Question About Asymmetric Crypto
Hi, all Sorry for that I have to ask the question once more for asymmetric crypto. And another question is about FIPS. My problem is our SOC chip is the application processor, and provide the Crypto hardware engine with hash, symmetric crypto (aes, 3des, etc) and asymmetric crypto (PKCS-RSA, ECC, etc). We want use the Linux CryptoAPI to enable the crypto engine. But now Linux CryptoAPI has supported (a)hash and (a)blockcipher well, but can NOT support asymmetric crypto. So question is: Does Linux CryptoAPI will be a general crypto engine accelerator framework for Linux platform, or just only dedicated for Linux Kernel? Like the thread has discussed, http://osdir.com/ml/linux.kernel.cryptoapi/2007/msg00307.html, Some guys think that nobody wants to use RSA in the kernel, but if Linux CryptoAPI wants support user space (As Herbert has mentioned it in the September's conference), then the scenario is changing. For example, if the browsers use the OpenSSL, and OpenSSL can call the Linux CryptoAPI to get the HW acceleration, and eventually optimize its performance. So I want get more clearly for this point. Any comment is appreciated. Thanks a lot. Best Regards, Leo Yan Best Regards, Leo Yan Ext: 24880 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] crypto/testmgr: fix uninitialized warning from gcc
Since err is not set to a value if tcount is 0, gcc issues a warning: crypto/testmgr.c: In function ‘test_cprng’: crypto/testmgr.c:1204: warning: ‘err’ may be used uninitialized in this function Since this is test code, forcing initialized sanity should be fine. Signed-off-by: Mike Frysinger vap...@gentoo.org --- crypto/testmgr.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 7620bfc..90c4254 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1214,6 +1214,7 @@ static int test_cprng(struct crypto_rng *tfm, struct cprng_testvec *template, return -ENOMEM; } + err = 0; /* sanity in case tcount is 0 */ for (i = 0; i tcount; i++) { memset(result, 0, 32); -- 1.6.5.5 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] xfrm: Fix truncation length of authentication algorithms installed via PF_KEY
Commit 4447bb33f09444920a8f1d89e1540137429351b6 breaks installation of authentication algorithms via PF_KEY, as the state specific truncation length is not installed with the algorithms default truncation length. This patch initializes state properly to the default if installed via PF_KEY. Signed-off-by: Martin Willi mar...@strongswan.org --- net/key/af_key.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/net/key/af_key.c b/net/key/af_key.c index 84209fb..76fa6fe 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -1193,6 +1193,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, x-aalg-alg_key_len = key-sadb_key_bits; memcpy(x-aalg-alg_key, key+1, keysize); } + x-aalg-alg_trunc_len = a-uinfo.auth.icv_truncbits; x-props.aalgo = sa-sadb_sa_auth; /* x-algo.flags = sa-sadb_sa_flags; */ } -- 1.6.3.3 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 3/12] crypto: Correct size given to memset
From: Julia Lawall ju...@diku.dk Memset should be given the size of the structure, not the size of the pointer. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // smpl @@ type T; T *x; expression E; @@ memset(x, E, sizeof( + * x)) // /smpl Signed-off-by: Julia Lawall ju...@diku.dk --- crypto/gf128mul.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff -u -p a/crypto/gf128mul.c b/crypto/gf128mul.c --- a/crypto/gf128mul.c +++ b/crypto/gf128mul.c @@ -182,7 +182,7 @@ void gf128mul_lle(be128 *r, const be128 for (i = 0; i 7; ++i) gf128mul_x_lle(p[i + 1], p[i]); - memset(r, 0, sizeof(r)); + memset(r, 0, sizeof(*r)); for (i = 0;;) { u8 ch = ((u8 *)b)[15 - i]; @@ -220,7 +220,7 @@ void gf128mul_bbe(be128 *r, const be128 for (i = 0; i 7; ++i) gf128mul_x_bbe(p[i + 1], p[i]); - memset(r, 0, sizeof(r)); + memset(r, 0, sizeof(*r)); for (i = 0;;) { u8 ch = ((u8 *)b)[i]; -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html