,5 +1,5 @@
.\" $OpenBSD: crypto.9,v 1.25 2003/07/11 13:47:41 jmc Exp $
-.\" $NetBSD: opencrypto.9,v 1.5 2007/07/14 10:52:49 ad Exp $
+.\" $NetBSD: opencrypto.9,v 1.5.18.1 2010/02/14 13:38:28 bouyer Exp $
.\"
.\" The author of this man page is Angelos D. Keromytis (ange...@cis.upenn.edu)
.\"
@@ -16,7 +16,7 @@
.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
.\" PURPOSE.
.\"
-.Dd December 20, 2003
+.Dd January 1, 2010
.Dt OPENCRYPTO 9
.Os
.Sh NAME
@@ -324,7 +324,8 @@
For MAC algorithms, this is where the result of the keyed hash will be
inserted.
.It Fa crd_flags
-The following flags are defined:
+For adjusting general operation from userland,
+the following flags are defined:
.Bl -tag -width CRD_F_IV_EXPLICIT
.It Dv CRD_F_ENCRYPT
For encryption algorithms, this bit is set when encryption is required
@@ -429,6 +430,28 @@
.It Fa krp_callback
Callback called on completion of a keying operation.
.El
+.Pp
+The following sysctl entries exist to adjust
+the behaviour of the system from userland:
+.Bl -tag -width kern.cryptodevallowsoft
+.It kern.usercrypto
+Allow (1) or forbid (0) userland acces to
+.Pa /dev/crypto .
+.It kern.userasymcrypto
+Allow (1) or forbid (0) userland acces to
+do asymmetric crypto requests.
+.It kern.cryptodevallowsoft
+Enable/disable access to hardware versus software operations:
+.Bl -tag -width xxx
+.It < 0
+Force userlevel requests to use software operations, always.
+.It = 0
+Use hardware if present, grant userlevel requests for non-accelerated
+operations (handling the latter in software).
+.It > 0
+Allow user requests only for operations which are hardware-accelerated.
+.El
+.El
.Sh DRIVER-SIDE API
The
.Fn crypto_get_driverid ,
@@ -559,9 +582,11 @@
.Fa crp_etype
field.
.Sh FILES
-.Bl -tag -width sys/crypto/crypto.c
-.It Pa sys/crypto/crypto.c
+.Bl -tag -width sys/opencrypto/crypto.c
+.It Pa sys/opencrypto/crypto.c
most of the framework code
+.It Pa sys/crypto
+crypto algorithm implementations
.El
.Sh SEE ALSO
.Xr condvar 9 ,
