Date: Sat, 19 Jul 2008 00:58:13 +0200 From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= <patfbsd@davenulle.org> To: freebsd-hackers@freebsd.org Subject: crypto(9) and maxoplen Message-ID: <20080719005813.3a995c71@baby-jane-lamaiziere-net.local>
next in thread | raw e-mail | index | archive | help
Hello, In the "opencrypto framework" the function crypto_register() has an argument 'maxoplen'. http://fxr.watson.org/fxr/source/opencrypto/crypto.c#L625 Does somebody know what was the goal of this parameter? It is not used by the framework. The man page of crypto(9) says : For each algorithm the driver supports, it must then call crypto_register(). The first two arguments are the driver and algorithm identifiers. The next two arguments specify the largest possible operator length (in bits, important for public key operations) and flags for this algorithm. I'm asking if it can help for this problem: the glxsb driver can perform AES-CBC algorithm only with 128 bits key and may be 'maxoplen' was intended for this case. Without something to specify the key's length, the driver is selected by the framework even with keys != 128 bits. So it fails when the session is opened. This prevents setkey/ipsec to work with key length != 128 bits if the driver is loaded. Thanks, regards.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080719005813.3a995c71>