Re: [Ocf-linux-users] minor issues to be fixed in OCF openssl interface
Brought to you by:
david-m
Menu
▾
▴
Re: [Ocf-linux-users] minor issues to be fixed in OCF openssl interface
|
From: David M. <dav...@mc...> - 2010-03-22 01:55:19
|
Jivin V Jyothi-B22245 lays it down ...
> Hi,
>
> I am trying to use OCF openssl interface with openssl1.0beta versions
> for DH operations.
> This framework is very much useful to make use of HW acceleration
> through openssl.
>
> There are two minor issues we found in cryptodev_dh_compute_key()
> function definition:
> 1) keylen assignment to crypt_kop structure:
> keylen is computed using BN_num_bits() which returns the key size
> in number of bits.
>
> While assigning keylen to kop.crk_param[3].crp_nbits is again
> multiplied by 8, which not required:
> kop.crk_param[3].crp_nbits = keylen * 8;
> keylen variable already containing the length of key in bits, so
> this statement should be like:
> kop.crk_param[3].crp_nbits = keylen; /* keylen is containing
> the number of bits, so we should not again multiply with 8 */
>
> 2) In case of "ioctl(fd, CIOCKEY, &kop)" returning success, 'dhret'
> value is not filled but the return value is expected by the caller as
> the length of key in bytes:
> "dhret = (keylen+7)/8;" statement may be required after ioctl
> condition.
>
> if (ioctl(fd, CIOCKEY, &kop) == -1) {
> const DH_METHOD *meth = DH_OpenSSL();
>
> dhret = (meth->compute_key)(key, pub_key, dh);
> }
> else
> dhret = (keylen+7)/8;
>
> I hope these issues get fixed in the next version.
Both problems and your fixes look good to me. I have made them in my local
tree and they will be in the next release,
Thanks,
Davidm
--
David McCullough, dav...@mc..., Ph:+61 734352815
McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
|
