Re: [openssl-users] openssl, opencrypto integration

[Jakob Bohm]

(Resend from correct account)

On 06/01/2015 19:52, Chris Eltervoog wrote:


I have implemented a H/W encryption driver and have integrated it with 
cryptodev.  In eng_cryptodev.c there is an array digests[].  In that 
array it defines CRYPTO_MD5 to have a keylen of 16.  In cryptodev, the 
xform.c file definedes MD5 to have a keylen of 0.Why is the keylen 
not zero for the MD5 entry in this table?


I presume that this particular array uses the field name keylen to 
really refer to the hashlen (the size of the digest value), since 
digests generally don't have keys (otherwise they would be considered 
MAC algorithms).  The code in xform.c then probably refers to a more 
general definition, which encompasses both digests and MACs, and uses a 
0 MAC keylen to indicate that this is a digest, not a MAC.


Cryptodev also defines the keylen in a structure.  The keylen is zero 
there.  A comparison happens on session creation.  This difference 
causes a check in the session creation to fail and cryptodev always 
selects the s/w crypto engine. If I change the eng_cryptodev digests[] 
entry for CRYPTO_MD5 to have a keylen of zero the MD5 hashing works, 
however Key generation output changes.  If you run the openssl test 
case for key generation it will fail.  It seems that the files 
generated are smaller. I don't see how this change has this side 
affect with key generation.


IF my previous presumption is right, the correct change would be to keep 
both tables as they are, but change the comparison to compare values 
that are actually supposed to be the same, such as MAC key length to MAC 
key length (implicit 0 in the digests[] array), and result length to 
result length (named keylen in the digests[] array).



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users

[openssl-users] openssl, opencrypto integration

[Chris Eltervoog]

I have implemented a H/W encryption driver and have integrated it with cryptodev. In eng_cryptodev.c there is an array digests[]. In that array it defines CRYPTO_MD5 to have a keylen of 16. In cryptodev, the xform.c file definedes MD5 to have a keylen of 0.  Why is the keylen not zero for the MD5 entry in this table?Cryptodev also defines the keylen in a structure. The keylen is zero there. A comparison happens on session creation. This difference causes a check in the session creation to fail and cryptodev always selects the s/w crypto engine. If I change the eng_cryptodev digests[] entry for CRYPTO_MD5 to have a keylen of zero the MD5 hashing works, however Key generation output changes. If you run the openssl test case for key generation it will fail. It seems that the files generated are smaller. I don't see how this change has this side affect with key generation.
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users