From owner-freebsd-hackers@FreeBSD.ORG Fri Jul 18 22:58:17 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC0BF1065671 for ; Fri, 18 Jul 2008 22:58:17 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from smtp.lamaiziere.net (net.lamaiziere.net [91.121.44.19]) by mx1.freebsd.org (Postfix) with ESMTP id 769BE8FC0C for ; Fri, 18 Jul 2008 22:58:17 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from baby-jane.lamaiziere.net (27.6.192-77.rev.gaoland.net [77.192.6.27]) by smtp.lamaiziere.net (Postfix) with ESMTPA id 3EE64633657 for ; Sat, 19 Jul 2008 00:55:49 +0200 (CEST) Received: from baby-jane-lamaiziere-net.local (localhost [127.0.0.1]) by baby-jane.lamaiziere.net (Postfix) with ESMTP id 1705E56BA65 for ; Sat, 19 Jul 2008 00:58:15 +0200 (CEST) Date: Sat, 19 Jul 2008 00:58:13 +0200 From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= To: freebsd-hackers@freebsd.org Message-ID: <20080719005813.3a995c71@baby-jane-lamaiziere-net.local> Organization: /dave/nulle X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.9; i386-apple-darwin9.3.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: crypto(9) and maxoplen X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2008 22:58:17 -0000 Hello, In the "opencrypto framework" the function crypto_register() has an argument 'maxoplen'. http://fxr.watson.org/fxr/source/opencrypto/crypto.c#L625 Does somebody know what was the goal of this parameter? It is not used by the framework. The man page of crypto(9) says : For each algorithm the driver supports, it must then call crypto_register(). The first two arguments are the driver and algorithm identifiers. The next two arguments specify the largest possible operator length (in bits, important for public key operations) and flags for this algorithm. I'm asking if it can help for this problem: the glxsb driver can perform AES-CBC algorithm only with 128 bits key and may be 'maxoplen' was intended for this case. Without something to specify the key's length, the driver is selected by the framework even with keys != 128 bits. So it fails when the session is opened. This prevents setkey/ipsec to work with key length != 128 bits if the driver is loaded. Thanks, regards.