On Fri, Apr 18, 2014 at 06:11:39PM +0000, Taylor R Campbell wrote: > > The majority of systems certainly don't have AES-NI. Only some recent > Intel CPUs do, and we can't use it in the kernel anyway.
Right: plenty of systems accellerate AES, but in the wide world of systems that are not all x86 desktops or servers (embedded MIPS and ARM are particularly important targets for NetBSD), comparatively few accelerate AES using instructions rather than an offboard accellerator. Unless we are going to pre-buffer huge amounts of this keystream in the kernel (which poses its own risks) using an offboard accellerator for this purpose doesn't seem practical to me. And I've worked with them a lot. Of the few systems which do have instructions that accellerate AES, on the most common implementation -- x86 -- we cannot use the instructions in question in the kernel because they use CPU state we do not save/ restore when the kernel runs. I'd welcome anyone's work to fix that, so long as it does not impose major performance costs of its own, but I do not personally have the skill to do it, and if wishes were horses... Thor