crypto(9) and maxoplen
Patrick Lamaizière
patfbsd at davenulle.org
Fri Jul 18 22:58:17 UTC 2008
Hello,
In the "opencrypto framework" the function crypto_register() has an
argument 'maxoplen'.
http://fxr.watson.org/fxr/source/opencrypto/crypto.c#L625
Does somebody know what was the goal of this parameter? It is not used
by the framework.
The man page of crypto(9) says :
For each algorithm the driver supports, it must then call
crypto_register(). The first two arguments are the driver and algorithm
identifiers. The next two arguments specify the largest possible
operator length (in bits, important for public key operations) and
flags for this algorithm.
I'm asking if it can help for this problem: the glxsb driver can
perform AES-CBC algorithm only with 128 bits key and may be 'maxoplen'
was intended for this case.
Without something to specify the key's length, the driver is selected
by the framework even with keys != 128 bits. So it fails when the
session is opened. This prevents setkey/ipsec to work with key
length != 128 bits if the driver is loaded.
Thanks, regards.
More information about the freebsd-hackers
mailing list