|
|
|
|
|
|
by microcolonel
2877 days ago
|
|
|
> Andy Lutomirski was generally favorable as well, noting that he has tried to carry out some similar changes to the cryptographic code in the past. Support for hardware accelerators should, he said, be built on top of Zinc; code needing that support could then use the more complex API that would be required, and the Zinc implementations could be used as fallbacks when acceleration is not available or practical to use. This seems like a flawless approach. The Zinc approach seems to be preferred (by those involved) for simple software-only use cases, and the more complex use cases seem to be composed of operations which Zinc could implement. It's good that they're not just going to plop the thing in there in a degraded state (with probably worse performance [and DoS resistance] than the current out of tree/dkms distributions of wireguard). |
|
|
Yea, indeed, I'm really trying to get the mainline version to have the same performance and security characteristics as the out-of-tree module version.
(And after it's mainlined, the out-of-tree module will only exist as compatibility for older kernels, and I'll have some scripts to automatically extract a mainline kernel into a backport.)