(Resend from correct account)
On 06/01/2015 19:52, Chris Eltervoog wrote:
I have implemented a H/W encryption driver and have integrated it with
cryptodev. In eng_cryptodev.c there is an array digests[]. In that
array it defines CRYPTO_MD5 to have a keylen of 16. In cryptodev, the
xform.c file definedes MD5 to have a keylen of 0.Why is the keylen
not zero for the MD5 entry in this table?
I presume that this particular array uses the field name keylen to
really refer to the hashlen (the size of the digest value), since
digests generally don't have keys (otherwise they would be considered
MAC algorithms). The code in xform.c then probably refers to a more
general definition, which encompasses both digests and MACs, and uses a
0 MAC keylen to indicate that this is a digest, not a MAC.
Cryptodev also defines the keylen in a structure. The keylen is zero
there. A comparison happens on session creation. This difference
causes a check in the session creation to fail and cryptodev always
selects the s/w crypto engine. If I change the eng_cryptodev digests[]
entry for CRYPTO_MD5 to have a keylen of zero the MD5 hashing works,
however Key generation output changes. If you run the openssl test
case for key generation it will fail. It seems that the files
generated are smaller. I don't see how this change has this side
affect with key generation.
IF my previous presumption is right, the correct change would be to keep
both tables as they are, but change the comparison to compare values
that are actually supposed to be the same, such as MAC key length to MAC
key length (implicit 0 in the digests[] array), and result length to
result length (named keylen in the digests[] array).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users