[openssl-users] openssl, opencrypto integration

Jakob Bohm jb-openssl at wisemo.com
Wed Jan 7 08:47:12 UTC 2015


(Resend from correct account)

On 06/01/2015 19:52, Chris Eltervoog wrote:
>
> I have implemented a H/W encryption driver and have integrated it with 
> cryptodev.  In eng_cryptodev.c there is an array digests[].  In that 
> array it defines CRYPTO_MD5 to have a keylen of 16.  In cryptodev, the 
> xform.c file definedes MD5 to have a keylen of 0.    Why is the keylen 
> not zero for the MD5 entry in this table?
>
I presume that this particular array uses the field name "keylen" to 
really refer to the hashlen (the size of the digest value), since 
digests generally don't have keys (otherwise they would be considered 
MAC algorithms).  The code in xform.c then probably refers to a more 
general definition, which encompasses both digests and MACs, and uses a 
0 MAC keylen to indicate that this is a digest, not a MAC.

> Cryptodev also defines the keylen in a structure.  The keylen is zero 
> there.  A comparison happens on session creation.  This difference 
> causes a check in the session creation to fail and cryptodev always 
> selects the s/w crypto engine. If I change the eng_cryptodev digests[] 
> entry for CRYPTO_MD5 to have a keylen of zero the MD5 hashing works, 
> however Key generation output changes.  If you run the openssl test 
> case for key generation it will fail.  It seems that the files 
> generated are smaller. I don't see how this change has this side 
> affect with key generation.
>
IF my previous presumption is right, the correct change would be to keep 
both tables as they are, but change the comparison to compare values 
that are actually supposed to be the same, such as MAC key length to MAC 
key length (implicit 0 in the digests[] array), and result length to 
result length (named keylen in the digests[] array).


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20150107/04d12636/attachment.html>


More information about the openssl-users mailing list