Because:
1. if use %s, you can only request cryptd(<driver name>), not
cryptd(<alg name>), because generated new algorithm instance has
algorithm name: <alg name> and driver name cryptd(<driver name>).
2. Generated cryptd-ed algorithm will have the same algorithm name and
higher priority, but some user may not want to use cryptd-ed
version.
Signed-off-by: Huang Ying <[email protected]>
---
crypto/cryptd.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -215,7 +215,9 @@ static struct crypto_instance *cryptd_al
ctx->state = state;
- memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
+ if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
+ "cryptd(%s)", alg->cra_name) >= CRYPTO_MAX_ALG_NAME)
+ goto out_free_inst;
inst->alg.cra_priority = alg->cra_priority + 50;
inst->alg.cra_blocksize = alg->cra_blocksize;
On Wed, Jan 14, 2009 at 02:44:08PM +0800, Huang Ying wrote:
> Because:
>
> 1. if use %s, you can only request cryptd(<driver name>), not
> cryptd(<alg name>), because generated new algorithm instance has
> algorithm name: <alg name> and driver name cryptd(<driver name>).
This is intentional. For the purposes we talked about we should
be requesting cryptd(<driver name>), as otherwise you may end up
with someone else's AES algorithm as the base.
> 2. Generated cryptd-ed algorithm will have the same algorithm name and
> higher priority, but some user may not want to use cryptd-ed
> version.
The priority shouldn't be an issue in our case since the AES-NI
algorithm should register itself as an ablkcipher with an even
higher priority.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Wed, 2009-01-14 at 14:53 +0800, Herbert Xu wrote:
> On Wed, Jan 14, 2009 at 02:44:08PM +0800, Huang Ying wrote:
> > Because:
> >
> > 1. if use %s, you can only request cryptd(<driver name>), not
> > cryptd(<alg name>), because generated new algorithm instance has
> > algorithm name: <alg name> and driver name cryptd(<driver name>).
>
> This is intentional. For the purposes we talked about we should
> be requesting cryptd(<driver name>), as otherwise you may end up
> with someone else's AES algorithm as the base.
Current cryptd works well for AES-NI implementation. But how about
somebody want cryptd(cbc(aes)), and don't care about the driver.
> > 2. Generated cryptd-ed algorithm will have the same algorithm name and
> > higher priority, but some user may not want to use cryptd-ed
> > version.
>
> The priority shouldn't be an issue in our case since the AES-NI
> algorithm should register itself as an ablkcipher with an even
> higher priority.
Yes, not an issue for AES-NI case until now. But, for example there is
no aes-ni, if someone request cryptd(cbc(aes-asm)), other user will get
cryptd(cbc(aes-asm)) instead of cbc(aes-asm) when request cbc(aes), is
this a good behavior?
Best Regards,
Huang Ying
On Wed, Jan 14, 2009 at 03:01:51PM +0800, Huang Ying wrote:
>
> Current cryptd works well for AES-NI implementation. But how about
> somebody want cryptd(cbc(aes)), and don't care about the driver.
That's not an issue, if the user wants then all he has to do is
create cryptd(cbc(aes)) (how that is done is a different matter,
hopefully something that we will address as part of the user-space
API to crypto API), and then just using cbc(aes) will be sufficient.
In any case, the algorithm name has to be cbc(aes) for it to work,
since that is what it is.
> Yes, not an issue for AES-NI case until now. But, for example there is
> no aes-ni, if someone request cryptd(cbc(aes-asm)), other user will get
> cryptd(cbc(aes-asm)) instead of cbc(aes-asm) when request cbc(aes), is
> this a good behavior?
The idea is to allow user-space to control priorities in future
through a netlink interface. Then this simply becomes a matter
of system administration.
For now you simply don't create the cryptd object if you don't
intend to use it as the system default for that algorithm.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt