Re: akcipher use
Hi Stephan, On 06/27/2015 09:25 AM, Stephan Mueller wrote: > Ok, in this case, it would mean that rsa would point to the software > implementation and oaep(rsa) would point to the hardware. Would I be correct? All combinations are possible, and it is up to the implementation to decide. >> Yes, that's the main use case for this. We want to be able to accelerate SSL >> > handshakes. > Are you currently working on an AF_ALG interface? I'm currently working on adding rsa support to the qat driver. Once that will be finished my plan was to add AF_ALG interface for it. That will be in a few weeks time though since I'm on vacation next two weeks. If you have already started on AF_ALG you are more than welcome to do it. For me the most important thing will that it needs to be asynchronous. Regards, T -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Crypto Fixes for 4.2
On Fri, Jun 26, 2015 at 11:56 PM, Herbert Xu wrote: > > So I think Tadeusz's patch is the simplest fix for 4.2. Could you > please test it to see if it makes your warning go away? Seems to silence it here. I get the feeling that the patch is still wrong - why are not the *tests* run at late time when everything is properly set up, rather than forcing ordering at the code init level - but at least I don't see the annoying error, so it's certainly better than it was before. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: akcipher use
Am Donnerstag, 25. Juni 2015, 12:19:32 schrieb Tadeusz Struk: Hi Tadeusz, > On 06/25/2015 04:58 AM, Stephan Mueller wrote: > > > > - how would a hardware implementation offering only a hybrid asym cipher > > implementation (i.e. a full signature mechanism or bulk data encryption > > mechanism) be usable via that API? > > Usually the HW offers acceleration for encryption primitives. > To support the encryption schemes we can introduce templates for instance > pkcs1_v15(rsa) or oaep(rsa) as it was proposed by Horia Geanta. Ok, in this case, it would mean that rsa would point to the software implementation and oaep(rsa) would point to the hardware. Would I be correct? > > > - currently I only see one user in the kernel for asym ciphers: the module > > signing mechanism. Do you expect more to come? Or am I missing others? > > > > - If no, then it sounds like that the akcipher API is a means to make asym > > ciphers implemented in hardware and only accessible from supervisor state > > available. I would assume that the majority of the users that may be > > interested in that kind of support resides in user space. Is the intention > > to develop an AF_ALG interface (note, I personally already thought about > > that subject for some time now)? > > Yes, that's the main use case for this. We want to be able to accelerate SSL > handshakes. Are you currently working on an AF_ALG interface? -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] QAT: Fix uninitialized variable in qat driver
On 06/26/2015 10:56 AM, Neil Horman wrote: > Hit a warning when building QAT, indicating that sz_out might be uninitalized > before use. Looks like if you hit an error path and jump to err: you might > find > yourself trying to unmap an arbirarily long dma region. Its safe on intel > since > intel defines the invalid dma address as zero, but other arches don't, and if > qat makes its way to one of those, that can cause all sorts of corruption. Hi Neil, This is a false positive. The sz_out is always initialized before used because the same condition i.e. if (sgl != sglout && buflout) is in the error path as well as on the path where is is initialized. This warning is printed by an old gcc version. If you'll use gcc 4.9 or later it wont print it. It didn't make it's way to linux-crypto for whatever reason so resending again. regards, T -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
