Re: [openssl-users] openssl, opencrypto integration

Wed, 07 Jan 2015 00:48:44 -0800 

(Resend from correct account)

On 06/01/2015 19:52, Chris Eltervoog wrote:



I have implemented a H/W encryption driver and have integrated it with 
cryptodev.  In eng_cryptodev.c there is an array digests[].  In that 
array it defines CRYPTO_MD5 to have a keylen of 16.  In cryptodev, the 
xform.c file definedes MD5 to have a keylen of 0.    Why is the keylen 
not zero for the MD5 entry in this table?



I presume that this particular array uses the field name "keylen" to 
really refer to the hashlen (the size of the digest value), since 
digests generally don't have keys (otherwise they would be considered 
MAC algorithms).  The code in xform.c then probably refers to a more 
general definition, which encompasses both digests and MACs, and uses a 
0 MAC keylen to indicate that this is a digest, not a MAC.



Cryptodev also defines the keylen in a structure.  The keylen is zero 
there.  A comparison happens on session creation.  This difference 
causes a check in the session creation to fail and cryptodev always 
selects the s/w crypto engine. If I change the eng_cryptodev digests[] 
entry for CRYPTO_MD5 to have a keylen of zero the MD5 hashing works, 
however Key generation output changes.  If you run the openssl test 
case for key generation it will fail.  It seems that the files 
generated are smaller. I don't see how this change has this side 
affect with key generation.



IF my previous presumption is right, the correct change would be to keep 
both tables as they are, but change the comparison to compare values 
that are actually supposed to be the same, such as MAC key length to MAC 
key length (implicit 0 in the digests[] array), and result length to 
result length (named keylen in the digests[] array).



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded


_______________________________________________
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users






















					Reply via email to